geromanu
-
Compteur de contenus
58 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par geromanu
-
le comportement du pc est le suivant: léger ralentissement..bon, il n'est pas tout récent.. les keylogger ont disparus, j'ai installé anti keylogger, est ce nécessaire???? le hic qui arrive, ce sont pour les fenetres antivir, les case sont vides (ok, appliquer...) j'ai réinstallé pluiseurs fois..mais au bout de quelques utilisation..la pb revient. je vais effectuer le scan conseillé.... j'ai effectué plusieurs scan par adaware er spybot. tout semble aller.
-
voici le rapport combo... ComboFix 08-03-30.2 - gero manu 2008-03-30 21:55:25.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.574 [GMT 2:00] Endroit: C:\Documents and Settings\gero manu\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))))))) . 2008-03-29 10:56 . 2008-03-29 10:56 <REP> d-------- C:\Program Files\Anti-keylogger 2008-03-29 10:56 . 2006-11-24 13:19 374,272 --a------ C:\WINDOWS\system32\drivers\krnl_akl.sys 2008-03-29 10:05 . 2008-03-29 10:05 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys 2008-03-29 10:04 . 2008-03-29 10:05 <REP> d-------- C:\Program Files\The Cleaner Free 2008-03-29 09:55 . 2008-03-30 20:39 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2008-03-29 09:55 . 2008-03-29 09:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-03-28 13:03 . 2006-09-25 18:40 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-28 13:03 . 2006-09-25 18:40 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-28 13:03 . 2006-09-25 18:39 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-28 13:03 . 2006-09-25 18:37 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-28 13:03 . 2006-09-25 18:39 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-28 13:02 . 2006-09-25 18:45 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-28 13:02 . 2004-01-09 12:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-28 13:02 . 2006-09-25 18:37 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2008-03-28 11:40 . 2008-03-28 11:40 <REP> d-------- C:\Program Files\Easy & Secure Eraser 2008-03-28 11:20 . 2008-03-28 11:20 <REP> d--h----- C:\WINDOWS\PIF 2008-03-28 11:00 . 2008-03-29 09:25 <REP> d-------- C:\Program Files\a-squared Anti-Malware 2008-03-28 01:15 . 2008-03-28 01:15 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-03-28 01:01 . 2008-03-28 01:01 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-28 00:50 . 2008-03-28 01:32 <REP> d-------- C:\SDFix 2008-03-27 13:41 . 2008-03-27 13:41 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-03-27 12:07 . 2008-03-27 13:30 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-03-27 11:46 . 2008-03-27 11:46 <REP> d-------- C:\Program Files\Avira 2008-03-27 11:46 . 2008-03-27 11:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-16 12:04 . 2008-03-16 12:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom 2008-03-11 12:12 . 2008-03-11 12:12 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-11 12:12 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-11 12:06 . 2008-03-11 12:10 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-11 12:06 . 2008-03-11 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-08 20:44 . 2008-03-08 20:44 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-03-08 18:50 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-08 18:50 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-01 12:58 . 2008-03-01 12:58 <REP> d-------- C:\Program Files\7-Zip 2008-02-23 20:44 . 2008-02-26 21:45 <REP> d-------- C:\Documents and Settings\gero manu\Application Data\Anuman Interactive 2008-02-23 20:38 . 2008-02-26 21:44 <REP> d-------- C:\Program Files\Anuman Interactive 2008-02-13 19:27 . 2008-03-29 09:54 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-12 23:38 . 2008-03-08 22:58 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-12 23:38 . 2008-03-08 23:00 5,548 --a------ C:\WINDOWS\unins000.dat 2008-02-11 13:30 . 2008-02-22 10:28 <REP> d-------- C:\Program Files\Recuva 2008-02-06 13:02 . 2008-02-06 13:02 268 --ah----- C:\sqmdata06.sqm 2008-02-06 13:02 . 2008-02-06 13:02 244 --ah----- C:\sqmnoopt07.sqm 2008-02-06 13:02 . 2008-02-06 13:02 244 --ah----- C:\sqmnoopt06.sqm 2008-02-06 13:02 . 2008-02-06 13:02 136 --ah----- C:\sqmdata08.sqm 2008-02-06 13:02 . 2008-02-06 13:02 136 --ah----- C:\sqmdata07.sqm 2008-02-02 19:20 . 1999-09-10 13:06 45,056 -ra------ C:\WINDOWS\system32\wnaspi32.dll 2008-02-02 19:20 . 1999-09-10 13:06 45,056 -ra------ C:\WINDOWS\system32\wnaspi32.bak 2008-02-02 19:20 . 1999-09-10 13:06 25,244 -ra------ C:\WINDOWS\system32\drivers\ASPI32.sys 2008-02-02 19:20 . 1999-09-10 13:06 5,600 -ra------ C:\WINDOWS\system\Winaspi.dll 2008-02-02 19:20 . 1999-09-10 13:06 4,672 -ra------ C:\WINDOWS\system\Wowpost.exe 2008-02-02 19:20 . 2008-02-02 19:20 2,368 --a------ C:\WINDOWS\system32\STEC3.sys 2008-02-02 19:20 . 2008-02-02 19:20 29 --a------ C:\WINDOWS\AlphaPlayer.INI 2008-02-01 12:17 . 2008-02-01 12:17 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-29 07:10 2,993,664 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-03-28 10:48 --------- d-----w C:\Program Files\Macrogaming 2008-03-22 20:44 --------- d-----w C:\Program Files\BeClean 2008-03-21 07:11 5,940,276 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-16 10:03 --------- d-----w C:\Program Files\TomTom HOME 2008-03-16 10:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-14 18:17 --------- d-----w C:\Program Files\Windows Live 2008-03-11 17:40 --------- d-----w C:\Program Files\MSN Messenger 2008-03-09 13:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-08 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-08 16:39 --------- d-----w C:\Program Files\Java 2008-02-22 08:29 --------- d-----w C:\Program Files\AviSynth 2.5 2008-02-15 11:26 --------- d-----w C:\Program Files\TomTom HOME 2 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-08 11:04 139,396 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_08_11_57_15_small.dmp.zip 2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 11:03 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-12-04 12:34 30 ----a-w C:\Program Files\Exiferupdate.ini 2007-10-01 10:55 132,731 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_01_12_54_15_small.dmp.zip 2007-08-05 15:32 132,951 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_15_06_32_small.dmp.zip 2007-08-04 02:26 138,591 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_04_04_24_33_small.dmp.zip 2007-07-27 15:48 124,539 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_27_17_23_09_small.dmp.zip . ((((((((((((((((((((((((((((( snapshot@2008-03-29_12.09.12.00 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe - 2007-12-23 15:04:54 71,424 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 08:43:27 71,424 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-23 15:04:54 84,966 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-03-30 08:43:27 84,966 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2007-12-23 15:04:54 441,932 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 08:43:27 441,932 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-23 15:04:54 511,114 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-03-30 08:43:27 511,114 ----a-w C:\WINDOWS\system32\perfh00C.dat - 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 18:06 176128] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2008-02-14 12:58 3977128] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-01 14:48 286720] "Anti-keylogger"="C:\Program Files\Anti-keylogger\Anti-keylogger.exe" [2006-11-22 17:18 269312] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 11:49 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Start AntiVir PersonalEdition Classic.lnk - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe [2008-03-27 11:46:39 675880] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a------ 2008-02-07 11:47 361832 C:\Program Files\TomTom HOME 2\HOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "SharedAccess"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" /AUTO [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 krnl_akl;krnl_akl;C:\WINDOWS\system32\drivers\krnl_akl.sys [2006-11-24 13:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28023d31-56e8-11dc-a827-0040f43158c3}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-08-01 12:55:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 21:56:38 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-30 21:57:16 ComboFix-quarantined-files.txt 2008-03-30 19:56:59 ComboFix2.txt 2008-03-29 11:09:35 ComboFix3.txt 2008-03-29 07:16:51 ComboFix4.txt 2008-03-28 22:31:13 Pre-Run: 9,656,958,976 octets libres Post-Run: 9,645,305,856 octets libres . 2008-03-14 18:17:20 --- E O F ---
-
yes, mais combo a mis plus de 10h à écrire le rapport....... je vais en refaire un et transmettre le rapport.!
-
un grand merci à vous... voici le rapport!!! ComboFix 08-03-27.1 - gero manu 2008-03-29 12:25:46.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.706 [GMT 1:00] Endroit: C:\Documents and Settings\gero manu\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\gero manu\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\sqmdata09.sqm C:\sqmdata10.sqm C:\sqmnoopt08.sqm C:\sqmnoopt09.sqm C:\WINDOWS\system32\^^^^^.exe . je tente à présent de résoudre un pb de keylogger décelés par spybot... mais merci bcp à vous!!!! petite question ...quel antiviruse me conseillez vous...j'avais avast..et là j'envisage antivir...mais c'est po super à paramettrer!!!
-
bonjour!! et bien ce fichu ^^^^^.exe est toujotrs là, je rame avec antivir, qui me signale bcp de fichiers..... voici combo, fait en mode sans échec.. encoire merci pour l'aide!! ComboFix 08-03-27.1 - gero manu 2008-03-29 8:13:54.2 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.822 [GMT 1:00] Endroit: C:\Documents and Settings\gero manu\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))))))) . 2008-03-28 12:03 . 2006-09-25 17:40 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-28 12:03 . 2006-09-25 17:40 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-28 12:03 . 2006-09-25 17:39 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-28 12:03 . 2006-09-25 17:37 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-28 12:03 . 2006-09-25 17:39 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-28 12:02 . 2006-09-25 17:45 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-28 12:02 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-28 12:02 . 2006-09-25 17:37 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2008-03-28 10:40 . 2008-03-28 10:40 <REP> d-------- C:\Program Files\Easy & Secure Eraser 2008-03-28 10:20 . 2008-03-28 10:20 <REP> d--h----- C:\WINDOWS\PIF 2008-03-28 10:00 . 2008-03-28 11:48 <REP> d-------- C:\Program Files\a-squared Anti-Malware 2008-03-28 00:01 . 2008-03-28 00:01 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-27 23:50 . 2008-03-28 00:32 <REP> d-------- C:\SDFix 2008-03-27 12:41 . 2008-03-27 12:41 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-03-27 11:07 . 2008-03-27 12:30 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-03-27 10:46 . 2008-03-27 10:46 <REP> d-------- C:\Program Files\Avira 2008-03-27 10:46 . 2008-03-27 10:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-25 22:37 . 2008-03-25 22:37 64,156 --------- C:\WINDOWS\system32\^^^^^.exe 2008-03-16 11:04 . 2008-03-16 11:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom 2008-03-11 11:12 . 2008-03-11 11:12 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-11 11:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-11 11:06 . 2008-03-11 11:10 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-11 11:06 . 2008-03-11 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-08 19:44 . 2008-03-08 19:44 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-03-08 17:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-08 17:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-06 14:14 . 2008-03-06 14:14 268 --ah----- C:\sqmdata09.sqm 2008-03-06 14:14 . 2008-03-06 14:14 244 --ah----- C:\sqmnoopt08.sqm 2008-03-06 14:14 . 2008-03-06 14:14 136 --ah----- C:\sqmnoopt09.sqm 2008-03-06 14:14 . 2008-03-06 14:14 136 --ah----- C:\sqmdata10.sqm 2008-03-01 11:58 . 2008-03-01 11:58 <REP> d-------- C:\Program Files\7-Zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 10:48 --------- d-----w C:\Program Files\Macrogaming 2008-03-25 21:37 64,156 ------w C:\WINDOWS\system32\^^^^^.exe 2008-03-22 20:44 --------- d-----w C:\Program Files\BeClean 2008-03-21 07:11 5,940,276 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-16 10:03 --------- d-----w C:\Program Files\TomTom HOME 2008-03-16 10:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-14 18:17 --------- d-----w C:\Program Files\Windows Live 2008-03-11 17:40 --------- d-----w C:\Program Files\MSN Messenger 2008-03-09 13:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-08 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-08 20:58 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-03-08 16:39 --------- d-----w C:\Program Files\Java 2008-02-26 19:45 --------- d-----w C:\Documents and Settings\gero manu\Application Data\Anuman Interactive 2008-02-26 19:44 --------- d-----w C:\Program Files\Anuman Interactive 2008-02-22 08:29 --------- d-----w C:\Program Files\AviSynth 2.5 2008-02-22 08:28 --------- d-----w C:\Program Files\Recuva 2008-02-15 11:26 --------- d-----w C:\Program Files\TomTom HOME 2 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-08 11:04 139,396 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_08_11_57_15_small.dmp.zip 2007-12-04 12:34 30 ----a-w C:\Program Files\Exiferupdate.ini 2007-10-01 10:55 132,731 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_01_12_54_15_small.dmp.zip 2007-08-05 15:32 132,951 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_15_06_32_small.dmp.zip 2007-08-04 02:26 138,591 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_04_04_24_33_small.dmp.zip 2007-07-27 15:48 124,539 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_27_17_23_09_small.dmp.zip . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 17:06 176128] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2008-02-14 11:58 3977128] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-01 13:48 286720] "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208] "Flash Media"="C:\WINDOWS\system32\^^^^^.exe" [2008-03-25 22:37 64156] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 14:24 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 14:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a------ 2008-02-07 10:47 361832 C:\Program Files\TomTom HOME 2\HOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "SharedAccess"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" /AUTO [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\WINDOWS\\system32\\^^^^^.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28023d31-56e8-11dc-a827-0040f43158c3}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe *Newly Created Service* - MDMXSDK . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-08-01 12:55:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 08:16:04 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... ? [680] Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tsd32.dll . Temps d'accomplissement: 2008-03-29 8:16:50 ComboFix-quarantined-files.txt 2008-03-29 07:16:36 ComboFix2.txt 2008-03-28 22:31:13 Pre-Run: 10,068,750,336 octets libres Post-Run: 10,056,790,016 octets libres . 2008-03-14 18:17:20 --- E O F --- le hijack montre encore la ligne f2......
-
merci!.. mais impossible de retirer ce prog docc ^^^^^.exe dans system32!!! msnfix dit: MSNFix 1.692 C:\Documents and Settings\gero manu\Bureau\MSNFix\MSNFix Fix exécuté le 28/03/2008 - 12:24:58,79 By gero manu mode normal ************************ Recherche les fichiers présents Aucun Fichier trouvé ************************ Recherche les dossiers présents Aucun dossier trouvé ************************ Fichiers suspects Aucun Fichier trouvé ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^.exe et jack... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:14, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\manu\logiciels\protek\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader5.cab O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5644 bytes ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- voilà ça pose pb!!!!!!
-
et je garde antiivir, mais au boot il me dit que j'ai un trojan TR/Crypt.ULPH.Gen voici jack! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:00:29, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\a-squared Anti-Malware\a2scan.exe c:\program files\avira\antivir personaledition classic\avscan.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe D:\manu\logiciels\protek\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader5.cab O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6658 bytes
-
oups dsl voici masn fix MSNFix 1.692 C:\Documents and Settings\gero manu\Bureau\anti\MSNFix\MSNFix Fix exécuté le 28/03/2008 - 10:53:21,70 By gero manu mode normal ************************ Recherche les fichiers présents Aucun Fichier trouvé ************************ Recherche les dossiers présents Aucun dossier trouvé ************************ Fichiers suspects Aucun Fichier trouvé ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^.exe ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END ---------------------------------------------
-
oki! merci! le voici... Norman Malware Cleaner Copyright © 1990 - 2008, Norman ASA. Built 2008/03/09 20:10:13 Norman Scanner Engine Version: 5.91.10 Nvcbin.def Version: 5.90.00, Date: 2008/03/09 20:10:13, Variants: 1383781 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 2 Logged on user: TAZ\gero manu Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe" -> "C:\WINDOWS\System32\userinit.exe," Scan started: 28/03/2008 00:35:13 Scanning running processes and process memory... Number of processes/threads found: 2011 Number of processes/threads scanned: 2011 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 44s Scanning file system... Scanning: C:\*.* Scanning: D:\*.* D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE\navcore_7.12.8459.navcore7.cab/unknown1 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE\navcore_7.12.8459.navcore7.cab/unknown3 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE\navcore_7.12.8459.navcore7.cab/unknown4 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE\navcore_7.12.8459.navcore7.cab/unknown5 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE\navcore_7.12.8459.navcore7.cab/unknown6 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE\navcore_7.12.8459.navcore7.cab/unknown7 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE-2\navcore_7.12.8459.navcore7.cab/unknown1 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE-2\navcore_7.12.8459.navcore7.cab/unknown3 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE-2\navcore_7.12.8459.navcore7.cab/unknown4 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE-2\navcore_7.12.8459.navcore7.cab/unknown5 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE-2\navcore_7.12.8459.navcore7.cab/unknown6 (Error whilst scanning file: I/O Error) D:\manu\divers perso\save gps\downloads\program\TomTomApplicationForONE-2\navcore_7.12.8459.navcore7.cab/unknown7 (Error whilst scanning file: I/O Error) D:\manu\logiciels\protek\firewall\kerio\2.15fr\kpf21-fr-v1.zip/img/connect.png (Error whilst scanning file: I/O Error) D:\manu\logiciels\util\gravure\nero\nero 551020b\tno_n520.zip/tno_n520.exe (Infected with W32/Delf.LGM) Deleted file D:\manu\logiciels\util\gravure\nero\nero 551020b\tno_n520\tno_n520.exe (Infected with W32/Delf.LGM) Deleted file D:\manu\Mes vidéos\humour\craineau.asf/unknown0 (Error whilst scanning file: I/O Error) Scanning: F:\*.* Scanning: d:\System Volume Information\*.* Running post-scan cleanup routine: Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe" -> "C:\WINDOWS\System32\userinit.exe," Number of files found: 185170 Number of archives unpacked: 683 Number of files scanned: 185125 Number of files not scanned: 45 Number of files skipped due to exclude list: 0 Number of infected files found: 2 Number of infected files repaired/deleted: 2 Number of infections removed: 2 Total scanning time: 49m 34s
-
oki!! merci! j'ai tenté de faire comme expliqué...alors..: SDFix: Version 1.163 Run by gero manu on 28/03/2008 at 00:03 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 00:13:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\^^^^^.exe [1892] 0x865A2BE0 scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager] "PendingFileRenameOperations"=str(7):"\x6264\5\xed08J\xf9ea\xb38f\xfff0\xffff\0\0\x2f60\x40e3\xed78J\xffa0\xffff\x6b6e \xde0\x8f6e\xb9b1\x1c7\0\0\x6ef8\23\1\0\0\0\xc0c8J\xffff\xffff\3\0\x6cc8\23\x39b8%\xffff\xffff\b\0\0\0\22\0006\0\a\0\v\0\x3553\x6157\x656b\x6e4f\x614cn\0\0\xffd8\xffff\x6b76\t6\0\xbfb8J\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\xffc0\xffffWake-On-Lan After Shutdown\0\0\0\0\xfff8\xffff\xd120J\x6268\x6e69\xc000J\x1000\0\0\0\0\0\0\0\0\0\0\0\xffe0\xffff\x6b76\a\4\x80000\0\1\0\1\0\x6564\x6166\x6c75t\xffe0\xffff\x6b76\4\n\0\xc060J\1\0\1\0\x7974\x6570\0\0\xfff0\xffffenum\0\0\xffa8\xffff\x6b6e \xde0\x8f6e\xb9b1\x1c7\0\0\xbf30J\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x2158@\x39b8%\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xfff0\xffff\x686c\1\xc070J\x02457\xffe0\xffff\x6b76\1\20\0\xc0f8J\1\0\1\0000\0\0\0\xffe8\xffffDisable\0\0\0\xffe0\xffff\x6b76\1\16\0\xc130J\1\0\1\0001\0\0\0\xffe8\xffffEnable\0\0\0\0\xffd8\xffff\x6b76\v\4\x80000\0\1\0\1\0\x3553\x6157\x656b\x6e4f\x614cn\0\0\xffb8\xffff\x6b76*\x8e\0\xc1b8J\1\0\1\0\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x4d5c\x4e53\x4d20\x7365\x6573\x676e\x7265\x6d5c\x6e73\x736d\x7267\x652e\x6578\0\0\0\xff68\xffffC:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5\0\0\0\0\xffb8\xffff\x6b76*\x8e\0\xc298J\1\0\1\0\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x4d5c\x4e53\x4d20\x7365\x6573\x676e\x7265\x6d5c\x6e73\x736d\x7267\x652e\x6578\0\0\0\xff68\xffffC:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5\0\0\0\0\xffc8\xffffNVCOG.DLL,NVCoInstaller\0\0\0\xffa0\xffff\x6b6e \xbe80\xcd04\xb9b1\x1c7\0\0\x10e0\24\0\0\0\0\xffff\xffff\xffff\xffff\4\0\xc4f0J\x39b8%\xffff\xffff\0\0\0\0\26\0D\0\0\0\t\0\x6e55\x6e69\x7473\x6c61l\0\0\0\xffe0\xffffnvgart.nvu\0\0\0\0\xffe0\xffff\x6b76\4&\0\xc408J\1\0\1\0\x614e\x656d\0\0\xffd0\xffffNVIDIA GART Driver\0\0\0\0\xffd8\xffff\x6b76\tD\0\xc460J\1\0\1\0\x4e49\x5346\x6372\x6944r\0\0\0\xffb8\xffffc:\nvidia\nforcewin2kxp\5.10\gart\0\xffd8\xffff\x6b76\v\30\0\xc4d0J\1\0\1\0\x6e55\x6e69\x7473\x6c61\x656cr\0\0\xffe0\xffffnvugart.exe\0\0\0\xffe8\xffff\x1440B\xc3e8J\xc438J\xc4a8J\0\0\xffc8\xffff\x6b76\e\x3848\1\xbf10J\a\0\1\0\x6550\x646e\x6e69\x4667\x6c69\x5265\x6e65\x6d61\x4f65\x6570\x6172\x6974\x6e6fs\0\0\xffd0\xffff\x120\23\x158\23\x1a0\23\x1e0\23\x230\23\x270\23\x2d8\23\x320\23\x340\24\x7e00\e03\xfff0\xffff\x686c\1\xe810J\xe2d0\xe465\xfff8\xffff\xe868J\xffe8\xffffnv_agp\0\0\0\0\xffc0\xffff\xd3c0\e\xd430\e\xd4b8\e\xd4e0\e\xd6b0\e\xd788\e\xd7c8\e\xd7f0\e\xd860\e\xd7a8\e\xd838\e\xd970\e\xd8e0\e\xefb0\24\0\0\xffd0\xffffNVIDIA Corporation\0\0\0\0\xffd0\xffffpci\ven_10de&dev_01e8\0\xffa8\xffff\x6b6e \xddb0\xcdc9\xb9b1\x1c7\0\0\xee38\35\1\0\0\0\xc888J\xffff\xffff\a\0\xc7d0J\x1e8\0\xffff\xffff\20\0\0\0\30\0:\0\0\0\6\0\x766e\x615f\x7067\0\xffe0\xffff\x6b76\5\4\x8000\0\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe0\xffff\x6b76\3\4\x8000\4\0\4\0\1\0\x6154g\0\0\xffd8\xffff\x6b76\t8\0\xc728J\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffc0\xffffsystem32\DRIVERS\nv_agp.sys\0\0\0\xffd8\xffff\x6b76\v:\0\xc790J\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffc0\xffffNVIDIA nForce AGP Bus Filter\0\0\xffe0\xffff\x12e0\24\xc698J\xc6b8J\xc6e0J\xc700J\xc768J\xc7f0J\xffe0\xffff\x6b76\5\26\0\xc810J\1\0\1\0\x7247\x756fp\0\xffe0\xffffPnP Filter\0\0\0\0\xffa8\xffff\x6b6e \x3cd0\xcd71\xb9b1\x1c7\0\0\xc640J\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xb210J\x6c38\v\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xfff0\xffff\x686c\1\xc830J\xe2d0\xe465\xffe0\xffff\x6b76\b\xa8\0\xc8b8J\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffb0\xffffNVIDIA nForce2 AGP Host to PCI Bridge\0\xffb0\xffffNVIDIA nForce2 AGP Host to PCI Bridge\0\xff98\xffff\x6b6e \x9580\xce42\xb9b1\x1c7\0\0\xc320\24\0\0\0\0\xffff\xffff\xffff\xffff\3\0\x11a8\24\x39b8%\xffff\xffff\0\0\0\0\30\0N\0\0\0\25\0\x6370\x2369\x6576\x5f6e\x3031\x6564\x6426\x7665\x305f\x65318\0\xffa8\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffe0\xffff\x6b76\a\b\0\xcae8J\1\0\1\0\x6553\x7672\x6369e\xfff0\xffffpci\0\0\0\xff98\xffff\x6b6e \x24a0\xcf71\xb9b1\x1c7\0\0\xddf0\e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1288\b\xffff\xffff\0\0\0\0\0\0\0\0\0\0\21\0\x6544\x6976\x6563\x5020\x7261\x6d61\x7465\x7265s\0\0\0\xffe8\xffff\x686c\2\xcaf8J\x4e64\x29c4\xe440\e\xe918\xb548\xffc0\xffffpci\ven_10de&dev_01eb&rev_c1\0\0\xffa0\xffffNVIDIA nForce2 Ultra 400 Memory Controller\0\0\0\0\xffa0\xffffNVIDIA nForce2 Ultra 400 Memory Controller\0\0\0\0\xff90\xffff\x6b6e \x210\xcf85\xb9b1\x1c7\0\0\xc320\24\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf438\23\x39b8%\xffff\xffff\0\0\0\0\22\0N\0\0\0\34\0\x6370\x2369\x6576\x5f6e\x3031\x6564\x6426\x7665\x305f\x6531\x2662\x6572\x5f76\x3163\0\0\xffa8\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffa8\xffff\x6b6e \x7470\xd0ad\xb9b1\x1c7\0\0\xd340\23\0\0\0\0\xffff\xffff\xffff\xffff\b\0\xd090J\x39b8%\xffff\xffff\0\0\0\0 \0B\0\0\0\4\0\x3030\x3431\0\0\xffa0\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0014\0\0\0\xff98\xffff\x6b6e \xdee0\xd0a8\xb9b1\x1c7\0\0\xe510\e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1288\b\xffff\xffff\0\0\0\0\0\0\0\0\0\0\21\0\x6544\x6976\x6563\x5020\x7261\x6d61\x7465\x7265s\0\0\0\xffe8\xffffNO_DRV\0\0\0\0\xffd8\xffff\x6b76\f\16\0\xcea0J\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\0\0\xffe8\xffffNVIDIA\0\0\0\0\xffd8\xffff\x6b76\16\b\0\xcee0J\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xfff0\xffff\xc000\xf6a6\xfe2a\x1c2\0\0\xffe8\xffff\x686c\2\xd258J\x4e64\x29c4\xf2a0\e\xe918\xb548\xffd8\xffff\x6b76\n\22\0\xcf30J\1\0\1\0\x7244\x7669\x7265\x6144\x6574\0\0\0\xffe8\xffff4-9-2003\0\0\xffd8\xffff\x6b76\r\20\0\xcf70J\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xffe8\xffff3.3.8.0\0\0\0\xffe0\xffff\x6b76\6X\0\xd1f8J\1\0\1J\x7244\x7669\x7265J\xffd8\xffff\x6b76\20,\0\xcfd0J\1\0\1\0\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffd0\xffffpci\ven_10de&dev_01ec\0\x6268\x6e69\xd000J\x1000\0\0\0\0\0\0\0\0\0\0\0\xffd8\xffff\x6b76\nB\0\xd048J\1\0\1\0\x7244\x7669\x7265\x6544\x6373\0\0\0\xffb8\xffffNVIDIA nForce2 Memory Controller\0\0\xffd8\xffff\xde78\e\xde98\e\xce78J\xceb8J\xcf08J\xcf48J\xcfa8J\xd020J\0\0\xff98\xffff\x6b6e \x3a50\xd1b1\xb9b1\x1c7\0\0\xc320\24\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xbff8J\x39b8%\xffff\xffff\0\0\0\0\22\0N\0\0\0\25\0\x6370\x2369\x6576\x5f6e\x3031\x6564\x6426\x7665\x305f\x6531c\0\xffd8\xffff\x6b76\tN\0\xd148J\1\0\1\0\x6c43\x7361\x4773\x4955D\0\0\0\xffa8\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffa8\xffff\x6b6e \x9300\xd282\xb9b1\x1c7\0\0\xd340\23\0\0\0\0\xffff\xffff\xffff\xffff\b\0\xd538J\x39b8%\xffff\xffff\0\0\0\0 \0B\0\0\0\4\0\x3030\x3531\0\0\xffa0\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0015\0\0\0\xff98\xffff\x6b6e \x9300\xd282\xb9b1\x1c7\0\0\xb838\e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1288\b\xffff\xffff\0\0\0\0\0\0\0\0\0\0\21\0\x6544\x6976\x6563\x5020\x7261\x6d61\x7465\x7265s\0\0\0\xffe0\xffff\x6b76\a\22\0\xd2e0J\1\0\1\0\x6e49\x5066\x7461h\xffe8\xffffoem1.inf\0\0\xfff8\xffff\xd5c8J\xffd8\xffff\x6b76\n\16\0\xd328J\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xffe8\xffffNO_DRV\0\0\0\0\xffd8\xffff\x6b76\f\16\0\xd368J\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\0\0\xffe8\xffffNVIDIA\0\0\0\0\xffd8\xffff\x6b76\16\b\0\xd3a8J\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xfff0\xffff\xc000\xf6a6\xfe2a\x1c2\0\0\xffe8\xffff\x686c\2\xd700J\x4e64\x29c4\xf998\e\xe918\xb548\xffd8\xffff\x6b76\n\22\0\xd3f8J\1\0\1\0\x7244\x7669\x7265\x6144\x6574\0\0\0\xffe8\xffff4-9-2003\0\0\xffd8\xffff\x6b76\r\20\0\xd438J\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xffe8\xffff3.3.8.0\0\0\0\xffe0\xffff\x6b76\6X\0\xd6a0J\1\0\1J\x7244\x7669\x7265J\xffd8\xffff\x6b76\20,\0\xd498J\1\0\1\0\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffd0\xffffpci\ven_10de&dev_01ed\0\xffd8\xffff\x6b76\nB\0\xd4f0J\1\0\1\0\x7244\x7669\x7265\x6544\x6373\0\0\0\xffb8\xffffNVIDIA nForce2 Memory Controller\0\0\xffd8\xffff\xd2c0J\xd300J\xd340J\xd380J\xd3d0J\xd410J\xd470J\xd4c8J\0\0\xff98\xffff\x6b6e \xf7a0\xd297\xb9b1\x1c7\0\0\xc320\24\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd2f8J\x39b8%\xffff\xffff\0\0\0\0\22\0N\0\0\0\25\0\x6370\x2369\x6576\x5f6e\x3031\x6564\x6426\x7665\x305f\x6531d\0\xffd8\xffff\x6b76\tN\0\xd5f0J\1\0\1\0\x6c43\x7361\x4773\x4955D\0\0\0\xffa8\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffa8\xffff\x6b6e \x5eb0\xd36c\xb9b1\x1c7\0\0\xd340\23\0\0\0\0\xffff\xffff\xffff\xffff\b\0\xd9e0J\x39b8%\xffff\xffff\0\0\0\0 \0B\0\0\0\4\0\x3030\x3631\0\0\xffa0\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0016\0\0\0\xff98\xffff\x6b6e \x5eb0\xd36c\xb9b1\x1c7\0\0\xf370\e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1288\b\xffff\xffff\0\0\0\0\0\0\0\0\0\0\21\0\x6544\x6976\x6563\x5020\x7261\x6d61\x7465\x7265s\0\0\0\xffe0\xffff\x6b76\a\22\0\xd788J\1\0\1\0\x6e49\x5066\x7461h\xffe8\xffffoem1.inf\0\0\xfff8\xffff\xda70J\xffd8\xffff\x6b76\n\16\0\xd7d0J\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xffe8\xffffNO_DRV\0\0\0\0\xffd8\xffff\x6b76\f\16\0\xd810J\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\0\0\xffe8\xffffNVIDIA\0\0\0\0\xffd8\xffff\x6b76\16\b\0\xd850J\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xfff0\xffff\xc000\xf6a6\xfe2a\x1c2\0\0\xffe8\xffff\x686c\2\xdba8J\x4e64\x29c4\xc0\34\xe918\xb548\xffd8\xffff\x6b76\n\22\0\xd8a0J\1\0\1\0\x7244\x7669\x7265\x6144\x6574\0\0\0\xffe8\xffff4-9-2003\0\0\xffd8\xffff\x6b76\r\20\0\xd8e0J\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xffe8\xffff3.3.8.0\0\0\0\xffe0\xffff\x6b76\6X\0\xdb48J\1\0\1J\x7244\x7669\x7265J\xffd8\xffff\x6b76\20,\0\xd940J\1\0\1\0\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffd0\xffffpci\ven_10de&dev_01ee\0\xffd8\xffff\x6b76\nB\0\xd998J\1\0\1\0\x7244\x7669\x7265\x6544\x6373\0\0\0\xffb8\xffffNVIDIA nForce2 Memory Controller\0\0\xffd8\xffff\xd768J\xd7a8J\xd7e8J\xd828J\xd878J\xd8b8J\xd918J\xd970J\0\0\xff98\xffff\x6b6e \xa690\xd37b\xb9b1\x1c7\0\0\xc320\24\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd7a0J\x39b8%\xffff\xffff\0\0\0\0\22\0N\0\0\0\25\0\x6370\x2369\x6576\x5f6e\x3031\x6564\x6426\x7665\x305f\x6531e\0\xffd8\xffff\x6b76\tN\0\xda98J\1\0\1\0\x6c43\x7361\x4773\x4955D\0\0\0\xffa8\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffa8\xffff\x6b6e \x1c00\xd453\xb9b1\x1c7\0\0\xd340\23\0\0\0\0\xffff\xffff\xffff\xffff\b\0\xde88J\x39b8%\xffff\xffff\0\0\0\0 \0B\0\0\0\4\0\x3030\x3731\0\0\xffa0\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0017\0\0\0\xff98\xffff\x6b6e \x94d0\xd451\xb9b1\x1c7\0\0\xfa68\e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1288\b\xffff\xffff\0\0\0\0\0\0\0\0\0\0\21\0\x6544\x6976\x6563\x5020\x7261\x6d61\x7465\x7265s\0\0\0\xffe0\xffff\x6b76\a\22\0\xdc30J\1\0\1\0\x6e49\x5066\x7461h\xffe8\xffffoem1.inf\0\0\xfff8\xffff\xdf18J\xffd8\xffff\x6b76\n\16\0\xdc78J\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xffe8\xffffNO_DRV\0\0\0\0\xffd8\xffff\x6b76\f\16\0\xdcb8J\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\0\0\xffe8\xffffNVIDIA\0\0\0\0\xffd8\xffff\x6b76\16\b\0\xdcf8J\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xfff0\xffff\xc000\xf6a6\xfe2a\x1c2\0\0\xffe8\xffff\x686c\2\xe080J\x4e64\x29c4\x6c00\e\xe918\xb548\xffd8\xffff\x6b76\n\22\0\xdd48J\1\0\1\0\x7244\x7669\x7265\x6144\x6574\0\0\0\xffe8\xffff4-9-2003\0\0\xffd8\xffff\x6b76\r\20\0\xdd88J\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xffe8\xffff3.3.8.0\0\0\0\xffe0\xffff\x6b76\6X\0\xe020J\1\0\1J\x7244\x7669\x7265J\xffd8\xffff\x6b76\20,\0\xdde8J\1\0\1\0\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffd0\xffffpci\ven_10de&dev_01ef\0\xffd8\xffff\x6b76\nB\0\xde40J\1\0\1\0\x7244\x7669\x7265\x6544\x6373\0\0\0\xffb8\xffffNVIDIA nForce2 Memory Controller\0\0\xffd8\xffff\xdc10J\xdc50J\xdc90J\xdcd0J\xdd20J\xdd60J\xddc0J\xde18J\0\0\xff98\xffff\x6b6e \x7240\xd465\xb9b1\x1c7\0\0\xc320\24\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xdc48J\x39b8%\xffff\xffff\0\0\0\0\22\0N\0\0\0\25\0\x6370\x2369\x6576\x5f6e\x3031\x6564\x6426\x7665\x305f\x6531f\0\xffd8\xffff\x6b76\tN\0\xdf40J\1\0\1\0\x6c43\x7361\x4773\x4955D\0\0\0\xffa8\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffa8\xffff\x6b6e \x82c0\xd5af\xb9b1\x1c7\0\0\xd340\23\0\0\0\0\xffff\xffff\xffff\xffff\b\0\xe380J\x39b8%\xffff\xffff\0\0\0\0 \0H\0\0\0\4\0\x3030\x3233\0\0\xfff0\xffff\x8000\x3d98\xaef9\x1c3\0\0\x6268\x6e69\xe000J\x1000\0\0\0\0\0\0\0\0\0\0\0\xffa0\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0032\0\0\0\xff98\xffff\x6b6e \x82c0\xd5af\xb9b1\x1c7\0\0\x66e8\e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1288\b\xffff\xffff\0\0\0\0\0\0\0\0\0\0\21\0\x6544\x6976\x6563\x5020\x7261\x6d61\x7465\x7265s\0\0\0\xffe0\xffff\x6b76\a\22\0\xe108J\1\0\1\0\x6e49\x5066\x7461h\xffe8\xffffoem2.inf\0\0\xffd8\xffff\x6b76\n\16\0\xe148J\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xffe8\xffffNO_DRV\0\0\0\0\xffd8\xffff\x6b76\f\16\0\xe188J\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\0\0\xffe8\xffffNVIDIA\0\0\0\0\xffd8\xffff\x6b76\16\b\0\xdff0J\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xffe8\xffffNVIDIA\0J\xe1e0J\xffd8\xffff\x6b76\n\26\0\xe208J\1\0\1\0\x7244\x7669\x7265\x6144\x6574\0\0\0\xffe0\xffff11-20-2003\0\0\0\0\xffd8\xffff\x6b76\r\20\0\xe250J\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xffe8\xffff4.0.4.0\0\0\0\xffe0\xffff\x6b76\3\4\x8000!\0\4\0\1J\x6154g\x6bd8\e\xffe0\xffff\x6b76\3\16\0\xe1c8J\1\0\1\0\x664dg\0\0\xffd0\xffff\x6748\e\x67a0\e\x6820\e\x6848\e\x69b0\e\x6af0\e\x6b90\e\x6bb0\e\xdda0J\xe288J\0\0\xffd0\xffffpci\ven_10de&dev_0064\0\xffd8\xffff\x6b76\nH\0\xe330J\1\0\1\0\x7244\x7669\x7265\x6544\x6373\0\0\0\xffb0\xffffNVIDIA nForce PCI System Management\0\0\0\xffd8\xffff\xe0e8J\xe120J\xe160J\xe1a0J\xe1e0J\xe228J\x6bd8\e\xe308J\0\0\xffb0\xffffNVIDIA nForce PCI System Management\0\0\0\xff98\xffff\x6b6e \xd900\xd5c1\xb9b1\x1c7\0\0\xc320\24\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3a38\e\x39b8%\xffff\xffff\0\0\0\0\22\0N\0*\0\25\0\x6370\x2369\x6576\x5f6e\x3031\x6564\x6426\x7665\x305f\x36304\0\xffa8\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xff90\xffffc:\nvidia\nforcewin2kxp\5.10\ethernet\prenrm\winxp\0\0\0\0\xffc0\xffffNVIDIA® Kernel Synthesizer\0\0\xffd8\xffff\x6b76\f\x104\0\xe990J\1\0\1D\x7953\x626d\x6c6f\x6369\x694c\x6b6e25\xfff8\xffff\xe568J\xfff0\xffff\x686c\1\xbda0J\x4e64\x29c4\xfff8\xffff\xec60J\xff98\xffff\x6b6e \x14c0\xe58a\xb9b1\x1c7\0\0\x6e50\e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1288\b\xffff\xffff\0\0\0\0\0\0\0\0\0\0\21\0\x6544\x6976\x6563\x5020\x7261\x6d61\x7465\x7265s\0\0\0\xffb0\xffff\1\x9004\0\0\0\0\0\0\24\0\0024\2\0\0\24\0\x1000\x101\0\0\x500\22\0\0\30\0\x1000\x201\0\0\x500 \0\x220\0\0\0\xffd0\xffffNVIDIA Corporation\0\0\0\0\xffd0\xffffpci\ven_10de&dev_0065\0\xffa8\xffff\x6b6e \xb8b0\xe591\xb9b1\x1c7\0\0\xee38\35\1\0\0\0\xc570J\xffff\xffff\6\0\xe7f0J\x1e8\0\xffff\xffff\20\0\0\0\30\0<\0\xad\0\b\0\x766e\x7461\x6261\x7375\xffd8\xffff\x6b76\f\4\x8000\3\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffd8\xffff\x6b76\t<\0\xe770J\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffc0\xffffsystem32\DRIVERS\nvatabus.sys\0\xffe0\xffff\x6b76\5\34\0\xe7d0J\1\0\1\0\x7247\x756fp\0\xffe0\xffffSCSI Miniport\0\xffe0\xffff\x300\23\x3a0\23\xe720J\xe268J\xe748J\xe7b0J\0\0\xffa8\xffff\x6b6e \xb8b0\xe591\xb9b1\x1c7\0\0\xe6c8J\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc580J\x6c38\v\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\xe888J\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffa8\xffff\x6b6e \x1780\xe5c1\xb9b1\x1c7\0\0\x4bb0\37\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x1c8\23\x39b8%\xffff\xffff\0\0\0\0 \0\x9c\0k\0\b\0\x766e\x7461\x6261\x7375\xfef8\xffff\\?\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}\SAD13\0\xffb0\xffff{17CCA71B-ECD7-11D0-B908-00A0C9223196}\xffc8\xffffNVIDIA® DLS Synthesizer\0\xfff0\xffffwave1\0\xffe0\xffff\x6b76\5\f\0\xeb50J\1\0\1\0\x6c41\x6169s\0\xfff0\xffffmidi2\0\xffe0\xffff\x6b76\5\16\0\xeb80J\1\0\1\0\x6c41\x6169s\0\xffe8\xffffmixer1\0\0\0\0\xffe0\xffff\x6b76\6\1\x8000\0\0\3\0\1N\x6957\x4e6e\x6275S\xffe0\xffff\x6b76\6\b\0\xbf20J\3\0\1.\x6957\x426e\x6e75\0\xffe0\xffff\x6b76\6\b\0\xebf8J\3\0\1D\x6957\x526e\x6269\\xfff0\xffff\x1d5f\x2f29\x2bbc\x40e339\xffa8\xffff\x6b6e \xe0e0\xaf54\xb9b7\x1c7\0\0\x2c50B\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe5a8J\x39b8%\xffff\xffff\0\0\0\0\f\0,\0\0\0\a\0\x694c\x6b6e\x6761e\xffe0\xffff\x6b76\6,\0\xec80J\a\0\1V\x7845\x6f70\x74720\xffd0\xffffMSDTC Bridge 3.0.0.0\0\0\xffa8\xffff\x6b6e \x6810\xaf56\xb9b7\x1c7\0\0\x1c58B\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfeb0J\x39b8%\xffff\xffff\0\0\0\0\f\0<\0\0\0\a\0\x694c\x6b6e\x6761e\xffe8\xffff\x4020K\x8020K\xc020K L\x4020L\xffa8\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\xdd58I\0\0\0\0\xffff\xffff\xffff\xffff\a\0\xeee8J\x1e8\0\xffff\xffff\0\0\0\0\20\0\b\0\0\0\3\0\x4741P\0\0\xffd8\xffff\x6b76\16\b\0\x29f8\0\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xffd8\xffff\x6b76\n\22\0\x860I\1\0\1o\x7244\x7669\x7265\x6144\x6574\0\0\0\xffe8\xffff\x686c\2\xf1e0>\x2140&\xc458a\x2141&\xfff0\xffff\x2810\0\xa290e\?\xffa0\xffff\x6b6e \xac50\x8d8e\xb9c0\x1c7\0\0\xe5d0\30\0\0\0\0\xffff\xffff\xffff\xffff\3\0\xed50\36\x1e8\0\xffff\xffff\0\0\0\0\30\0\4\0\0\0\t\0\x6556\x7372\x6f69\x2d6e2\0\0\0\xffd8\xffff\x6b76\t\4\x80002\0\1\0\1\0\x6944\x6572\x7463\x726fy\0\0\0\xffd8\xffff\x6b76\f\4\x8000\2\0\4\0\1\0\x614d\x6f6a\x5672\x7265\x6973\x6e6f\0\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x694d\x6f6e\x5672\x7265\x6973\x6e6f\0\0\xffe0\xffff\x6b76\b\b\0\x7710>\3\0\1\0\x3335\x3333\x4338\x3031\xffe0\xffff\x28d8\32\x0fb07\x6310B\xded0I\xdfd0I\xeec8J\xef08J\xffe0\xffff\x6b76\b\b\0\x2d08@\3\0\1\0\x3335\x3333\x4338\x3231\xffa8\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\xdd58I\2\0\0\0\x15c8C\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff"\0\0\0\0\0\0\0\1\0\b\0\x7241\x6962\x6574\x7372\xffa0\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\xef28J\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x79d0@\x1e8\0\xffff\xffff\0\0\0\0\b\0\x468\0\0\0\17\0\x6c41\x6f6c\x6163\x6974\x6e6f\x724f\x6564r\xffe0\xffff\x6b76\3\x248\0\xda0K\n\0\1\6\x6350i\x7488\6\x6268\x6e69\xf000J\x1000\0\0\0\0\0\0\0\0\0\0\0\xf318\xffffnvatabus\0WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WgaNotify\0WGA\0W32Time\0vsdatant\0VolSnap\0viaide\0VgaSave\0USER32\0UPS\0ultra\0udfs\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0SMSvcHost 3.0.0.0\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RTL8023xp\0RSVP\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PrintFilterPipelineSvc\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0NVENET\0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0ndis\0Mup\0msfs\0MSDTC WS-AT Protocol\0MSDTC Gateway\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdclass\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK7\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0\0\0\xfef0\xffff\x108\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1\a\0\x100\0\0\0\0\0\0\0\x2f8\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x3b0\0\0\0\x3bb\0\0\0\x108\0\0\0\0\0\0\0\x3bc\0\0\0\x3be\0\0\0\x108\0\0\0\0\0\0\0\x3c0\0\0\0\x3df\0\0\0\x108\0\0\0\0\0\0\0\x3f8\0\0\0\x3ff\0\0\0\x300\0\0\0\0\0\0\0\0\n\0\0\xffff\v\0\0\x308\0\0\0\0\0\0\0\0\xfff0\0\0\xffff\xffff\0\0\0\0\xffe0\xffff\x6b76\4\26\0\xfe38J\1\0\1\6\x6f52\x746f\x7900\6\xffe0\xffffPCStandard\0\0\0\0\xffe0\xffff\x6b76\3\26\0\xfe78J\1\0\1\0\x6350i\0\0\xffe0\xffffPCStandard\0\0\0\0\xffe8\xffff\x6b76\0\2\x8000\0\0\1\0\0 \xfff8\xffff\xff90J\xffe0\xffff\x6b76\4\x468\0\x860K\n\0\1\6\x6f52\x746f\x75d0\6\xffd8\xffff\x6b76\n\x108\0\xfd08J\n\0\1\6\x4350\x7453\x6e61\x6164\x6472\6\x7f70\6\xfff8\xffff\x2fa0K\xffe8\xffff\x686c\2\xecb0J\x59b7\x9d4a\x1cc8B\x436\x3087\xff98\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\xef28J\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x2ef8K\x1e8\0\xffff\xffff\0\0\0\0*\0\x528\0\1\0\21\0\x6552\x6573\x7672\x6465\x6552\x6f73\x7275\x6563\x7973\6\x7900\6\xfff8\xffff\xfe98J\xffe0\xffff\x6b76\6<\0\xffb0J\a\0\1@\x7845\x6f70\x7472\0\xffc0\xffffServiceModelEndpoint 3.0.0.0\0\0\xfff8\xffff\x90K\xfff8\xffff\x150K\x6268\x6e69\0K\x1000\0\0\0\0\0\0\0\0\0\0\0\xffa8\xffff\x6b6e \x6810\xaf56\xb9b7\x1c7\0\0\xd858A\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfff0J\x39b8%\xffff\xffff\0\0\0\0\f\0>\0\0\0\a\0\x694c\x6b6e\x6761e\xffe8\xffff\x686c\2 K\x59b7\x9d4a\xd8c8A\x436\x3087\xffe0\xffff\x6b76\6>\0\xb0K\a\0\1\\x7845\x6f70\x7472W\xffb8\xffffServiceModelOperation 3.0.0.0\0\0DOW\xffa8\xffff\x6b6e \x6810\xaf56\xb9b7\x1c7\0\0\xd348A\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfff8J\x39b8%\xffff\xffff\0\0\0\0\f\0:\0\0\0\a\0\x694c\x6b6e\x6761e\xffe0\xffff\x6b76\6:\0\x170K\a\0\1p\x7845\x6f70\x7472s\xffc0\xffffServiceModelService 3.0.0.0\0\0M\xffa8\xffff\x6b6e \x6810\xaf56\xb9b7\x1c7\0\0\x0568B\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x1110B\x39b8%\xffff\xffff\0\0\0\0\f\0&\0\0\0\a\0\x694c\x6b6e\x6761e\xffa0\xffff\x6b6e \x4180\x8d5e\xb9b8\x1c7\0\0\x29d8\34\1\0\0\0\x748K\xffff\xffff\1\0\x6b8K\xe948\a\xffff\xffff\b\0\0\0\30\0\4\0,\0\f\0\x454c\x4147\x5943\x495f\x5344\x4356S\\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1T\x654e\x7478\x6e49\x7473\x6e61\x6563?\\xffa8\xffff\x6b6e \x4180\x8d5e\xb9b8\x1c7\0\0\x208K\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x438K\xe948\a\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030NV\xffe0\xffff\x6b76\a\f\0\x308K\1\0\1P\x6553\x7672\x6369e\xfff0\xffffidsvc\0\xffe0\xffff\x6b76\6\4\x8000\1\0\4\0\1A\x654c\x6167\x7963L\xffd8\xffff\x6b76\v\4\x8000\0\0\4\0\1p\x6f43\x666e\x6769\x6c46\x6761sll\xffe0\xffff\x6b76\5\32\0\x380K\1\0\1e\x6c43\x7361s\0\xffe0\xffffLegacyDriver\0\\xffe8\xffffWCEUSBS\0\0\0\xffd8\xffff\x6b76\tN\0\x3e0K\1\0\1i\x6c43\x7361\x4773\x4955Dp.e\xffa8\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0p\i\xffe0\xffff\x2e8K\x318K\x338K\x360K\x3b8K\xd50K\0\0\xffe8\xffff\x686c\2\x1b0K\x59b7\x9d4a\x05d0B\x436\x3087\xffd0\xffffSMSvcHost 3.0.0.0\0\0\0\0\0\xffa8\xffff\x6b6e \x6810\xaf56\xb9b7\x1c7\0\0\x78a8B\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x580K\x39b8%\xffff\xffff\0\0\0\0\f\0J\0\0\0\a\0\x694c\x6b6e\x6761e\xffe8\xffff\x686c\2\x4a0K\x59b7\x9d4a\x7920B\x436\x3087\xffe0\xffff\x6b76\6J\0\x530K\a\0\1\0\x7845\x6f70\x7472\0\xffb0\xffffWindows Workflow Foundation 3.0.0.0\0\0\0\xfff8\xffff\x510K\xffa0\xffff\x6b6e \x1650\xb649\xb9b7\x1c7\0\0\x29d8\34\1\0\0\0\x670K\xffff\xffff\1\0\x610K\xe948\a\xffff\xffff\b\0\0\0\30\0\4\0n\0\17\0\x454c\x4147\x5943\x575f\x494d\x5041\x5253V\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x654e\x7478\x6e49\x7473\x6e61\x6563\0\0\xfff8\xffff\x5e8K\xffa8\xffff\x6b6e \x1650\xb649\xb9b7\x1c7\0\0\x588K\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x840K\xe948\a\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030\0\0\xfff0\xffff\x686c\1\x618K\x2140&\xffe0\xffff\x6b76\a\22\0\x6a0K\1\0\1\0\x6553\x7672\x6369e\xffe8\xffffWmiApSrv\0\0\xfff8\xffff\x268K\xffe0\xffff\x6b76\6\4\x8000\1\0\4\0\1\0\x654c\x6167\x7963\0\xffd8\xffff\x6b76\v\4\x8000\0\0\4\0\1\0\x6f43\x666e\x6769\x6c46\x6761s\0\0\xffe0\xffff\x6b76\5\32\0\x728K\1\0\1\0\x6c43\x7361s\0\xffe0\xffffLegacyDriver\0\0\xfff0\xffff\x686c\1\x290K\x2140&\b\0\x1a68K\xffd8\xffff\x6b76\tN\0\x788K\1\0\1\0\x6c43\x7361\x4773\x4955D\0\0\0\xffa8\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\0\0\0\xffd8\xffff\x6b76\n2\0\x808K\1\0\1\0\x6544\x6976\x6563\x6544\x6373\0\0\0\xffc8\xffffCarte de performance WMI\0\0\xffe0\xffff\x680K\x6c0K\x6e0K\x708K\x760K\x7e0K\0\0\xfb90\xffff\x468\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1"\0\x100\0\0\0\0\0\0\0\x500\0\0\0\xffff\0\0\0\x108\0\0\0\0\0\0\0\x140\0\0\0\x17f\0\0\0\x108\0\0\0\0\0\0\0\x200\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x300\0\0\0\x36f\0\0\0\x108\0\0\0\0\0\0\0\x378\0\0\0\x37a\0\0\0\x108\0\0\0\0\0\0\0\x2e8\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x1f0\0\0\0\x1f8\0\0\0\x108\0\0\0\0\0\0\0\x3b0\0\0\0\x3cf\0\0\0\x108\0\0\0\0\0\0\0\x3e8\0\0\0\x3ff\0\0\0\x108\0\0\0\0\0\0\0\x1ce\0\0\0\x1cf\0\0\0\x108\0\0\0\0\0\0\0\x100\0\0\0\x3ff\0\0\0\x208\0\0\0\t\0\t\0\0\0\0\0\0\0\0\0\x208\0\0\0\b\0\b\0\0\0\0\0\0\0\0\0\x208\0\0\0\a\0\a\0\0\0\0\0\0\0\0\0\x208\0\0\0\v\0\v\0\0\0\0\0\0\0\0\0\x208\0\0\0\n\0\n\0\0\0\0\0\0\0\0\0\x208\0\0\0\2\0\2\0\0\0\0\0\0\0\0\0\x200\0\0\0\3\0\3\0\0\0\0\0\0\0\0\0\x208\0\0\0\5\0\5\0\0\0\0\0\0\0\0\0\x208\0\0\0\4\0\4\0\0\0\0\0\0\0\0\0\x208\0\0\0\17\0\17\0\0\0\0\0\0\0\0\0\x208\0\0\0\r\0\r\0\0\0\0\0\0\0\0\0\x208\0\0\0\16\0\16\0\0\0\0\0\0\0\0\0\x208\0\0\0\6\0\6\0\0\0\0\0\0\0\0\0\x208\0\0\0\f\0\f\0\0\0\0\0\0\0\0\0\x208\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\x300\0\0\0\0\0\0\0\0\20\0\0\xffff\xffff\0\0\x308\0\0\0\0\0\0\0\0\17\0\0\xffff\17\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\v\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\17\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\xffbf\0\0\x400\0\0\0\6\0\17\0\0\0\0\0\0\0\0\0\x408\0\0\0\3\0\4\0\0\0\0\0\0\0\0\0\x408\0\0\0\0\0\17\0\0\0\0\0\0\0\0\0\0\0\xffd8\xffff\x6b76\v\x528\0\x28b8K\n\0\1\6\x7242\x6b6f\x6e65\x6956\x6564o\x7530\6\xffd8\xffff\x6b76\r\x108\0\x2de8K\n\0\1\6\x7242\x6b6f\x6e65\x654d\x416d\x4674\x7638\6\xffd0\xffff\x6b76\25\x108\0\x3020K\n\0\1\6\x6147\x6574\x6177\x3979\x3035\x5730\x726f\x616b\x6f72\x6e75\x7764\6\xffd8\xffff\x6b76\n$\0\xd78K\1\0\1t\x6544\x6976\x6563\x6544\x6373e\0\0\xffd8\xffffWindows CardSpace\0\xfdb0\xffff\x248\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1\21\0\x100\0\0\0\0\0\0\0\0\1\0\0\xffff\xffff\0\0\x108\0\0\0\0\0\0\0\x500\0\0\0\xffff\0\0\0\x108\0\0\0\0\0\0\0\x140\0\0\0\x17f\0\0\0\x108\0\0\0\0\0\0\0\x200\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x300\0\0\0\x36f\0\0\0\x108\0\0\0\0\0\0\0\x378\0\0\0\x37a\0\0\0\x108\0\0\0\0\0\0\0\x2e8\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x1f0\0\0\0\x1f8\0\0\0\x108\0\0\0\0\0\0\0\x3b0\0\0\0\x3cf\0\0\0\x108\0\0\0\0\0\0\0\x3e8\0\0\0\x3ff\0\0\0\x108\0\0\0\0\0\0\0\x1ce\0\0\0\x1cf\0\0\0\x108\0\0\0\0\0\0\0\x100\0\0\0\x3ff\0\0\0\x300\0\0\0\0\0\0\0\0\20\0\0\xffff\xffff\0\0\x308\0\0\0\0\0\0\0\0\17\0\0\xffff\17\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\v\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\17\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\xffbf\0\0\0\0\xfff0\xffff.NT\0\0\0\x6268\x6e69\x1000K\x1000\0\0\0\0\0\0\0\0\0\0\0\xffc8\xffff\x6b76\31\x8e\0\x1058K\a\0\1\0\x6550\x646e\x6e69\x2067\x6552\x616e\x656d\x4f20\x6570\x6172\x6974\x6e6fs\0\0\0\xff68\xffffCurrentControlSet\Control\Session Manager\PendingFileRenameOperations\0\0\0\0\0\xffe0\xffff\x6b76\a\32\0\x1348K\1\0\1\0\x6e49\x4e66\x6d61e\xffd0\xffff\x6b76\24X\0\x1140K\a\0\1\0\x444c\x204d\x6f42\x746f\x4920\x666e\x726f\x616d\x6974\x6e6f\0\0\xffa0\xffffCurrentControlSet\Services\dmio\boot info\\0\0\0\0\xffd8\xffff\x6b76\r.\0\x11c8K\a\0\1\0\x6957\x646e\x776f\x2073\x6553\x7574p\0\xffc8\xffffSetup\SystemPartition\0\0\0\0\0\xffd8\xffff\x686c\3\x3130K\xedc6\x1fa7\x3208K\x4fd\xc4d4\x3d40K\x9c5c\xbb05\x11a0K\x1228K\xffd8\xffff\x6b76\17\x82\0\x1250K\a\0\1\0\x6553\x7373\x6f69\x206e\x614d\x616e\x6567r\xff78\xffffCurrentControlSet\Control\Session Manager\AllowProtectedRenames\0\0\0\xffd8\xffff\x6b76\17@\0\x1300K\a\0\1\0\x5341\x2052\x6e49\x6f66\x6d72\x7461\x6f69n\xffb8\xffffCurrentControlSet\Control\ASR\\0\0\0\0\xffe0\xffffbiosinfo.inf\0\0\xfff0\xffff\x686c\1\x16d0K\x2140&\xffc8\xffff\x6b76\31^\0\x13b0K\a\0\1\0\x6552\x6f6d\x6176\x6c62\x2065\x7453\x726f\x6761\x2065\x614d\x616e\x6567r\0\0\0\xff98\xffffCurrentControlSet\Control\NTMS\ImportDatabase\0\0\0\0\0\xffc8\xffff\x6b76\35H\0\x1450K\a\0\1\0\x444c\x204d\x6f42\x746f\x4920\x666e\x726f\x616d\x6974\x6e6f\x2820\x6d64\x6f62\x746f)\0\xffb0\xffffCurrentControlSet\Services\dmboot\\0\0\0\0\xffc8\xffff\x3b18K\x3b40K\x3e38K\x3e60K\x3ed0K\x1020K\x1110K\x11a0K\x1228K\x12d8K\x1378K\x1418K\0\0\xffa8\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\xdd58I\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xd1a0A\x1e8\0\xffff\xffff\0\0\0\0\34\0\32\0\3\0\b\0\x6942\x736f\x6e69\x6f66\xffd8\xffff\x6b76\16\22\0\x63d8A\1\0\1\0\x7953\x7473\x6d65\x6942\x736f\x6144\x6574\0\xff98\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\xdd58I\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\0\0\0\0\0\0\0\0\4\0\27\0\x6f42\x746f\x6556\x6972\x6966\x6163\x6974\x6e6f\x7250\x676f\x6172m\xffd8\xffff\x6b76\f\b\0\x7d0Q\1\0\1\0\x6f43\x706d\x7475\x7265\x614e\x656d\x73c0\0\xffe8\xffff\xe7d0[\xe818[\xe840[\xe868[\xe890[\xffa8\xffff\x6b6e \xe050\xddf4\x905f\x1c8\0\0\xdd58I4\0\0\0\xdc00P\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffffL\0\0\0\0\0\0\0\5\0\5\0\x6c43\x7361s\0\xff88\xffff\x6b6e \xe050\xddf4\x905f\x1c8\0\0\x1600K\1\0\0\0\x1368K\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\b\0\0\0\0\0\0\0\0\0&\0\x307b\x3936\x3932\x4338\x2d45\x4434\x3532\x332d\x3931\x2d44\x4139\x4134\x362d\x3333\x3341\x4f34\x4334\x3736\x7d35\xfcf3\xffa8\xffff\x6b6e \xe050\xddf4\x905f\x1c8\0\0\x1658K\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x418\0\x1e8\0\xffff\xffff\0\0\0\0\34\0\20\0\0\0\4\0\x3030\x3030\0\0\xff88\xffff\x6b6e \x4430\xfec4\xb98a\x1c7\0\0\x1600K\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x1868K\x2da0\0\xffff\xffff\0\0\0\0\34\0:\0\1\0&\0\x327b\x4435\x4342\x3545\x2d31\x4336\x4638\x342d\x3741\x2d32\x4138\x4436\x422d\x3435\x3243\x3442\x4346\x3338\x7d35\0\xffe0\xffff\x6b76\5\20\0\x3a0K\1\0\1\0\x6c43\x7361s\0\xffe8\xffff\x6b76\0:\0\x17d8K\1\0\0\0\xffc0\xffffP\xe9riph\xe9riques USB Windows CE\0\0\xffd8\xffff\x6b76\16\4\x80001\0\1\0\1\0\x6f4e\x6e49\x7473\x6c61\x436c\x616c\x7373\0\xffd8\xffff\x6b76\r\4\x80001\0\1\0\1\0\x6953\x656c\x746e\x6e49\x7473\x6c61l\0\xffe8\xffff\x17a0K\x17c0K\x1818K\x1840K\x1880K\xffe0\xffff\x6b76\4\b\0\x7980B\1\0\1\0\x6349\x6e6f\0\0\xffe8\xffffMicrosoft\0\xff88\xffff\x6b6e \xf900\xde2\x7585\x1c8\0\0\x1600K\22\0\0\0\xfca0\21\xffff\xffff\5\0\xe238\r\x2da0\0\xffff\xffff\b\0\0\0 \08\0\2\0&\0\x337b\x4636\x3943\x3645\x2d30\x3443\x3536\x312d\x4331\x2d46\x3038\x3635\x342d\x3434\x3535\x3533\x3034\x3030\x7d30\0\xffd8\xffff\x6b76\r\26\0\x1958K\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xffe0\xffff5.1.2600.0\0\x3832\x6264\x6337\xffd8\xffff\x6b76\20\34\0\x19a0K\1\0\1+\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffe0\xffffusb\composite\0\xffd8\xffff\xe0d0I\xe0f0I\xbec0J\xbee8J\xed78J\xeda0J\x1930K\x1978K\x2fc8K\xffc0\xffffP\xe9riph\xe9rique USB composite\0\0\0L\xffe0\xffff\x6b76\a\32\0\x1a48K\1\0\1_\x6e49\x5066\x7461h\xffe0\xffffusbprint.inf\0_(\0\x6b76\n\x170\0\x2e20M\a\0\1M\x6148\x6472\x6177\x6572\x4449\0\xd968'\xffa8\xffff\x6b6e \x8e50\x2702\xb98b\x1c7\0\0\x18b8K\0\0\0\0\xffff\xffff\xffff\xffff\r\0\x1e78K\x1e8\0\xffff\xffff\0\0\0\0*\0Z\0\0\0\4\0\x3030\x3030\0\0\xffd8\xffff\x6b76\0162\0\x1b10K\a\0\1\0\x6f43\x6e49\x7473\x6c61\x656c\x7372\x3233\0\xffc8\xffffhccoin.dll,HCCOIN_Entry\0\0\0\xffd8\xffff\x6b76\17P\0\x1b70K\1\0\1\0\x6e45\x6d75\x7250\x706f\x6150\x6567\x33732\xffa8\xffffusbui.dll,USBControllerPropPageProvider\0\0\0\xffd8\xffff\x6b76\n\1\x8000\1\0\3\0\1\0\x6f43\x746e\x6f72\x6c6c\x7265\0\0\0\xffe0\xffff\x6b76\a\30\0\x1c10K\1\0\1\0\x6e49\x5066\x7461h\xffe0\xffffusbport.inf\0\0\0\xffd8\xffff\x6b76\n\22\0\x1c58K\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xffe8\xffffEHCI.Dev\0\0\xffd8\xffff\x6b76\r\b\0\xdff0I\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\x7845t\0\xffe8\xffff6-1-2002\0\t\xfff8\xffff\x15c0K\xffd8\xffff\x6b76\f\24\0\x18a0K\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\0\0\xffd8\xffff\x6b76\16\b\0\x61b0J\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xffd8\xffff\x6b76\20\34\0\x1dd0K\1\0\1\5\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffd8\xffff\x6b76\n\22\0\x1c98K\1\0\1\0\x7244\x7669\x7265\x6144\x6574\0\0\0\xffd8\xffff\x6b76\r\26\0\x1d80K\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xffe0\xffff5.1.2600.0\0\0\0\0\xffd0\xffff\x6b76\25\4\x8000\0\0\4\0\1r\x6e45\x6449\x656c\x6e45\x7064\x696f\x746e\x7553\x7070\x726ft\0\xffe0\xffffpci\cc_0c0320\0\xffd8\xffff\x6b76\nZ\0\x1e18K\1\0\1\0\x7244\x7669\x7265\x6544\x6373\0\a\0\xffa0\xffffContr\xf4leur h\xf4te PCI vers USB standard \xe9tendu\0\0\xffc8\xffff\x1ae8K\x1b48K\x1bc8K\x1bf0K\x1c30K\x1c70K\x1cb8K\x1ce0K\x1d30K\x1d58K\x1d08K\x1df0K\x1da0K\xffa8\xffff\x6b6e \x4050\x2795\xb98b\x1c7\0\0\x18b8K\0\0\0\0\xffff\xffff\xffff\xffff\f\0\x8280L\x1e8\0\xffff\xffff\0\0\0\0*\0P\0\1\0\4\0\x3030\x3130\0\0\xffd8\xffff\x6b76\17P\0\x1f30K\1\0\1\xe208\x6e45\x6d75\x7250\x706f\x6150\x6567\x33732\xffa8\xffffusbui.dll,USBControllerPropPageProvider\0\0\0\xffd8\xffff\x6b76\n\1\x8000\1\0\3\0\1\t\x6f43\x746e\x6f72\x6c6c\x7265\t\xab98\t\xffe0\xffff\x6b76\a\30\0\x1fd0K\1\0\1\0\x6e49\x5066\x7461h\xffe0\xffffusbport.inf\0\0\0\xfff0\xffff\x8000\xc562\x1c0\x1c1\0\0\x6268\x6e69\x2000K\x1000\0\0\0\0\0\0\0\0\0\0\0\xf768\xffffFrontPage 4.0\0idsvc\0WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0Userinit\0Userenv\0System.ServiceModel.Install 3.0.0.0\0System.ServiceModel 3.0.0.0\0System.Runtime.Serialization 3.0.0.0\0System.IO.Log 3.0.0.0\0System.IdentityModel 3.0.0.0\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0ServiceModel Audit 3.0.0.0\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Offline Files\0Oakley\0ntbackup\0MSSQLSERVER/MSDE\0MsiInstaller\0MSDTC Client\0MSDTC\0mnmsrvc\0Microsoft.Transactions.Bridge 3.0.0.0\0Microsoft H.323 Telephony Service Provider\0Microsoft ® Visual C# 2005 Compiler\0LoadPerf\0HelpSvc\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0CardSpace 3.0.0.0\0AutoEnrollment\0Autochk\0ASP.NET 2.0.50727.0\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime Optimization Service\0.NET Runtime 2.0 Error Reporting\0.NET Runtime\0Application\0\0OMA\xfad0\xffff\x528\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1(\0\x100\0\0\0\0\0\0\0\x2ec\0\0\0\x2ef\0\0\0\x108\0\0\0\0\0\0\0\x2f8\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x3b0\0\0\0\x3bb\0\0\0\x108\0\0\0\0\0\0\0\x3c0\0\0\0\x3df\0\0\0\x108\0\0\0\0\0\0\0\x3bc\0\0\0\x3be\0\0\0\x108\0\0\0\0\0\0\0\x3f8\0\0\0\x3ff\0\0\0\x108\0\0\0\0\0\0\0\x42e8\0\0\0\x42ef\0\0\0\x108\0\0\0\0\0\0\0\x4ae8\0\0\0\x4aef\0\0\0\x108\0\0\0\0\0\0\0\x82e8\0\0\0\x82ef\0\0\0\x108\0\0\0\0\0\0\0\x86e8\0\0\0\x86ef\0\0\0\x108\0\0\0\0\0\0\0\x8ae8\0\0\0\x8aef\0\0\0\x108\0\0\0\0\0\0\0\x8ee8\0\0\0\x8eef\0\0\0\x108\0\0\0\0\0\0\0\x92e8\0\0\0\x92ef\0\0\0\x108\0\0\0\0\0\0\0\x96e8\0\0\0\x96ef\0\0\0\x108\0\0\0\0\0\0\0\x9ae8\0\0\0\x9aef\0\0\0\x108\0\0\0\0\0\0\0\x9ee8\0\0\0\x9eef\0\0\0\x108\0\0\0\0\0\0\0\xa2e8\0\0\0\xa2ef\0\0\0\x108\0\0\0\0\0\0\0\xa6e8\0\0\0\xa6ef\0\0\0\x108\0\0\0\0\0\0\0\xaae8\0\0\0\xaaef\0\0\0\x108\0\0\0\0\0\0\0\xaee8\0\0\0\xaeef\0\0\0\x108\0\0\0\0\0\0\0\xb6e8\0\0\0\xb6ef\0\0\0\x108\0\0\0\0\0\0\0\xbae8\0\0\0\xbaef\0\0\0\x108\0\0\0\0\0\0\0\xbee8\0\0\0\xbeef\0\0\0\x108\0\0\0\0\0\0\0\xc2e8\0\0\0\xc2ef\0\0\0\x108\0\0\0\0\0\0\0\xc6e8\0\0\0\xc6ef\0\0\0\x108\0\0\0\0\0\0\0\xcae8\0\0\0\xcaef\0\0\0\x108\0\0\0\0\0\0\0\xcee8\0\0\0\xceef\0\0\0\x108\0\0\0\0\0\0\0\xd2e8\0\0\0\xd2ef\0\0\0\x108\0\0\0\0\0\0\0\xd6e8\0\0\0\xd6ef\0\0\0\x108\0\0\0\0\0\0\0\xdae8\0\0\0\xdaef\0\0\0\x108\0\0\0\0\0\0\0\xdee8\0\0\0\xdeef\0\0\0\x108\0\0\0\0\0\0\0\xe2e8\0\0\0\xe2ef\0\0\0\x108\0\0\0\0\0\0\0\xe6e8\0\0\0\xe6ef\0\0\0\x108\0\0\0\0\0\0\0\xeae8\0\0\0\xeaef\0\0\0\x108\0\0\0\0\0\0\0\xeee8\0\0\0\xeeef\0\0\0\x108\0\0\0\0\0\0\0\xf6e8\0\0\0\xf6ef\0\0\0\x108\0\0\0\0\0\0\0\xfae8\0\0\0\xfaef\0\0\0\x108\0\0\0\0\0\0\0\xfee8\0\0\0\xfeef\0\0\0\x300\0\0\0\0\0\0\0\0\n\0\0\xffff\v\0\0\x308\0\0\0\0\0\0\0\0\xfff0\0\0\xffff\xffff\0\0\0\0\xfef0\xffff\x108\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1\a\0\x100\0\0\0\0\0\0\0\x2f8\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x3b0\0\0\0\x3bb\0\0\0\x108\0\0\0\0\0\0\0\x3bc\0\0\0\x3be\0\0\0\x108\0\0\0\0\0\0\0\x3c0\0\0\0\x3df\0\0\0\x108\0\0\0\0\0\0\0\x3f8\0\0\0\x3ff\0\0\0\x300\0\0\0\0\0\0\0\0\n\0\0\xffff\v\0\0\x308\0\0\0\0\0\0\0\0\xf800\0\0\xffff\xfbff\0\0\0\0\xffe0\xffff\xfed8J\xcd0K\xcf8K\xd20K\xfe18J\xfe58J~1\xffa0\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\xdd58I\3\0\0\0\x1200K\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff&\0\0\0\0\0\0\0\2\0\r\0\x6142\x6b63\x7075\x6552\x7473\x726fe\0(\0\x6b76\r4\0\x3770K\a\0\1S\x6f43\x706d\x7461\x6269\x656c\x4449s\\xffd8\xffff\x6b76\vf\0\x3198K\a\0\1\0\x6c50\x6775\x2620\x5020\x616cy\x56f8\0\xffd8\xffff\x6b76\n6\0\x19e8K\1\0\1}\x7244\x7669\x7265\x6544\x6373\0\x6b76\6\xfff0\xffff\x8000\xc562\x1c0\x1c1\0\0\x6268\x6e69\x3000K\x1000\0\0\0\0\0\0\0\0\0\0\0\xfef0\xffff\x108\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1\a\0\x100\0\0\0\0\0\0\0\x2f8\0\0\0\x2ff\0\0\0\x108\0\0\0\0\0\0\0\x3b0\0\0\0\x3bb\0\0\0\x108\0\0\0\0\0\0\0\x3bc\0\0\0\x3be\0\0\0\x108\0\0\0\0\0\0\0\x3c0\0\0\0\x3df\0\0\0\x108\0\0\0\0\0\0\0\x3f8\0\0\0\x3ff\0\0\0\x300\0\0\0\0\0\0\0\0\n\0\0\xffff\v\0\0\x308\0\0\0\0\0\0\0\0\xf000\0\0\xffff\xffff\0\0\0\0\xff98\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\x2f18K\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xff00J\x1e8\0\xffff\xffff\0\0\0\0\26\0f\0\0\0\23\0\x7341\x4b72\x7965\x4e73\x746f\x6f54\x6552\x7473\x726fe\0\0\xff90\xffffCurrentControlSet\Control\CriticalDeviceDatabase\\0\0\0\0\0\xffa0\xffff\x6b6e \x2e00\xf1dc\xbcb6\x1c7\0\0\x2f18K\0\0\0\0\xffff\xffff\xffff\xffff\25\0\x9f8I\x1e8\0\xffff\xffff\0\0\0\0L\0\xaa\0\1\0\20\0\x6946\x656c\x4e73\x746f\x6f54\x6142\x6b63\x7075\x90\0\x6b76\n4\0\x3290K\1\0\0013\x7244\x7669\x7265\x6544\x63733\x6b0838\0PSC 2350 series (DOT4USB)\0000\0\x3a80K\x3900K\x3ae8K\x3b88K\x3bb0K\x3c00K\x3c48K\x3c70K\x3cd8K\x3268Kai\xffe0\xffffusbstor.inf\0sV\xffd8\xffff\x6b76\n\32\0\x3340K\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6fB\x0d70B\xffe0\xffffUSBSTOR_BULK\0\n\xffd8\xffff\x6b76\r\b\0\x3bd0+\1\0\1\x6544\x6e49\x5366\x6365\x6974\x6e6f\x7845tS\xffe8\xffff7-1-2001\0\0\xffd8\xffff\x6b76\f\24\0\x33c8K\1\0\1e\x7250\x766f\x6469\x7265\x614e\x656d4)\xffe8\xffffMicrosoft\0\xffd8\xffff\x6b76\16\b\0\x2708+\3\0\1\x1c7\x7244\x7669\x7265\x6144\x6574\x6144\x6174\0\xffe0\xffffpsc printer\0\xcc88\\xffd8\xffff\x6b76\n\22\0\x3388K\1\0\1\xffff\x7244\x7669\x7265\x6144\x6574\0\0\0\xffd8\xffff\x6b76\r\26\0\x3478K\1\0\1\0\x7244\x7669\x7265\x6556\x7372\x6f69\xb96e\x1c7\xffe0\xffff5.1.2600.0\0\0\x0dd8B\xffe8\xffffDot4Print\0\xfff0\xffff\x99d0e\x99f8e\x9a20e\xffd8\xffff\x6b76\20B\0\x34e8K\1\0\0013\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffb8\xffffusb\class_08&subclass_06&prot_50\0C\xffd8\xffff\x6b76\nL\0\x3558K\1\0\1C\x7244\x7669\x7265\x6544\x6373\0PS\xffb0\xffffP\xe9riph\xe9rique de stockage de masse USB\0\xffd0\xffff\x3cb0K\x3c28K\x3318K\x3360K\x33a0K\x33e0K\x3428K\x3450K\x34c0K\x3530K\0\0\xffd8\xffff\x6b76\r\22\0\x0a40B\1\0\1\\x7244\x7669\x7265\x6556\x7372\x6f69\x476e\x4955\xffd8\xffff\x6b76\20J\0\x4950]\1\0\1\0\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffd8\xffff\x0c98B\x0cd0B\x09c8B\x09f0B\x7448H\x7470H\x35d8K\x3600K\x49a0]\xffe0\xffff\x6b76\5\24\0\x3498K\1\0\1\0\x6c43\x7361s\0\xffe8\xffff\x6b76\0H\0\x3688K\1\0\0\0\xffb0\xffffImprimantes compatibles IEEE 1284.4\0\0\0\xffe0\xffff\x6b76\4\6\0\x36f8K\1\0\1\0\x6349\x6e6f\0\0\xfff0\xffff-4\0\0\0\0\xffd8\xffff\x6b76\16\4\x80001\0\1\0\1\0\x6f4e\x6e49\x7473\x6c61\x436c\x616c\x7373\0\xffe8\xffff\x3650K\x3670K\x36d8K\x3708K\1\0\xffd8\xffff\x6b76\f\4\x8000\2\0\4\0\1i\x6552\x6461\x6f53\x6b63\x7465\x6449 rH\0USBSTOR\Disk\0USBSTOR\RAW\0\0\20\0\1\0\x6c43\x7361s\0\xffe0\xffff\x6b76\a\22\0\x63f84\1\0\1&\x6e49\x5066\x7461h\xfff0\xffff\x8000\xc562\x1c0\x1c1\0\0\xffd8\xffff\x6b76\n\34\0\x3810K\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xffe0\xffffUSBPRINT_Inst\0\xffd8\xffff\x6b76\r\b\0\x13d8*\1\0\1\r\x6e49\x5366\x6365\x6974\x6e6f\x7845t\0\xffd8\xffff\x6b76\f\24\0\x90c0A\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\xe918\xb548\30\0007-27-2006\0\xffd8\xffff\x6b76\16\b\0\xf9e8)\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\x696c\xffd8\xffff\x6b76\n\22\0\x38e8K\1\0\0010\x7244\x7669\x7265\x6144\x65740\0\6\xffe8\xffff7-1-2001\0\0 \0\x6b76\a\24\0\x39b0K\1\0\1C\x6e49\x5066\x7461h\xffd8\xffff\x6b76\r\26\0\x3948K\1\0\1H\x7244\x7669\x7265\x6556\x7372\x6f69n5\xffe0\xffff5.1.2600.0\0\x7672\x6369e\xffd8\xffff\x6b76\20\32\0\x3990K\1\0\0013\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449\xffe0\xffffusb\class_07\0\0 \0oem10.inf\0\b\0\x37b8K\xffe8\xffffOHCI.Dev\0\0\xffd8\xffff\x1a28K\x37e8K\x3830K\x3858K\x3898K\x38c0K\x3920K\x3968K\x3a10K\xffd8\xffff\x6b76\nB\0\x3a38K\1\0\1R\x7244\x7669\x7265\x6544\x6373\0\x6b76\a\xffb8\xffffPrise en charge d'impression USB\0\0\x98\0\x6b76\16<\0\x3aa8K\a\0\1\0\x6f43\x6e49\x7473\x6c61\x656c\x7372\x3233\x3332@\0HPZc3212.dll, ClassInstall32\0\0000\0\x6b76\n\26\0\x3b68K\1\0\1s\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\b\0\0\0\xffd8\xffff\x6b76\vf\0\x3da0K\a\0\1\0\x6c50\x6775\x2620\x5020\x616cy\0\0\xffd8\xffff\x6b76\r"\0\x3e10K\a\0\1\0\x6f4d\x6e75\x2074\x614d\x616e\x6567r\0\xc0\0D4Usb_Inst\0\x666e\x6769\x6c46(\0\x6b76\r\b\0\xe590*\1\0\1r\x6e49\x5366\x6365\x6974\x6e6f\x7845\x6b74\tP\0\x6b76\f \0\x3bd8K\1\0\1\x4955\x7250\x766f\x6469\x7265\x614e\x656d\x6b76\n(\0Hewlett-Packard\0Le(\0\x6b76\16\b\0\xdef8*\3\0\1s\x7244\x7669\x7265\x6144\x6574\x6144\x6174e\xffe0\xffff\x6b76\a\30\0\x32f8K\1\0\1n\x6e49\x5066\x7461hh\0\x6b76\n\24\0\x3880K\1\0\0012\x7244\x7669\x7265\x6144\x657418}@\0\x6b76\r\22\0\x3c98K\1\0\0014\x7244\x7669\x7265\x6556\x7372\x6f69n_\30\00010.1.1.3\0U\xffd8\xffff\x6b76\v\4\x8000\1\0\4\0\1p\x7244\x7669\x7265\x6c46\x6761s1&h\0\x6b76\208\0\x3d00K\1\0\0013\x614d\x6374\x6968\x676e\x6544\x6976\x6563\x6449@\0usb\vid_03f0&pid_4911&mi_02\0)\0\xffa0\xffff\x6b6e \x1910\xfebb\xb98a\x1c7\0\0\x2f18K\0\0\0\0\xffff\xffff\xffff\xffff\f\0\x14a0K\x1e8\0\xffff\xffff\0\0\0\0:\0\xe6\0\2\0\20\0\x654b\x7379\x6f4e\x5474\x526f\x7365\x6f74\x6572\xff90\xffffCurrentControlSet\Control\CriticalDeviceDatabase\\0\0\0\0\0\xffd8\xffffMountedDevices\\0\0\0\xffd8\xffff\x6b76\17\16\0\xecc8D\a\0\1\0\x6146\x6c75\x2074\x6f54\x656c\x6172\x636ee\xffd0\xffff\x6b76\22<\0\x3e90K\a\0\1\0\x6e49\x7473\x6c61\x656c\x2064\x6553\x7672\x6369\x7365\0\0\0\xffc0\xffffCurrentControlSet\Services\*\0\0\xffd0\xffff\x6b76\30\xe6\0\x3f00K\a\0\1\0\x6341\x6974\x6576\x4420\x7269\x6365\x6f74\x7972\x5220\x7365\x6f74\x6572\xff10\xffffCurrentControlSet\Services\NTDS\Restore In Progress\\0CurrentControlSet\Services\NTDS\Parameters\New Database GUID\0\0\0\0\0\xfff0\xffff.NT\0\0\0\x6268\x6e69\x4000K\x4000\0\0\0\0\0\0\0\0\0\0\0\xc020\xffff\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(4).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(5).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(2).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(2).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(6).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(11).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(7).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(12).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(.RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(9).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(10).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(11).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(12).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(13).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(14).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(15).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(16).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(17).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(18).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(19).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(20).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(21).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(22).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(23).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(24).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(25).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(26).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(27).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(28).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(29).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(30).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(31).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(32).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(33).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(34).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(35).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(36).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(37).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(38).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(13).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(14).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(39).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(40).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(41).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(15).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(42).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(43).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BA\0\0\x6268\x6e69\x8000K\x4000\0\0\0\0\0\0\0\0\0\0\0\xc020\xffffCKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(44).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(45).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(46).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(47).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(16).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(43).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(7).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(42).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(6).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(41).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(40).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(39).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(38).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(37).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(36).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(35).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(34).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(33).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(32).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(31).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(30).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(29).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(28).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(27).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(26).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(25).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(24).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(23).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(22).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(21).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(20).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(19).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(4).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(3).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(18).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(17).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(16).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(15).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(14).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(13).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(12).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(11).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(10).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(9).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(.RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(7).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(6).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(5).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(4).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(3).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(2).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(2).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(5).RDB\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\system32\wdmaud(4).drv\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\system32\nv4_disp(3).dll\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(2).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(3).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(2).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(48).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(49).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(50).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(51).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(52).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(53).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(4).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(4).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(54).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(55).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6\0\0\x6268\x6e69\xc000K\x4000\0\0\0\0\0\0\0\0\0\0\0\xc020\xffff172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(56).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(5).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(5).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(6).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(6).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(57).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(58).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(59).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(60).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(61).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(62).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(63).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(64).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\bu_tosave.rdb\0\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(7).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(17).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB(18).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\IAMDB.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(65).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(66).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(67).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(68).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(69).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(70).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(71).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(72).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(73).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(74).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(75).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(76).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(77).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(78).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(79).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(80).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(81).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(82).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(83).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP(84).RDB\0!\??\Volume{b5410c26-257b-11dc-8c54-806d6172696f}\WINDOWS\Internet Logs\BACKUP.RDB\0\??\V" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 118 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\WINDOWS\\system32\\^^^^^.exe"="C:\\WINDOWS\\system32\\^^^^^.exe:*:Enabled:Flash Media" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Tue 31 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Finished! et pour hijack..... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:21:26, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\manu\logiciels\protek\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader5.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6348 bytes la ligne F2 reste encore là..... comment faire! help!!!
-
aprés avoir eu un messxage sur msn "tav tof sur.." je ne sais pas quoi faire! j'ai scanné, rien de trouvé, avec hijack, la ligne f2 est détectée, mais impossible à retirer...que faire.... il sembleraiut que ce soit un vers..mais comment l'erradiquer.... hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:13:03, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe D:\manu\logiciels\protek\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader5.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6477 bytes
-
barre des taches et bureau disparus..voici mon hijack...
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
..le click droit ne fonctionne pas..et win+E...ouvre une barre de recherche... c'est po gagné.....mais merci qd meme!! -
barre des taches et bureau disparus..voici mon hijack...
geromanu a posté un sujet dans Analyses et éradication malwares
le bureau, les icone, barre des taches..hop disparu..! j'ai fait une réparation avec le cd xp...rien!! me rest à acceder par le gestionnaire des taches..mais galere galere.... alors voici mon hijack.. svp......!! Logfile of HijackThis v1.99.1 Scan saved at 21:11:19, on 25/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe D:\manu\logiciels\protek\hijackthis\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Casc'ADSL] C:\Program Files\Casc'ADSL\CascADSL.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sRFirstRun] rundll32 srclient.dll,CreateFirstRunRp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
salut charles... ben pr mon pc....j'ai rajouté une barrette de 512 et me voilà à 1 go mais ça rame..pourtant les réglages du bios sont bien en dual et tout...alors une fois de plus j'implore ton aide...grand maitre des entres du pc.... voilà ce que me dit la bete... Logfile of HijackThis v1.99.1 Scan saved at 12:32:52, on 30/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVComsX.exe D:\manu\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue.Com\PixVue\bin\PixVue.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: PixVue - C:\Program Files\PixVue.Com\PixVue\bin\WinLogon.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKService.exe O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKWCtl.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe voilà au fait joyeux noel ac retard.... et surment bonne année si on se reparle po d'ici là!!!!! -
merci bronson ça marche nickel.. je n'avais pas désinstallé la version 1.0.7 car bcp de mark page..et je ne me souvenais plus du repertoire à conserver..mais ça remarche!!!!encore merci!
-
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
voilà cé fait!! merci!!! Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 2170 series#1109887453.job -
bjr!! je viens d'installer la derniere version du renard... mais dés que je vais sur une page web, l'affichage tremble...et oui! pas trés pratique pour lire..on dirait canal sans décodeur!! l'ancienne version n'avait pas posé de pb, à oui....mon fai c'est aol.....mea culpa...! merci de votre aide!! gero!!
-
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
hello.. zorro and Co.................!!!! j'ai bien fait la manip, bon le rapport a été fait en mode normal.. bon j'ai merdé chef, les fameuses et trés utiles cases n'étaient po cochées.... voici donc le rapport dernier cru en mode normal car peu de tps pr aller en sans échec.. StartupList report, 02/12/2005, 00:15:16 StartupList version: 1.52.2 Started from : C:\Documents and Settings\taz\Bureau\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\ID-Blaster Plus\idblasterplus.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Fichiers communs\Aol\aoltpspd.exe C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe C:\Documents and Settings\taz\Bureau\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\taz\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe ID-Blaster Plus.lnk = C:\Program Files\ID-Blaster Plus\idblasterplus.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe Logitech Utility = Logi_MwX.Exe Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon DataLayer = C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe AVPCC = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: B3F6784F90B9E66B.job FRU Task #Hewlett-Packard#hp psc 2170 series#1109887453.job -------------------------------------------------- Enumerating Download Program Files: [{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}] CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab [{644E432F-49D3-41A1-8DD5-E099162EEEC5}] CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab [{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}] CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS): system32\DRIVERS\alcan5ln.sys (manual start) SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: system32\DRIVERS\amdk7.sys (system) AntiVir Service: "C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE" (manual start) AOL Connectivity Service: C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: system32\DRIVERS\arp1394.sys (manual start) Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) ATWPKT2: \??\C:\PROGRA~1\FICHIE~1\AOL\ACS\ATWPKT2.SYS (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) avgntdw: \??\C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS (manual start) AVP Control Centre Service: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (autostart) AntiVir Update: "C:\Program Files\AVPersonal\AVWUPSRV.EXE" (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Diskeeper: "C:\Program Files\Executive Software\DiskeeperLite\DKService.exe" (autostart) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) driverhardwarev2: \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys (manual start) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) Énumérateur de port jeu: system32\DRIVERS\gameenum.sys (manual start) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) iTouch Keyboard Filter: system32\DRIVERS\itchfltr.sys (manual start) KAV Monitor Service: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (autostart) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Klif: \??\C:\WINDOWS\system32\Drivers\klif.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Logitech HID/USB Mouse Filter Driver: system32\DRIVERS\LHidFlt2.Sys (manual start) Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Logitech Mouse Class Filter Driver: system32\DRIVERS\LMouFlt2.Sys (manual start) Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Pilote UART MIDI MPU-401 Microsoft: system32\drivers\msmpu401.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: system32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: system32\DRIVERS\nv4_mini.sys (manual start) Service for NVIDIA® nForce Audio Enumerator: system32\drivers\nvax.sys (manual start) NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENET.sys (manual start) Service for NVIDIA® nForce Audio: system32\drivers\nvapu.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) NVIDIA nForce AGP Bus Filter: system32\DRIVERS\nv_agp.sys (system) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleurs hôte IEEE 1394 compatible OHCI: system32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) PixVue: "C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe" (autostart) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) Logitech QuickCam Communicate: system32\DRIVERS\LVCM.sys (manual start) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) MAT Serial port driver: system32\DRIVERS\ser2pl.sys (manual start) Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Silicon Image SiI 3112 SATARaid Controller: system32\DRIVERS\SI3112r.sys (system) SATALink driver accelerator: system32\DRIVERS\SiWinAcc.sys (system) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{2B768AC4-9FAA-4D5A-95C8-827D2174473C} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Pilote miniport de contrôleur hôte ouvert USB Microsoft: system32\DRIVERS\usbohci.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (system) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 34 563 bytes Report generated in 0,156 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only encore merci...va peut etre falloir que zorro arrive chez moi...!! ciao!! -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
merci de ta réponse... voici le résultat du scan: --------------------------------------------------------- ewido security suite - Rapport de scan --------------------------------------------------------- + Créé le: 12:07:44, 30/11/2005 + Somme de contrôle: 35E8BE32 + Résultats du scan: HKU\S-1-5-21-1275210071-220523388-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Nettoyer et sauvegarder C:\Program Files\Spybot - Search & Destroy\Includes\Hosts.sbs -> Trojan.Qhost.ew : Nettoyer et sauvegarder D:\manu\logiciels\log humour\fovir\alcoholic.zip/Alcoholic.exe -> Not-A-Virus.Joke.CrazyMouse : Nettoyer et sauvegarder ::Fin du rapport et celui hijack à nouveau: Logfile of HijackThis v1.99.1 Scan saved at 12:08:49, on 30/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\taz\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue.Com\PixVue\bin\PixVue.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ID-Blaster Plus.lnk = C:\Program Files\ID-Blaster Plus\idblasterplus.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: PixVue - C:\Program Files\PixVue.Com\PixVue\bin\WinLogon.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe .... voilà je te souhaite bon courage et encore merci!!!! -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
Incident Status Location Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\FiveLiteCoolMeal\chicante.exe Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\FiveLiteCoolMeal\Lite Pile.exe Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\FiveLiteCoolMeal\LiteCast.exe Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\FiveLiteCoolMeal\Support Bits.exe Adware:Adware/Lop Not desinfected C:\Documents and Settings\taz\Application Data\OKAY FOR BUILD\gvpjwzvq.exe Adware:Adware/Lop Not desinfected C:\Program Files\Adverts\uninst.exe Virus:Eicar.Mod Renamed C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\eicar.html merci..... -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
oki oui rapor fait en ss echec! le scan va suivre! merci à toi -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
oki voilà.... multiples scan...antir et ce qui se fait on line. mon pc semble ramer et est lent pour démarrer et a aussi parfois un pb pour s'éteindre.... enfin voilà mon rapport et merci de ton aide!! Logfile of HijackThis v1.99.1 Scan saved at 23:37:09, on 29/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\taz\Bureau\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue.Com\PixVue\bin\PixVue.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ID-Blaster Plus.lnk = C:\Program Files\ID-Blaster Plus\idblasterplus.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: PixVue - C:\Program Files\PixVue.Com\PixVue\bin\WinLogon.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
hello..encore moi...ça recommence...alors je vai vous envoyer le raport sous peu... -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
merci à vous! mon systeme tourne impec! pr info j'utilise firefox, ad aware, spy and dest., spywareblaster.....un firewall, et kav! donc po trop de pb...à par quelques plantages ie, mais bon... encore merci à vous!!! -
help..mon pc rame....
geromanu a répondu à un(e) sujet de geromanu dans Analyses et éradication malwares
voilà c'est fait.... Logfile of HijackThis v1.99.1 Scan saved at 12:07:27, on 30/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\ID-Blaster Plus\idblasterplus.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Fichiers communs\Aol\aoltpspd.exe C:\Documents and Settings\taz\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue.Com\PixVue\bin\PixVue.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ID-Blaster Plus.lnk = C:\Program Files\ID-Blaster Plus\idblasterplus.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BB614386-EE5C-46D0-A45B-A95BB424E4DD}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: PixVue - C:\Program Files\PixVue.Com\PixVue\bin\WinLogon.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe je n'ai pas encore réinstallé msn 7 sans les sponsors.....