Asc3550p.sys trouvé comme virus ?

Ga -  
 gen-hackman -
Bonjour,

J'utilise win XP pack 3 et depuis qq temps, à certains démarrage, avast me trouve un virus situé ici : C:\WINDOWS\System32\Drivers\asc3550p.sys et quoique je sélectionne, ignoré ou supprimé, il me relance avec le meme message d'infection trouvée.

J'ai effectué un scan avast au démarrage qui me dit que tout est clean.

J'ai lancé Malwarebytes' Anti-Malware qui me trouve généralement un problème que je supprime à chaque fois.

J'ai essayé d'installer GMER mais à chaque fois, j'ai un rapport windows qui me dit que GMER a planté et qu'il faut envoyer un rapport à windows gnagnagna, sans résultat.

Je me retrouve désemparé...

Je vous poste un rapport HIJACKTHIS.

En espérant que vous pourrez m'aider... Au secours forum de commentcamarche.... Vous êtes mon seul espoir...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:55, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecofree.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4697B27-7F06-4F74-A803-F29C314AADA1}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9894 bytes
Configuration: Windows XP
Firefox 3.5.5

33 réponses

  • 1
  • 2
Résumé de la discussion

Le fil présente une détection virale sur Windows XP SP3, Avast signalant au démarrage un fichier suspect C:\WINDOWS\System32\Drivers\asc3550p.sys, alors que les scans ultérieurs restent incohérents et Malwarebytes peut supprimer des éléments.
Plusieurs outils et rapports alimentent la discussion, notamment GMER qui plante, HijackThis, OTL et RSIT, et des échanges sur le partage de rapports et sur les résultats obtenus après suppression de certains éléments.
D'autres échanges soulignent que les rapports intègrent des éléments du registre et des entrées de démarrage variables, ce qui complique le diagnostic et peut nécessiter un nettoyage approfondi et des scans synchronisés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    salut oui c'est un driver rootkit sensément

    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant scan all users

    ▶ règle-le sur "60 Days"

    ▶ dans la colonne de gauche , mets tout sur all

    ne modifie pas ceci :

    "files created whithin" et "files modified whithin"


    ▶Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt".
    0
    1. Ga
       
      Voilou pour le fichier OTL.txt :
      http://www.cijoint.fr/cjlink.php?file=cj200912/cijVai6XlB.txt

      Et le fichier Extra :
      http://www.cijoint.fr/cjlink.php?file=cj200912/cij7Cy5Yjb.txt
      0
  2. servabat Messages postés 2073 Statut Membre 269
     
    ok , je regarde ton log et je te dis quoi faire .
    0
    1. servabat Messages postés 2073 Statut Membre 269
       
      dsl gen-hackman j'avais pas vu que tu était dessus.
      ga , y a rien dans ton hijackthis.
      0
      1. Ga > servabat Messages postés 2073 Statut Membre
         
        Merci pour ta réponse ça me rassure mais qu'à moitié. Je préfèrerai qu'avast se trompe. Mais les scans effectués par malwarebyte révèlent à chaque fois qq chose
        0
      2. servabat Messages postés 2073 Statut Membre 269 > Ga
         
        dsl , mais ce n'est pas pour te rassurer , c'est que comme hijackthis n'est plus mis a jour , il ne detecte pas tout . il fau utiliser rsit :
        => telecharge RSIT sur ton bureau
        => fait un clic droit sur l'icone d'RSIT sur ton bureau (rsit.exe) et choisis executer en tant qu'administrateur .
        => Au demmarage , ne touche pas au options et apuis sur "continue"
        => Rsit se lance et demande l'installation d'hijackthis. Accepte, car il generera un log a partir d'hjt.
        => deux "bloc notes" apparaisent (info.txt et log.txt) et ensuite , Copie colle les deux dans un post dans ce sujet.
        0
      3. Ga > servabat Messages postés 2073 Statut Membre
         
        le log :
        Logfile of random's system information tool 1.06 (written by random/random)
        Run by Propriétaire at 2009-12-10 14:33:06
        Microsoft Windows XP Édition familiale Service Pack 3
        System drive C: has 21 GB (11%) free of 194 GB
        Total RAM: 1535 MB (44% free)

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 14:33:10, on 10/12/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
        C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
        C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\System32\FTRTSVC.exe
        C:\Program Files\Sandboxie\SbieSvc.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
        C:\Program Files\Sandboxie\SbieCtrl.exe
        C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Sandboxie\SandboxieRpcSs.exe
        C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
        C:\Program Files\Trend Micro\HijackThis\Propriétaire.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecofree.org/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
        O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
        O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
        O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
        O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
        O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
        O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
        O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
        O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
        O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
        O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
        O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
        O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
        O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
        O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
        O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{F4697B27-7F06-4F74-A803-F29C314AADA1}: NameServer = 192.168.1.1
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
        O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
        O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
        O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        0
  3. Ga
     
    Au fait, je sais pas si c'est lié, mais zone alarm me demande d'autoriser exporer.exe à se connecter à internet régulièrement. J'ai un petit réseau chez moi mais la demande se fait presque au démarrage de windows.
    je trouve ça quand meme bizarre non ?
    0
  4. gen-hackman
     
    dis-moi servabat à quoi tu joues ?
    0
    1. servabat Messages postés 2073 Statut Membre 269
       
      ???
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    Ga :

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

    ▶ Télécharge List&Kill'em et enregistre le sur ton bureau

    ▶ dezippe-le , (clic droit/ extraire.....)

    Il ne necessite pas d'installation

    ▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant

    ▶ Poste le contenu du rapport qui s'ouvre

    0
  7. Ga
     
    C'est quoi le pb avec servabat ??

    Je suis entrain de faire le scan.

    Je le post dès qu'il est fini
    0
  8. Ga
     
    List'em by g3n-h@ckm@n 1.1.4.1

    Thx to Chiquitine29.....& CCM team

    User : Propriétaire (Administrateurs) # PC-DE-GA
    Update on 09/12/2009 by g3n-h@ckm@n ::::: 17:00
    Start at: 16:49:55 | 10/12/2009
    Contact : g3n-h@ckm@n sur CCM

    AMD Athlon(tm) 64 Processor 3500+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : avast! antivirus 4.8.1368 [VPS 091210-0] 4.8.1368 [ Enabled | Updated ]
    FW : ZoneAlarm Firewall[ Enabled ]9.1.007.002

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 189,91 Go (20,33 Go free) [Disque local] | NTFS
    D:\ -> Disque CD-ROM | 4,37 Go (0 Mo free) [300] | UDF
    E:\ -> Disque fixe local | 115,04 Go (21,65 Go free) [Baby] | NTFS
    F:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe 924
    C:\WINDOWS\system32\csrss.exe 992
    C:\WINDOWS\system32\winlogon.exe 1020
    C:\WINDOWS\system32\services.exe 1064
    C:\WINDOWS\system32\lsass.exe 1076
    C:\WINDOWS\system32\svchost.exe 1260
    C:\WINDOWS\system32\svchost.exe 1352
    C:\WINDOWS\System32\svchost.exe 1404
    C:\WINDOWS\system32\svchost.exe 1532
    C:\WINDOWS\system32\svchost.exe 1580
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe 1808
    C:\WINDOWS\Explorer.EXE 304
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 760
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 776
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 804
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe 816
    C:\Program Files\Alwil Software\Avast4\ashServ.exe 904
    C:\WINDOWS\System32\FTRTSVC.exe 1768
    C:\Program Files\Sandboxie\SbieSvc.exe 1796
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 636
    C:\WINDOWS\system32\wbem\unsecapp.exe 1304
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2168
    C:\WINDOWS\System32\alg.exe 2292
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2472
    C:\WINDOWS\SOUNDMAN.EXE 2556
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 2600
    C:\WINDOWS\system32\RUNDLL32.EXE 2736
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 2900
    C:\WINDOWS\system32\ctfmon.exe 3024
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe 3044
    C:\Program Files\Sandboxie\SbieCtrl.exe 3056
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe 3136
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe 3164
    C:\WINDOWS\System32\svchost.exe 700
    C:\WINDOWS\system32\wuauclt.exe 968
    C:\WINDOWS\system32\wuauclt.exe 484
    C:\WINDOWS\system32\wuauclt.exe 800
    C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe 3744
    C:\Program Files\Sandboxie\SandboxieRpcSs.exe 1732
    C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe 2492
    C:\Program Files\Mozilla Firefox\firefox.exe 3688
    C:\Documents and Settings\Propriétaire\Bureau\List_Kill'em.exe 840
    C:\WINDOWS\system32\cmd.exe 1320
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2996
    C:\Documents and Settings\Propriétaire\Local Settings\Temp\3D.tmp\pv.exe 3668

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    RocketDock REG_SZ "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    SandboxieControl REG_SZ "C:\Program Files\Sandboxie\SbieCtrl.exe"
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    EasyTuneV REG_SZ C:\Program Files\Gigabyte\ET5\GUI.exe
    SoundMan REG_SZ SOUNDMAN.EXE
    Ad-Watch REG_SZ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k
    Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    ISW REG_SZ "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_BINARY 95000000

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe REG_SZ C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam
    C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
    C:\Program Files\Valve\Steam\SteamApps\gayell\counter-strike source\hl2.exe REG_SZ C:\Program Files\Valve\Steam\SteamApps\gayell\counter-strike source\hl2.exe:*:Enabled:hl2
    C:\Program Files\Valve\Steam\SteamApps\gayell\half-life 2 deathmatch\hl2.exe REG_SZ C:\Program Files\Valve\Steam\SteamApps\gayell\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
    C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\WINDOWS\system32\PnkBstrA.exe REG_SZ C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
    C:\WINDOWS\system32\PnkBstrB.exe REG_SZ C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe REG_SZ C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Disabled:Assassin's Creed Dx10
    C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe REG_SZ C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Disabled:Assassin's Creed Dx9
    C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe REG_SZ C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Disabled:Assassin's Creed Update
    C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
    C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe REG_SZ C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Disabled:Battlefield 2
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
    C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe REG_SZ C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Disabled:Crysis_32
    C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe REG_SZ C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Disabled:CrysisDedicatedServer_32
    C:\Program Files\Defcon\defcon.exe REG_SZ C:\Program Files\Defcon\defcon.exe:*:Disabled:Defcon
    C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe REG_SZ C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Disabled:Editeur
    C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe REG_SZ C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Disabled:Far Cry 2
    C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe REG_SZ C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Disabled:Far Cry 2 Updater
    C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe REG_SZ C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Disabled:GPGNet - Supreme Commander
    C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat REG_SZ C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Disabled:La Bataille pour la Terre du Milieu ™ II
    C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Disabled:La Bataille pour la Terre du Milieu™
    C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe REG_SZ C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Disabled:STREET FIGHTER IV
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe REG_SZ C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    ===============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ http://www.ecofree.org/

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    190 Go total, 20,33 Go libre (10%), 34% fragment‚ (fragmentation du fichier 69%)

    Vous devriez d‚fragmenter ce volume.

    ==========
    Programs
    ==========

    7-Zip
    AC3Filter
    ACD Systems
    Adobe
    adslTV
    AGEIA Technologies
    Ahead
    Alcohol Soft
    Alwil Software
    Apple Software Update
    ARPR
    AvRack
    BestGameEver
    Bethesda Softworks
    BitTorrent
    Bonjourno
    Canon
    CAPCOM
    CCleaner
    CheckPoint
    City Interactive
    ComPlus Applications
    CureROM
    Cyanide
    Defcon
    DivX
    DOSBox-0.70
    DreamCatcher
    EA GAMES
    Eidos
    Electronic Arts
    eMule
    Fichiers communs
    Foreignword
    Free
    Funcom
    Futuremark
    GameShadow
    GameSpy
    GIGABYTE
    Google
    GRETECH
    honestech Video Editor 7.0 Trial
    id Software
    Illustrate
    InstallShield Installation Information
    Internet Explorer
    Java
    jv16 PowerTools
    KONAMI
    Lavalys
    Lavasoft
    Lexmark X1100 Series
    LG PC Suite 2
    Malwarebytes' Anti-Malware
    Messenger
    Microsoft
    Microsoft CAPICOM 2.1.0.2
    microsoft frontpage
    Microsoft Games for Windows - LIVE
    Microsoft Office
    Microsoft Silverlight
    Microsoft SQL Server Compact Edition
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSN
    MSN Gaming Zone
    MSXML 6.0
    Musetools
    NetMeeting
    NVIDIA Corporation
    Online Services
    Outlook Express
    PC Inspector File Recovery
    PIXELA
    Plextor
    PokerStars
    PokerStars.NET
    Postal2STP
    QuickTime
    Razer
    Real
    Real Alternative
    Realtek AC97
    Realtek Sound Manager
    Reference Assemblies
    RocketDock
    Rockstar Games
    SAGEM
    SAGEM WiFi manager
    Sandboxie
    Secret Of Monkey Island SE
    Services en ligne
    Sierra
    Sony
    Sony Corporation
    Steinberg
    SysShield Tools
    Teamspeak2_RC2
    Telltale Games
    TGTSoft
    Trend Micro
    Ubisoft
    Uninstall Information
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter
    Valve
    VideoLAN
    VOB
    Wanadoo
    Winamp
    WinAVI VideoConverter
    Windows Live
    Windows Live SkyDrive
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    Windows TaskAd
    WindowsUpdate
    WinMPG Video Convert
    WinRAR
    xerox
    Zone Labs

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\WINDOWS\patch.exe
    C:\WINDOWS\System32\_000007_.tmp.dll
    C:\WINDOWS\System32\_000009_.tmp.dll
    C:\WINDOWS\System32\drivers\etc\hosts.msn
    C:\WINDOWS\system32\drivers\Sonyhcp.dll
    C:\WINDOWS\System32\SET10D.tmp
    C:\WINDOWS\System32\SET10E.tmp
    C:\WINDOWS\System32\SET10F.tmp
    C:\WINDOWS\System32\SET11.tmp
    C:\WINDOWS\System32\SET111.tmp
    C:\WINDOWS\System32\SET115.tmp
    C:\WINDOWS\System32\SET117.tmp
    C:\WINDOWS\System32\SET119.tmp
    C:\WINDOWS\System32\SET11A.tmp
    C:\WINDOWS\System32\SET11C.tmp
    C:\WINDOWS\System32\SET11D.tmp
    C:\WINDOWS\System32\SET14C.tmp
    C:\WINDOWS\System32\SET150.tmp
    C:\WINDOWS\System32\SET158.tmp
    C:\WINDOWS\System32\SET166.tmp
    C:\WINDOWS\System32\SET1A0.tmp
    C:\WINDOWS\System32\SET1A2.tmp
    C:\WINDOWS\System32\SET1AD.tmp
    C:\WINDOWS\System32\SET1B6.tmp
    C:\WINDOWS\System32\SET23.tmp
    C:\WINDOWS\System32\SET36.tmp
    C:\WINDOWS\System32\SET38.tmp
    C:\WINDOWS\System32\SET3C.tmp
    C:\WINDOWS\System32\SET45.tmp
    C:\WINDOWS\System32\SET46.tmp
    C:\WINDOWS\System32\SET4F.tmp
    C:\WINDOWS\System32\SET50.tmp
    C:\WINDOWS\System32\SET51.tmp
    C:\WINDOWS\System32\SET54.tmp
    C:\WINDOWS\System32\SET5A.tmp
    C:\WINDOWS\System32\SET5D.tmp
    C:\WINDOWS\System32\SET66.tmp
    C:\WINDOWS\System32\SET69.tmp
    C:\WINDOWS\System32\SET75.tmp
    C:\WINDOWS\System32\SET78.tmp
    C:\WINDOWS\System32\SET8D.tmp
    C:\WINDOWS\System32\SET91.tmp
    C:\WINDOWS\System32\SET99.tmp
    C:\WINDOWS\System32\SETA6.tmp
    C:\WINDOWS\System32\SETB3.tmp
    C:\WINDOWS\System32\SETBB.tmp
    C:\WINDOWS\System32\SETBD.tmp
    C:\WINDOWS\System32\SETBE.tmp
    C:\WINDOWS\System32\SETC9.tmp
    C:\WINDOWS\System32\SETD0.tmp
    C:\WINDOWS\System32\SETD4.tmp
    C:\WINDOWS\System32\SETD5.tmp
    C:\WINDOWS\System32\SETD6.tmp
    C:\WINDOWS\System32\SETD7.tmp
    C:\WINDOWS\System32\SETDC.tmp
    C:\WINDOWS\System32\SETE2.tmp
    C:\Documents and Settings\Propri‚taire\Application Data\GDIPFONTCACHEV1.DAT
    C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
    C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\ubiB.tmp.exe

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{D4027C7F-154A-4066-A1AD-4243D8127440}"
    "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    HKLM\System\CurrentControlSet\Services\asc3550p

    =========
    Rootkits
    =========

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-10 16:57:50
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,50,dc,76,00,00,00,00,00,f0,ff,ff,ff,20,e0,76,00,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,c0,9b,03,00,38,6e,59,00,f0,ff,ff,ff,20,d0,79,00,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:b5,ac,92,37,06,4e,b2,c4,d4,6c,aa,82,bc,34,0e,8e,f4,97,92,82,92,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,58,7f,0c,00,34,33,0c,00,78,ff,ff,ff,50,00,43,00,49,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,e8,54,6a,00,00,00,00,00,f0,ff,ff,ff,20,f0,7d,00,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,60,c9,6b,00,00,00,00,00,a8,ff,ff,ff,6e,6b,20,00,66,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,b0,22,76,00,6f,00,6f,00,f0,ff,ff,ff,20,50,83,00,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,e8,27,87,00,00,00,00,00,f0,ff,ff,ff,20,30,87,00,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,20,eb,7d,00,00,00,00,00,f0,ff,ff,ff,20,f0,8a,00,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,00,5d,65,00,a8,66,65,00,f8,ff,ff,ff,e8,57,65,00,a0,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Session Manager]
    "PendingFileRenameOperations"=str(7):"d\3˜\0\xe2d0\xe465\xfff0\xffff\0\0\0\0\0\xffe0\xffffv\4\4\xffff\xffff\2\0\0è\0\xffff\xffff\0\0\0\0\26\0\xb8\0\0\0\n\0Prmtr\0\0\0\xffd8\xffffv\nD\0(\0\2\0\1\0Sriel\0\0\0¸\xffff%SystemRoot%\System32\termsrv.dll\0\xffd8\xffffv\v\xb8\0˜\0\3\0\1xCriiaeb\1\xff40\xffff\1\0\1\0\1\0\6\RAH\0LM>¥\xece9µ\xf640¾N\x3325#\xdb1d+\x251e¦\xaae1'‹m\xfe4ck\xf4fc¹Xå\0\0\0\0\bHÚ\x303f{\x59c6Í'K\x1c8e\x2aa9‚\º\x2d87\x6f1\xde46ŽÖ)Œ¬Ç\xd893õR>–\0\0\0\0\0\0 \xffffn \xea40éÅ\0\0\0\0\0\0\0\xffff\xffff\xffff\xffff\20\0à\0è\0\xffff\xffff\0\0\0\0.\0(\0\1\0\v\0Promne\0\0\xffe0\xffffv\5\34\0Ø\0\1\0\1\0Coe\0\xffe0\xffffCloseTSObject\0\xffd8\xffffv\17\4TVICHW32\0\0\xffe0\xffffv\4\32\0Ð\0\1\0\1\0Oe\0\0\xffe0\xffffOpenTSObject\0\0\xffe0\xffffv\a\26\0\0\1\0\1\0Lbay\xffe0\xffffperfts.dll\0\0\0\0\xffe0\xffffv\b\xa8\0ø\x83\3\0\1rScrt\xffd8\xffffv\f\4\0\1\0Ls ep\0\0\0\xffd8\xffffv\f\4ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\6\2\0\0\0\0\0\0\b\0=r\x2af1ѶA]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0v\e€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõf\2\0\0\0\0\0\0\b\0\x1aa0\xe70f\xab8bÏŒ\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\2\0\20\0\20\0\1\0\6\0\0\0\0\0\0\0\0\0\0\0MSAFD Tcpip [TCP/IP]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0iu€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\x609\2\0\0\0\0\0\0\b\0\x1aa0\xe70f\xab8bÏŒ\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0g\xf33d \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0È\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\4\0\f\0\x3030\x3030\x3030\x3030\x30300(\1\xfff8\xffff\xa908\0 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0 \0`\37\xffff\xffff\0\0\0\0"\0\x378\0\t\0\f\0\x3030\x3030\x3030\x3030\x3030\x3031\2\3\0\1\17PceCtlgtm\0\1\0\xfff0\xffffl\1\xaba0\0\xdd05Q\xfff0\xffff \0\xffe8\xffff7-1-2001\0\0\xffd0\xffffv\21\x378\0 \0\3\0\1\0PceCtlgtm\0\xa4f8\0\xfff8\xffff@\0\xfff0\xffff`.¨/¨/\xffe0\xffffv\4\4ahrt \xffd8\xffffv\v\16\0@\0\1\0\1IDslyaela\xffe8\xffffhuadio\0002\S\xffd0\xffffv\21\x378\0 \v\3\0\1cPceCtlgtm\0\x27c5c \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xa8f8\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\22\0\f\0\x3030\x3030\x3030\x3030\x30301\x27ecc \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0ð\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\f\0\f\0\x3030\x3030\x3030\x3030\x3030\x3331\1\0\xffd0\xffffv\21\x378\0p\4\3\0\1\xffffPceCtlgtm\0\1\0\xffd8\xffffv\f\4\0\0\0\xffff\xffff\xffff\xffff\a\0H\0€\6\xffff\xffff\16\0\0\0\30\0N\0\0\0\4\0\x3030\x3030ri\xffe0\xffffv\6\4ÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0`\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\b\0\f\0\x3030\x3030\x3030\x3030\x30300\0\x500 \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xa4f0\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\t\0\f\0\x3030\x3030\x3030\x3030\x3030\x3031\xef8eÄ\xffd0\xffffv\21\x378\0\xe020\0\3\0\1\x81PceCtlgtm\0˜\0 \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0¨\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\n\0\f\0\x3030\x3030\x3030\x3030\x30301`\0\xffd0\xffffv\21\x378\0\xe3a0\0\3\0\1\0PceCtlgt\x306d0Ð\0\xffd0\xffffv\21\x378\0\xe720\0\3\0\1\0PceCtlgt\x306d0\x27c5c\xfff8\xffff\xa9d0\0\xfff8\xffff\xaa60\0¨\xffffn âàxÇ\0\0¨b\1\0\0\0°\0\xffff\xffff\a\0\0è\0\xffff\xffff\20\0\0\0\30\0\x8e\0\xa8\0\5\0NScM\xffe0\xffffv\4\4\4\0\1xTp!\\xffe0\xffffv\5\4DIA Display Driver Service\0¨\xffffn \xe5acêxÇ\0\0à\0\0\0\0\0\xffff\xffff\xffff\xffff\1\0¸\08\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xffe0\xffffv\b\xa8\0\0\3\0\0010ScrtP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24ÿ\17\0\0\0\0\x500\22\0\0\30ÿ\17\0\0\x500 \0\x220\0\0\24\2\0\0\x500\v\0\0\30ý\2\0\0\x500 \0#\0\0\0\x500\22\0\0\0\x500\22\0tu\xfff8\xffffè\0\xffd8\xffffv\n\30\0è\0\1\0\1:OjcNmOWS\xffe0\xffffLocalSystem\0ic\xffe0\xffff8\0X\0x\0 \0(\0À\0(\0\xffd8\xffffv\v\x8e\0P\0\1\0\0010DsrpinMP\xff68\xffffProvides system and desktop level support to the NVIDIA display driver\000128 \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0010\0al\xfff0\xffffpci\0\0\0\xffd0\xffffv\21\x378\0Ø\0\3\0\1TPceCtlgtmpci\0Ð\0\xfff8\xffff\xa968\0\xfff8\xffffh\0\xfff8\xffffÀ\0°\xffff\??\C:\WINDOWS\system32\huadio.tmp\0e44¨\xffffn ´]pÇ\0\0¨\0\0\0\0\0\xffff\xffff\xffff\xffff\1\0à\08\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xffe0\xffffv\b\xa8\0 \0\3\0\1\0Scrt\xffe0\xffffv\a\16\0¸\0\1\0\1\4Srie\xfff0\xffff\x2020\x8a\x3020}\xe020\x89\xfff8\xffff@\0 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0¨\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\n\0\f\0\x3030\x3030\x3030\x3030\x30301ot \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0à\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\v\0\f\0\x3030\x3030\x3030\x3030\x3030\x3231su\xffe0\xffffv\b\4v\21\x378\0\xd8c8\2\3\0\1BPceCtlgtm\0H\0\xffd8\xffffv\f\b\0F8753ED1}\0\x500\22\0\xffd8\xffffv\n\16\00\0\1\0\1\0DvcDs\0\0\x500\xffe8\xffffhuadio\0\x500 \0\xffe0\xffffx\0¨\0(\0È\0ˆ\0\0\0\xffd0\xffffv\21\x378\0 \0\3\0\1cPceCtlgtm\0\x27c5c\xfff8\xffff\xaaf0\0\xfff8\xffffÀ\0\xfff8\xffffH7 \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\v\0\f\0\x3030\x3030\x3030\x3030\x3030\x3231\x27e6c \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\00\0è\0\xffff\xffff\0\0\0\0"\0\x378\0 \0\f\0\x3030\x3030\x3030\x3030\x30301\x27e6c\xffd0\xffffv\21\x378\0\x2b88 \3\0\1cPceCtlgt\xab6d\0\x27ecc\xffd0\xffffv\21\x378\0 \1\3\0\1\0PceCtlgt\x306d\x3031\f\0 \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0Ð\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\r\0\f\0\x3030\x3030\x3030\x3030\x30301eC\xfff8\xffffp\0\b\0\xa950\0\xffe0\xffffv\b\4pblte\xffff\xffff\xffe0\xffffMC10A.Device\0H\xfff8\xffff@\x93\xfff0\xffffpci\0\x4dc8\2 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0ø\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\21\0\f\0\x3030\x3030\x3030\x3030\x30301v\e(\xffffl\26P\0\x27c1c\x18b0\0\x27c2cà\0\x27c3cè\0\x27c4cH\0\x27c5cÈ\0\x27c6cX\0\x27c7cè\0\x27c8c¨\0\x27c9c\0\x27e5c°\0\x27e6c\0\x27e7cè\0\x27e8c\xa718\0\x27e9c\xa778\0\x27eac\xa7d8\0\x27ebc\xa868\0\x27eccp\0\x27edcˆ\0\x27eecØ\0\x280ach\0\x280bc\x2a78\r\x280cco\0\08\0v\32\4\0\x2378\r\3\0\0016PceCtlgtm454 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x9ff8\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\24\0\f\0\x3030\x3030\x3030\x3030\x30302v\31\xffd0\xffffv\21\x378\0\x26f8\r\3\0\1\x206bPceCtlgtm\0\1.\xfff8\xffff\x9fc8\0hi6\xa8\x238\26\x238\26\0\0\0\0\0\0\0\0\0\0\0\0\5\5\xa7 \26 \26\0\0\0\0\0\0\0\0\0\0\0\0\t\n¢\xfe40Ü\6\2\0\0\0\0\0\0\b\0=r\x2af1Ѷ\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\0\xffd0\xffffv\21\x378\0\xf3a0\2\3\0\1OPceCtlgtme D\xffd0\xffffv\22\x86\0\xfb08\0\1\0\1\0SseSatpin\0\0\0 \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xffff\1\0˜\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\6\0\f\0\x3030\x3030\x3030\x3030\x30300Qj\xfff0\xffffH\35\xff40\34\xd950\34\xfff8\xffffà\0¨\xffffn VTÊ\0\0\x20485\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffffè\0\xffff\xffff\0\0\0\0\0\0\0\0*\0\4\0\x3030\x3234ED \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0042\0\0\0¨\xffffn VTÊ\0\0\x20485\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffffè\0\xffff\xffff\0\0\0\0\0\0\0\0+\0\4\0\x3030\x3334\0\0\xffe0\xffffv\a\b\0ˆ\0\1\0\1\2Srie \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0p\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\a\0\f\0\x3030\x3030\x3030\x3030\x30300n  \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0 \0è\0\xffff\xffff\0\0\0\0"\0\x378\0\f\0\f\0\x3030\x3030\x3030\x3030\x3030\x3331\x27e6c\xffe8\xffffscecli\0\0\0\0\xffe8\xffffoem4.inf\0\0 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0è\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\r\0\f\0\x3030\x3030\x3030\x3030\x30301˜\0 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\16\0\f\0\x3030\x3030\x3030\x3030\x30301\x2e3e6 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\17\0\f\0\x3030\x3030\x3030\x3030\x30301\1\0\xffd0\xffffv\21\x378\0 \5\3\0\1uPceCtlgtm\0 \0 \xffffn Ì\x2885\x664Ç\0\0\xf138i\0\0\0\0\xffff\xffff\xffff\xffff\1\0ð\0`\37\xffff\xffff\0\0\0\0"\0\x378\0\20\0\f\0\x3030\x3030\x3030\x3030\x30301oe\xffd0\xffffv\21\x378\0ð\b\3\0\1.PceCtlgtmeou\xfff8\xffff¨\0\xfff8\xffff8\0\xffd0\xffffv\21\x378\0 \0\3\0\1rPceCtlgtmomp\xffe8\xffffl\2Ø\2d\x29c4\x4df0\2\xe918H\xffe8\xffffv\0\34\0\x2800\1\1\0\0\0\xffd0\xffffv\21\x378\0 \0\3\0\1sPceCtlgtm\0 \0\xffc8\xffffv\e¢\0\0 \1\3\0\1\x81PceCtlgtm\0Ø\0 \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0Ø\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\16\0\f\0\x3030\x3030\x3030\x3030\x30301è\0\xffd0\xffffv\21\x378\0\x1720\1\3\0\1cPceCtlgt\xaa6d\0\x27edc \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0˜\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\17\0\f\0\x3030\x3030\x3030\x3030\x30301\x27edc\xffd0\xffffv\21\x378\0\x3020\1\3\0\1\0PceCtlgt\x306d\x3331è\0 \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0 \0è\0\xffff\xffff\0\0\0\0"\0\x378\0\20\0\f\0\x3030\x3030\x3030\x3030\x30301\xa4e0\0\xffe0\xffffv\6°\0˜\21\3\0\1\32le\x3034D \xffffn \xfa9c\xdb5b‘Ê\0\0p\0\2\0\1\0˜\22 \n\0x\34€\6\xffff\xffff"\0\0\0\32\0X\0\0\0\v\08\x30377fa6\f\0¨\xffffn \xeba4§Ê\0\0\xaba0\0\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff€\6\xffff\xffff\0\0\0\0\0\0\0\0\1\0\a\0Lgof\xffd8\xffffV1394\NIC1394\0\0\0\0\0\xffd8\xffffv\r\36\0€\0\a\0\1\x3030CmailIs\0\xfff8\xffffp\0\xfff0\xffffl\1\0\xe2d0\xe465\xffd0\xffffv\21\x378\0h\1\3\0\1cPceCtlgtm\0\x280ac \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0X\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\21\0\f\0\x3030\x3030\x3030\x3030\x30301\x280ac(\xffffl\26\x1400\0\x27c1cø\0\x27c2cX\0\x27c3c¸\0\x27c4c \0\x27c5c \0\x27c6c€\0\x27c7c\xa628\0\x27c8c \0\x27c9c€\0\x27e5c\0\x27e6c°\0\x27e7c\xa688\0\x27e8cÐ\0\x27e9c\xaa00\0\x27eac\xaa90\0\x27ebc\xab20\0\x27eccð\0\x27edc\0\x27eec€\0\x280ac\34\x280bc\xe130\34\x280cc0\16\x280ec0\16\x280ec#\x2810c#\x2810c\xffd0\xffffv\21\x378\0°\1\3\0\1\0PceCtlgtm\0\x378\0\xfff8\xffff(\0\xfff0\xffff\xa950\0\x29e8\1\0\0¨\xffffn \xeba4§Ê\0\0Èi\1\0\0\0˜\0\xffff\xffff\0\0\xffff\xffff€\6\xffff\xffff\26\0\0\0\0\0\0\0\0\0\a\0NC34\xffd8\xffffv\f\4\x206bHrwrIacD\xffd8\xffffv\n$\0X\0\a\0\1NHrwrI\0À\0\xffd8\xffffv\r\b\0\xe4d8\21\1\0\1\0IfetoEt\5\xffd8\xffffv\r\0°\0\a\0\1rCmailIs \xfff8\xffffÐ\0\xfff0\xffff \2\xddb0\2\xa6c0\x2586¨\xffffn Ü\xa6fewÇ\0\0¨b\1\0\0\0¸\0\xffff\xffff\5\0€\0è\0\xffff\xffff\20\0\0\0\30\0F\0^\0\6\0hai\bhið\2\1\0\1\24DvcDs\0\0\0\xffc0\xffffv&\4\0\x1a00\30\0+\x3080+\x32d8+\x30f0+\xdec8\0001}\xffd8\xffffv\f\4-\x3241\x2d449B\x302d0A\x324619B\0\xffd8\xffffv\16\4Ü \0\x1736¢P\37&\xf704@LÄ\xeb8a([7ˆ\17f\1&E¹ \0±1˜\nT\xe7c2à\17‰\xf7d48\0Pilotes non Plug-a\xffe0\xffffv\5L\0\xf1d0\1\1\0\1\0CSD\0\xffe0\xffffv\5L\0X\2\1\0\1\0CSD\0\xffd0\xffffv\30\f\0\0\1\0\1\0WiTKlSrieieu\xffd0\xffffatapi_Inst_primary\00032\\xffe0\xffffv\6\b\0H\0\3\0\1\0Bud\0\xfff8\xffff°\0 \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0046\0\x280cc\xff88\xffffn ˆ™Ê\0\0\xe230]\1\0\0\0\xdf00\0\xffff\xffff\0\0\xffff\xffff€\6\xffff\xffff\36\0\0\0\0\0\0\0\24\0(\0VN\x3031D&E\x305f0\x2645SBY_\x3030\x31304\x2638RV\x3241\xfff0\xffff1\0\0\n\xe918H\xfff8\xffff¸\0\xffd8\xffffv\f\4 ˆ™Ê\0\0 \0\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff€\6\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof\xfff0\xffffl\105\x3335\x3236C\0\xfff8\xffffx\0 \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0044\0nv\xffe8\xffffl\250\x81\xfff8\xffff\xdd30\0\xfff0\xffff\3`\3`\3°\xffffBus PCI 0, périphérique 0, fonction 0\0¨\xffffn \x29c6“†Ê\0\08x\1\0\0\0\0\xffff\xffff\1\0è\0è\0\xffff\xffff<\0\0\0\34\0\4\0\2\0\5\0Stp\6\xffe0\xffffv\a\4\2\xb70\3\x25d0\3\xfff8\xffffà\0\xfff0\xffff\x80\0\0\0\0\0€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\x609\2\0\0\0\0\0\0\f\0\x1aa0\xe70f\xab8bÏŒ\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0itØ\xffffPCI\VEN_10DE&DEV_005E&SUBSYS_50001458&REV_A2\0PCI\VEN_10DE&DEV_005E&SUBSYS_50001458\0PCI\VEN_10DE&DEV_005E&CC_058000\0PCI\VEN_10DE&DEV_005E&CC_0580\0\0\xfff0\xffffl\1˜\0t\xf4e9\xffe0\xffffv\a\4CI\CC_0580\0\0_01\xffd8\xffffv\n$\0ˆ\0\a\0\1\0HrwrI\0\\x1c19\xfff0\xffff1\0\0\f€\fhi1\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\x2609\2\0\0\0\0\0\0\b\0\xa9e0`\x337aн\0Àæí\0\1\0\xf884—\xf87c—ˆ—X€\0 W°—\6\0\2\0\20\0\20\0\2\0\21\0\0\0\0\0\0\0»\0\0\0RSVP UDP Service Provider\0\1\0ä—\1\0(\0\0\xfb3d‘€—\0\0\0X\0\x6eb’\1\0X—\1\0\0\0(\0\x2430\x2ea\xf1d4—\0\0\x2918à¸\x2d1\34\0\0EM\Curre\f\0\34\0ˆ\34\0Ö’–’F.€\xffffytmo\x2574\yt\x336d2rvs.l\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\x2066\2\0\0\0\0\0\0\b\0\xa9e0`\x337aн\0Àæî\0\1\0ˆ\34\0\34\b\0\0\0\0\34~\0\x2410\x2ea\6\0\2\0\20\0\20\0\1\0\6\0\0\0\0\0\0\0\0\0\0\0RSVP TCP Service Provider\0ˆ\34\0\0\20\0P—¸\x\34à\34ô—\0\34\b\0\0\0(—\xd5c’\0\34\0Ã\0\0\x25c8\x2f4\xd5c’\0\34\xe91’\x608\34m’À\0\0\b\0\0Ã\x2418\x2ea\x318\34\3\0\x25d0\x2f4\3\0\6\0À\x318\34\x2800\x2eaXö \34È*à\34\0\0 \0È*\f\0\b\0\34\0\0\x2800\x2ea<—F’J\0\x2800\x2ea\0\34\x2410\x2ea\0\34\0\34x\34—\xe91’\x608\34m’\x2a18\x2fa\0\0L \0Ã\xd7c0Ú\x2410\x2eax\34\0\0\x2418\x2ea\0\0\0\0\0\0x\34\0\0\x2390îÜ—\xd89dÚ€\0¸—\3\0\x2418\x2ea\xd8afÚ\x2398îð\0L \f\16<W\0\0¬—L \0\0\x2a18\x2fa—l‘q‘\x2a18\x2fa\0\0L à—X\0\xff88\xffffn .—Ê\0\0\xe230]\1\0\0\0€\0\xffff\xffff\0\0\xffff\xffff€\6\xffff\xffff\36\0\0\0\0\0\0\0\a\0(\0VN\x3031D&E\x305f0\x2632SBY\x305fC14\x2638RV\x3241 \xffffn T\xd9ae‘Ê\0\0 \0\2\0\1\0\xefc8\1Ø\n\0@\2€\6\xffff\xffff"\0\0\0&\0$\0\0\0\17\0\x263321ef&&9\xffd0\xffffv\23L\0(\0\1\0\1\1LctoIfrain\xffff\xecff°\xffffBus PCI 0, périphérique 1, fonction 1\0¨\xffffn .—Ê\0\0˜\0\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x7d8\0€\6\xffff\xffff\0\0\0\0"\0h\0\1\0\a\0Lgof\xffd0\xffffv\21h\0\xee38\0\n\0\1aBscofgetr\0¨\0\xffe0\xffffv\b\410DE&DEV_0052&SUBSYS_0C111458\0PCI\VEN_10DE&DEV_0052&CC_0C0500\0PCI\VEN_10DE&DEV_0052&CC_0C05\0\0\xffe0\xffffv\aN\0Ð\0\1\0\0014VdoD¨\xffff{9AE4A9E8-A8FE-4584-9001-6F45CBDFC3CE}\00000 \xffe0\xffffv\a\4ovider\0a\xffd8\xffffv\n*\0\0\1\0\1\0Ifetoat\0\xffd8\xffffv\r\4\xffffv\27\20\0à\0\a\0\1\0Atetcto akgs\xffe0\xffffv\b\4eNmim \xffffn LÆÊ\0\0 \x81\0\0\0\0\xffff\xffff\xffff\xffff\1\0P\0è\0\xffff\xffff\0\0\0\0"\0\x378\0\23\0\f\0\x3030\x3030\x3030\x3030\x3030\x303211\xffd0\xffffv\21\x378\0\x3388(\3\0\1\x81PceCtlgtm\0ø\0\xffe0\xffffv\6X\0`\34\1\0\1\0Diem\b\0è\0\xffd8\xffffv\n8\0è\34\1\0\1\36DvcDscem\xfff0\xffffNet\0Ø\a\xffe0\xffffv\6°\0\x2208\26\3\0\1Ale\x3334t\xffd8\xffffv\f&\0(\2\1\0\1\0FinlNm\0\0\xffd0\xffffv\21\x378\0 \3\0\1\x81PceCtlgtm\0ø\0\xffd8\xffffv\f\4\1\0Cas\0\xffd0\xffffv\21D\0˜\2\a\0\1\0Scrt akgs\0\0\0\xffe0\xffffv\6\4\0\0\0\0\0\0\0\0\0\0\0€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\16\2\0\0\0\0\0\0\0\00_sÏ•\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0=8€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ \2\0\0\0\0\0\0\0\00_sÏ•\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00060€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\16\2\0\0\0\0\0\0\0\00_sÏ•\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0v\32 \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0043\0Pr\xff90\xffffn \x29c6“†Ê\0\08\0\0\0\0\0\xffff\xffff\xffff\xffff\4\0H\0è\0\xffff\xffff\0\0\0\0L\0\4\0\0\0\36\0ItraeUfrwleAUdte\b\0\xdd30\0\xfff8\xffffè\x96ø\xffff\xa4\0\3\074\x2d32O\x2d4d\x3030\x33352\x2d33535+\0\x3241\x2d32\x3030\x30301\0\0\0Z…\xde06ÊþIž\0\0\0—å>\2\0\0\0\0\0\0\0\0\0\0\0\x3036\x32377\0\0\0:\0\x18ab\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0v\t\xffe8\xffffHIDClass\0\0\xffe8\xffff\5\0\0\0\x24c2\bð\0\x86f\0\xffd8\xffffv\f\24\0\x2c58\0\1\0\1PPoieNm0.\xffd8\xffffv\r\4\37\xfff0\xffff€\xff67\xffff\xffff\0\0\xffd0\xffffv\21\x378\0\x20d0(\3\0\1\0PceCtlgtme D\xfff0\xffff1\0\0\0\0\0\xffd8\xffffv\v\2à\1d\x29c4€\1\xe918H\xfff0\xffff\r\0È\1\a\0\1oCmailIs\20\xffe0\xffffv\a\4\0\0\0\0,\0\4\0\x30304Go\xfff0\xffff \2 \2 \2\xfff0\xffff-1\0\a8\a\xffd8\xffffv\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ \2\0\0\0\0\0\0\0\00_sÏ•\0\24\0\2\0\xfffd\xffff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0=8€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ\16\2\0\0\0\0\0\0\b\00_sÏ•\0\0\0\0\0\2\0\21\0\24\0\24\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00060€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Ô)ˆ\r\x3250\r82CBFD97C5F5404C2ED3CFE1410F6AA5FB01\0\0\0\0\3\f\30\0àõ\0\0\0\0\4\17\b˜\t@\23\0\0\0\0\0\0\0\0\3\23@\0(õõ \2\0\0\0\0\0\0\b\00_sÏ•\0\0\0\0\0\0\0\0\2\0\21\0\24\0\24\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0v\34\xffd8\xffffv\v\4\0\0\3\0\1eDieDtDt\5\xffd8\xffffv\f\2\xffff1\0\0004\0\0\xffd8\xffffv\v\2\0sp\xffe0\xffffv\3>\0P\2\1\0\1\0Mg\0\0\xfff0\xffff\0\0\0\0He¸\xffffstorprop.dll,IdePropPageProvider\0\0\xffe8\xffffDisplay\0\0\0\b\0dw\xfff8\xffffè\x96\xfff0\xffffPorts\0\xfff0\xffff\1\0\xec00\0\0\0\xec1f\0\0\0\0011\0 \0 \0\0\0\0\0\xffff\xffff\0\0\0@\0\0\0\0\0\xffff\0\0\0\xffffv\16\4\1ERcvr\2e\xffe8\xffffSystem\0\0\0\0\xffe0\xffffv\6\4\0\4\0\\0\f\0LGC_VV90¨\xffffn âàxÇ\0\0\xf3a8\0\0\0\0\0\xffff\xffff\xffff\xffff\6\0\xf5d0\0€\6\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030=9\xffe0\xffffv\6\40Cas2\xffe0\xffffLegacyDriver\0 \xffd8\xffffv\tN\0\xf510\0\1\0\1,CasUD;80¨\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0x10\xffd8\xffffv\n<\0\xf590\0\1\0\0010DvcDsx11\xffc0\xffffNVIDIA Display Driver Service\0\xffe0\xffff\xfae0\0\xf460\0\xf480\0\xf4a8\0\xf4e8\0\xf568\0-3\xffe0\xffffv\5\24\0\xec00\0\1\0\1\bCas\b\xffd8\xffffv\n\4I\0\0\0\xfff0\xffffcdrom\0\xfff8\xffff\xf340\0 \xffffn F\xf141\x667Ç\0\0 \0\1\0\0\0\x1770>\xffff\xffff\0\0\xffff\xffff€\17\xffff\xffff$\0\0\0\0\0\0\0\b\0\r\0Cnrle\x303090\xffd8\xffffv\fÐ\0X\1\1\0\1\0SmoiLn\0\0\xffd8\xffffv\16\xa2\0\xf128\1\1\0\1\0DvcIsac\0\xfff0\xffff\xf642\x3213 ÊÈ \xffd8\xffffv\f\4&0\0\xffe8\xffffParport\0\0\0\xfff0\xffffdisk\0\5\xffe8\xffffv\0X\0ø\21\1\0\0\0\xfff0\xffffdisk\0\5\xffd8\xffffv\fÔ\0\x2e40\1\1\0\1bSmoiLnc0\xffe0\xffffv\5\2\xffffv\f\4SmoiLnc\0\xffd8\xffffv\r\4T:MINIMAL SOS BOOTLOG NOGUIBOOT\0OTLOG NOGUIBOOT\0\0\0\0\xffe0\xffffpciide_Inst\0\0&\xffe0\xffff5.1.2600.2180\0\xffe8\xffffv\0\34\0`\4\1\0\0\0\xffe0\xffffv\b\b\0À\0\3\0\1\0\x303120\x3032\xfff0\xffffv\b\b\0\xddd8\0\3\0\1\0\x3335\x33339\x3230\xffe0\xffffv\b\b\00\0\3\0\1\0\x3335\x33338\x3031\xffe0\xffff\0\x1bb0\1\x1bd0\1\x1bf0\1`\0€\0À\0\xffe0\xffffv\b\b\0\xee28\0\3\0\1\0\x3335\x33338\x3231¨\xffffn ‹
    Å\0\0\x1c88\1\2\0\0\0\xff20\0\xffff\xffff\0\0\xffff\xffffè\0\xffff\xffff"\0\0\0\0\0\0\0\1\0\b\0Abtr\xffe8\xffff01/13/06\0\0 \xffffn \
    Å\0\0à\0\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xffe0\0è\0\xffff\xffff\0\0\0\0\b\0h\0\0\0\17\0AlctoOdr\xffe0\xffffv\3\x248\0\xf2a8\1\n\0\1\6PiP\6\xffe0\xffffv\4h\0\xf4f8\1\n\0\1\6Roˆ\6\xfff0\xffff \20oeVdo\0\0\xfff0\xffffDPA\0\0\0\xffd8\xffffv\r\0h\1\n\0\1\0BoeMmt8\0\xffd0\xffffv\25\0\x778\20\n\0\1\0Gtwy\x30350okrud\0\xffe8\xffffl\2P\0\xa4c2L\xfe00\0G\xf6f6\xffd8\xffffv\16"\0\x1d40\1\1\0\1tDvcIsace\xfff8\xffff¸\1\xffd8\xffffv\n\30\0\xfbb8\0\1\0\1\0Ifeto\Vi\xfff0\xffff0JøJ˜J\xfff0\xffffl\1\xf408\0\x2140&\xffe0\xffffpciide_Inst\0\0\0\xfff0\xffff\0\0\0\0\0\0\0\0\0\0\0\0\2\0\21\0\24\0\24\0\5\0\0MSAFD NetBIOS [\Device\NetBT_Tcpip_{768788EE-571D-4F06-98AC-4472BF6F8D61}] DATAGRAM 4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0k (\xffffl\24\x2e48l\x27c1c\x2ea8l\x27c2c°k\x27c3ck\x27c4c k\x27c5cxk\x27c6c\xff08k\x27c7càl\x27c8cÐl\x27c9c\xb58l\x27e5c¸l\x27e6cHl\x27e7cpl\x27e8cpl\x27e9c€l\x27eacØl\x27ebc0l\x27eccl\x27edcx\1\x27eec\x890\1\x280ac__BAH41BM0#3442433146544 \xffffn ü\xef17Å\0\0\x2360l\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x888\1è\0\xffff\xffff\0\0\0\0"\0\x378\0\22\0\f\0\x3030\x3030\x3030\x3030\x30301\x27e6c\xffd0\xffffv\21\x378\0\x508\1\3\0\1cPceCtlgtm\20\x27ecc€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdldl_sÏ•\0\0MSAFD NetBIOS [\Device\NetBT_Tcpip_{A151B0A8-CFD6-4F10-B628-2CA5\16\2\0\0\0\0\0\0\0\00_sÏ•CEF28F02C}] SEQPACKET 5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\xfff8\xffffØ\1 \xffffn ü\xef17Å\0\0\x2360l\0\0\0\0\xffff\xffff\xffff\xffff\1\0 \1è\0\xffff\xffff\0\0\0\0"\0\x378\0\23\0\f\0\x3030\x3030\x3030\x3030\x3030\x3032\xffff\xffff\xffd0\xffffv\21\x378\0 \1\3\0\1\xffffPceCtlgtm\0\0\0€\xffffytmo\x2574\yt\x336d2mwo\x2e6bdldl_sÏ•\NetBT_Tcpip_{A151B0A8-CFD6-4F10-B628-2CA5 \2\0\0\0\0\0\0\0\00_sÏ•\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xfff8\xffff\x8f0\1¨\xffffn ™
    Å\0\0(C\2\0\0\0\xf20\1\xffff\xffff\0\0\xffff\xffffè\0\xffff\xffff\36\0\0\0\0\0\0\08\0\b\0Wnrs \xffffn ™
    Å\0\0¨\1\3\0\0\0\xfaf8k\xffff\xffff\0\0\xffff\xffffè\0\xffff\xffff\32\0\0\0\0\0\0\0\0\0\17\0Sbetakgs\xfff0\xffffTDI\0\r \xffffn ™
    Å\0\0\xd00\1\0\0\0\0\xffff\xffff\xffff\xffff\1\08\1è\0\xffff\xffff\0\0\0\0\b\0B\0\0\0\r\0M ujc\x20731\0\xffe0\xffffv\4B\0\xdf0\1\2\0\1\0$L\0\0¸\xffff%SystemRoot%\system32\MsSip1.dll\0\0\xfff8\xffffÐ\1\xfff8\xffff\xf98\1\xfff8\xffff\x21d0\1 \xffffn ™
    Å\0\0\xd00\1\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf18\1è\0\xffff\xffff\0\0\0\0\b\0B\0\1\0\r\0M ujc\x20732\0\xffe0\xffffv\4B\0\xed0\1\2\0\1\0$L\0\0¸\xffff%SystemRoot%\system32\MsSip2.dll\0\0\xfff8\xffff°\1\xffe8\xffffl\2\xd00\1s¤\x1b38l\a \xffffn ™
    Å\0\0\xd00\1\0\0\0\0\xffff\xffff\xffff\xffff\1\0@\1è\0\xffff\xffff\0\0\0\0\b\0B\0\2\0\r\0M ujc\x20733\0\xffe0\xffffv\4B\0¸\1\2\0\1\0$L\0\0¸\xffff%SystemRoot%\system32\MsSip3.dll\0\0hi"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,01,60,69,26,3e,2b,48,3b,b1,a5,e5,f4,5f,58,4a,bf,47,..
    "khjeh"=hex:45,e7,b4,21,26,bc,e0,51,52,ea,09,20,f7,43,d0,e1,ce,70,66,02,ed,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,a8,9c,8e,00,00,00,00,00,f0,ff,ff,ff,20,a0,8e,00,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p]
    "ErrorControl"=dword:00000000
    "Start"=dword:00000002
    "Group"="SCSI miniport"
    "Tag"=dword:0000002a
    "Type"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:e1bef253
    "s2"=dword:66a29d9a
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:4d,e7,ec,f7,60,2d,83,1f,b1,80,f8,16,16,ff,1a,d4,a9,4a,83,0c,9c,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120%"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 1
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x8a464388
    IoDeviceObjectType -> ParseProcedure -> 0x895f81b0
    \Device\Harddisk0\DR0 -> ParseProcedure -> 0x895f81b0
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    Use "Recovery Console" command "fixmbr" to clear infection !

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  9. gen-hackman
     
    ▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Destruction

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
  10. Ga
     
    Kill'em by g3n-h@ckm@n 1.1.4.1

    User : Propriétaire (Administrateurs) # PC-DE-GA
    Update on 09/12/2009 by g3n-h@ckm@n ::::: 17:00
    Start at: 18:47:03 | 10/12/2009
    Contact : g3n-h@ckm@n sur CCM

    AMD Athlon(tm) 64 Processor 3500+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : avast! antivirus 4.8.1368 [VPS 091210-1] 4.8.1368 [ Enabled | Updated ]
    FW : ZoneAlarm Firewall[ Enabled ]9.1.007.002

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 189,91 Go (20,38 Go free) [Disque local] | NTFS
    D:\ -> Disque CD-ROM | 4,37 Go (0 Mo free) [300] | UDF
    E:\ -> Disque fixe local | 115,04 Go (21,65 Go free) [Baby] | NTFS
    F:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe 704
    C:\WINDOWS\system32\csrss.exe 776
    C:\WINDOWS\system32\winlogon.exe 800
    C:\WINDOWS\system32\services.exe 848
    C:\WINDOWS\system32\lsass.exe 860
    C:\WINDOWS\system32\svchost.exe 1064
    C:\WINDOWS\system32\svchost.exe 1140
    C:\WINDOWS\System32\svchost.exe 1196
    C:\WINDOWS\system32\svchost.exe 1336
    C:\WINDOWS\system32\svchost.exe 1376
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe 1524
    C:\WINDOWS\Explorer.EXE 1620
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1832
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 1852
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1884
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe 1896
    C:\Program Files\Alwil Software\Avast4\ashServ.exe 1980
    C:\WINDOWS\System32\FTRTSVC.exe 488
    C:\Program Files\Sandboxie\SbieSvc.exe 540
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 1388
    C:\WINDOWS\system32\wbem\unsecapp.exe 1508
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2060
    C:\WINDOWS\System32\alg.exe 2160
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2292
    C:\WINDOWS\SOUNDMAN.EXE 2380
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 2452
    C:\WINDOWS\system32\RUNDLL32.EXE 2520
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 2596
    C:\WINDOWS\system32\ctfmon.exe 2632
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe 2660
    C:\Program Files\Sandboxie\SbieCtrl.exe 2680
    C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe 2712
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe 2752
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe 2772
    C:\Program Files\Sandboxie\SandboxieRpcSs.exe 3296
    C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe 772
    C:\Program Files\Mozilla Firefox\firefox.exe 3816
    C:\WINDOWS\System32\svchost.exe 1348
    C:\Documents and Settings\Propriétaire\Bureau\List_Kill'em.exe 1592
    C:\WINDOWS\system32\cmd.exe 2564
    C:\WINDOWS\system32\wbem\wmiprvse.exe 3836
    C:\Documents and Settings\Propriétaire\Local Settings\Temp\8.tmp\pv.exe 3016

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    "C:\WINDOWS\patch.exe"
    C:\WINDOWS\System32\_000007_.tmp.dll
    C:\WINDOWS\System32\_000009_.tmp.dll
    "C:\WINDOWS\System32\drivers\etc\hosts.msn"
    "C:\WINDOWS\system32\drivers\Sonyhcp.dll"
    C:\WINDOWS\System32\SET10D.tmp
    C:\WINDOWS\System32\SET10E.tmp
    C:\WINDOWS\System32\SET10F.tmp
    C:\WINDOWS\System32\SET11.tmp
    C:\WINDOWS\System32\SET111.tmp
    C:\WINDOWS\System32\SET115.tmp
    C:\WINDOWS\System32\SET117.tmp
    C:\WINDOWS\System32\SET119.tmp
    C:\WINDOWS\System32\SET11A.tmp
    C:\WINDOWS\System32\SET11C.tmp
    C:\WINDOWS\System32\SET11D.tmp
    C:\WINDOWS\System32\SET14C.tmp
    C:\WINDOWS\System32\SET150.tmp
    C:\WINDOWS\System32\SET158.tmp
    C:\WINDOWS\System32\SET166.tmp
    C:\WINDOWS\System32\SET1A0.tmp
    C:\WINDOWS\System32\SET1A2.tmp
    C:\WINDOWS\System32\SET1AD.tmp
    C:\WINDOWS\System32\SET1B6.tmp
    C:\WINDOWS\System32\SET23.tmp
    C:\WINDOWS\System32\SET38.tmp
    C:\WINDOWS\System32\SET3C.tmp
    C:\WINDOWS\System32\SET45.tmp
    C:\WINDOWS\System32\SET46.tmp
    C:\WINDOWS\System32\SET4F.tmp
    C:\WINDOWS\System32\SET50.tmp
    C:\WINDOWS\System32\SET51.tmp
    C:\WINDOWS\System32\SET54.tmp
    C:\WINDOWS\System32\SET5A.tmp
    C:\WINDOWS\System32\SET5D.tmp
    C:\WINDOWS\System32\SET66.tmp
    C:\WINDOWS\System32\SET69.tmp
    C:\WINDOWS\System32\SET75.tmp
    C:\WINDOWS\System32\SET78.tmp
    C:\WINDOWS\System32\SET8D.tmp
    C:\WINDOWS\System32\SET91.tmp
    C:\WINDOWS\System32\SET99.tmp
    C:\WINDOWS\System32\SETA6.tmp
    C:\WINDOWS\System32\SETB3.tmp
    C:\WINDOWS\System32\SETBB.tmp
    C:\WINDOWS\System32\SETBD.tmp
    C:\WINDOWS\System32\SETBE.tmp
    C:\WINDOWS\System32\SETC9.tmp
    C:\WINDOWS\System32\SETD0.tmp
    C:\WINDOWS\System32\SETD4.tmp
    C:\WINDOWS\System32\SETD5.tmp
    C:\WINDOWS\System32\SETD6.tmp
    C:\WINDOWS\System32\SETD7.tmp
    C:\WINDOWS\System32\SETDC.tmp
    C:\WINDOWS\System32\SETE2.tmp
    C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
    C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\ubiB.tmp.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    FP_PL_PFS_INSTALLER.exe.Kill'em
    hosts.msn.Kill'em
    PATCH.EXE.Kill'em
    SET10D.tmp.Kill'em
    SET10E.tmp.Kill'em
    SET10F.tmp.Kill'em
    SET11.tmp.Kill'em
    SET111.tmp.Kill'em
    SET115.tmp.Kill'em
    SET117.tmp.Kill'em
    SET119.tmp.Kill'em
    SET11A.tmp.Kill'em
    SET11C.tmp.Kill'em
    SET11D.tmp.Kill'em
    SET14C.tmp.Kill'em
    SET150.tmp.Kill'em
    SET158.tmp.Kill'em
    SET166.tmp.Kill'em
    SET1A0.tmp.Kill'em
    SET1A2.tmp.Kill'em
    SET1AD.tmp.Kill'em
    SET1B6.tmp.Kill'em
    SET23.tmp.Kill'em
    SET38.tmp.Kill'em
    SET3C.tmp.Kill'em
    SET45.tmp.Kill'em
    SET46.tmp.Kill'em
    SET4F.tmp.Kill'em
    SET50.tmp.Kill'em
    SET51.tmp.Kill'em
    SET54.tmp.Kill'em
    SET5A.tmp.Kill'em
    SET5D.tmp.Kill'em
    SET66.tmp.Kill'em
    SET69.tmp.Kill'em
    SET75.tmp.Kill'em
    SET78.tmp.Kill'em
    SET8D.tmp.Kill'em
    SET91.tmp.Kill'em
    SET99.tmp.Kill'em
    SETA6.tmp.Kill'em
    SETB3.tmp.Kill'em
    SETBB.tmp.Kill'em
    SETBD.tmp.Kill'em
    SETBE.tmp.Kill'em
    SETC9.tmp.Kill'em
    SETD0.tmp.Kill'em
    SETD4.tmp.Kill'em
    SETD5.tmp.Kill'em
    SETD6.tmp.Kill'em
    SETD7.tmp.Kill'em
    SETDC.tmp.Kill'em
    SETE2.tmp.Kill'em
    Sonyhcp.dll.Kill'em
    ubiB.tmp.exe.Kill'em
    _000007_.tmp.dll.Kill'em
    _000009_.tmp.dll.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
    Deleted : HKLM\System\CurrentControlSet\Services\asc3550p

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned :
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  11. Ga
     
    Voilou, c'est fait.

    2 petites questions :

    D'où ça vient et comment je l'ai choppé ?

    est-ce normal qu'explorer veuille se connecter à Internet ?
    0
  12. gen-hackman
     
    D'où ça vient et comment je l'ai choppé ?

    je ne peux te repondre ne connaissant pas tes habitudes de surf , etc.....

    est-ce normal qu'explorer veuille se connecter à Internet ?

    non , on va voir :

    ▶ Télécharge : Gmer (by Przemyslaw Gmerek)

    ▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

    ▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

    Ensuite

    ▶ sur les lignes rouge:

    ▶ Services:cliques droit delete service
    ▶ Process:cliques droit kill process
    ▶ Adl ,file:cliques droit delete files
    0
    1. Ga
       
      Bon j'ai essayé de télécharger GMER, pas de problème, j'ai lancé GMER, il a commencé son scan de démarrage et puis il a planté avec un rapport windows.... J'ai réessayé plusieurs fois mais marche pas....

      next ?
      0
  13. Ga
     
    Ca a marché, je l'ai lancé en faisant un clic droit exécuté en tant que, m'a lancé 2 erreurs sur des créations de fichier puis GMER s'est lancé.

    Je te post le rapport, mais je n'ai pas vu de ligne rouge...

    GMER 1.0.15.15273 - http://www.gmer.net
    Rootkit quick scan 2009-12-11 00:40:54
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kwryapow.sys

    ---- System - GMER 1.0.15 ----

    SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB7E7F5DC]
    SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB7E8B120]

    Code 89669BAC ZwRequestPort
    Code 89669C4C ZwRequestWaitReplyPort
    Code 89669B0C ZwTraceEvent
    Code 897AA205 pIofCallDriver
    Code 89669BAB NtRequestPort
    Code 89669C4B NtRequestWaitReplyPort
    Code 89669B0B NtTraceEvent

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A5DD1E8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Fastfat \Fat 898BA1E8
    Device \FileSystem\Fastfat \Fat 897592B0

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Modules - GMER 1.0.15 ----

    Module _________ B7E06000-B7E1E000 (98304 bytes)

    ---- EOF - GMER 1.0.15 ----
    0
  14. Ga
     
    2e scan et la seule ligne rouge qui apparait est celle de GMER.exe installé sur mon bureau... Euh.. ALLO HOUSTON ??? YA 1 PB !!!!

    ci-joint le rapport du 2 scan.
    0
  15. Ga
     
    http://www.cijoint.fr/cjlink.php?file=cj200912/cijdPp7b0S.txt
    0
  16. Ga
     
    Est-ce normal que GMER ne puisse pas accéder à ce seul fichier ?
    C:\WINDOWS\system32\drivers\sptd.sys ?? car utilisé par un autre processus ??
    0
  17. Ga
     
    Bien le bonjour gen-hackman.

    Voici le OTL.txt :
    http://www.cijoint.fr/cjlink.php?file=cj200912/cij36SsaYC.txt

    et l'EXTRA.txt :
    http://www.cijoint.fr/cjlink.php?file=cj200912/cijM2fycG3.txt

    Avec encore une fois tout mes remerciements d'essayer de trouver la soluce !!
    0
  18. gen-hackman
     
    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Coche Afficher les fichiers et dossiers cachés
    * - Décoche Masquer les extensions des fichiers dont le type est connu
    * - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

    C:\WINDOWS\System32\zllictbl.dat
    C:\WINDOWS\System32\adinst32.dll


    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

    ensuite :

    ▶ Double clic sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :

    CREATERESTOREPOINT

    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O33 - MountPoints2\{afd2dcc4-9766-11dc-a215-000fea849eb8}\Shell - "" = AutoRun
    O33 - MountPoints2\{afd2dcc4-9766-11dc-a215-000fea849eb8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\Z\Shell - "" = AutoRun
    O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\FalloutLauncher.exe -- File not found

    :files
    C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    C:\Documents and Settings\Propriétaire\Bureau\List_Kill'em.exe
    C:\Documents and Settings\Propriétaire\Application Data\.bittorrent
    C:\WINDOWS\Tasks\At1.MSNFix
    C:\WINDOWS\Tasks\At2.MSNFix

    :commands
    [emptytemp]
    [start explorer]
    [reboot]

    ▶ Clique sur RunFix pour lancer la suppression.

    ▶ Poste le rapport.
    0
  19. Ga
     
    Alors, je te post les rapports.

    L'analyse des fichiers :

    zllictbl.dat
    http://www.cijoint.fr/cjlink.php?file=cj200912/cijflHg1Lq.txt

    adinst32.dll
    http://www.cijoint.fr/cjlink.php?file=cj200912/cijfX0KaJo.txt
    0
  20. Ga
     
    Et ça c'est le rapport par OTL suite aux modifications apportées que je n'ai pas pu poster sur cijoint

    All processes killed
    Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    No active process named firefox.exe was found!
    No active process named msnmsgr.exe was found!
    No active process named Teatimer.exe was found!
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
    File Protocol\Handler\ipp - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afd2dcc4-9766-11dc-a215-000fea849eb8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afd2dcc4-9766-11dc-a215-000fea849eb8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afd2dcc4-9766-11dc-a215-000fea849eb8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afd2dcc4-9766-11dc-a215-000fea849eb8}\ not found.
    File G:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.
    File Z:\FalloutLauncher.exe not found.
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} folder moved successfully.
    C:\Documents and Settings\Propriétaire\Bureau\List_Kill'em.exe moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\.bittorrent\data\resume folder moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\.bittorrent\data\metainfo folder moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\.bittorrent\data folder moved successfully.
    C:\Documents and Settings\Propriétaire\Application Data\.bittorrent folder moved successfully.
    C:\WINDOWS\Tasks\At1.MSNFix moved successfully.
    C:\WINDOWS\Tasks\At2.MSNFix moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 116688 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 1121432 bytes
    ->Temporary Internet Files folder emptied: 3421489 bytes

    User: NetworkService
    ->Temp folder emptied: 2112648 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Propriétaire
    ->Temp folder emptied: 22557503 bytes
    ->Temporary Internet Files folder emptied: 65938 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 78797085 bytes

    %systemdrive% .tmp files removed: 4738 bytes
    %systemroot% .tmp files removed: 296059904 bytes
    %systemroot%\System32 .tmp files removed: 188614 bytes
    Windows Temp folder emptied: 1224104 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23933078 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 409,83 mb

    OTL by OldTimer - Version 3.1.15.1 log created on 12112009_142820

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Propriétaire\Local Settings\Temp\~DF163A.tmp moved successfully.
    C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\od2404xh.default\urlclassifier3.sqlite moved successfully.
    File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_318.dat not found!
    File\Folder C:\WINDOWS\temp\ZLT05a9d.TMP not found!

    Registry entries deleted on Reboot...
    0
  • 1
  • 2