jeanphiphi

De plus maintenant Sophos Antivirus me dit : Troj/ConHook-AD détecté dans C:\WINDOWS\system32\catman.dll

FindAWF.exe ne termine pas car il part dans les lecteurs réseau. Il me crée un fichier awf.txt mais dans lequel il n'y a pas les accents. Quelqu'un peut-il m'aider ? (autre procédure...?) Merci

Mon rapport d'Avscan : c'est le 1er qui a trouvé qque-chose et l'a mis en quarantaine, les rapports ultérieurs ont été négatifs : AntiVir PersonalEdition Classic Report file date: mercredi 9 mai 2007 17:22 Scanning for 740715 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Computer name: W070551 Version information: BUILD.DAT : 244 14437 Bytes 16/04/2007 16:06:00 AVSCAN.EXE : 7.0.4.13 282664 Bytes 02/04/2007 08:36:45 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01 ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02 ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02 AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.12 274472 Bytes 27/03/2007 11:31:12 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 9 mai 2007 17:22 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned Scan process 'WUSER32.EXE' - '1' Module(s) have been scanned Scan process 'ICMON.EXE' - '1' Module(s) have been scanned Scan process 'DPScreen.exe' - '1' Module(s) have been scanned Scan process 'vmnat.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'DWRCST.EXE' - '1' Module(s) have been scanned Scan process 'SWUPDATE.EXE' - '1' Module(s) have been scanned Scan process 'SWEEPSRV.SYS' - '1' Module(s) have been scanned Scan process 'SWNETSUP.EXE' - '1' Module(s) have been scanned Scan process 'Pcmsvc32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'INV32CLI.EXE' - '1' Module(s) have been scanned Scan process 'DWRCS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '19' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\bibi\Local Settings\Temp\tmp26.tmp.exe [DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted [iNFO] The file was moved to '46b1e7e5.qua'! Begin scan in 'D:\' <Datas> D:\pagefile.sys [WARNING] The file could not be opened! End of the scan: jeudi 10 mai 2007 09:08 Used time: 15:45:24 min The scan has been canceled! 15396 Scanning directories 642685 Files were scanned 1 viruses and/or unwanted programs were found 0 classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 642684 Files not concerned 2705 Archives were scanned 2 Warnings 15 Notes 0 Hidden objects were found Le résultat de DiagHelp : DiagHelp version v1.07.4 - http://www.malekal.com excute le 10/05/2007 à 14:30:14,59 Liste des fichiers modifies/crees dans les 24 dernieres heures... C:\Config.Msi C:\Documents and Settings\All Users\Menu Démarrer\Programmes C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVir PersonalEdition Classic C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVir PersonalEdition Classic\AntiVir Help.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVir PersonalEdition Classic\AntiVir PersonalEdition Classic on the Internet.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVir PersonalEdition Classic\Start AntiVir PersonalEdition Classic.lnk C:\Documents and Settings\bibi C:\Documents and Settings\bibi\.housecall6.6 C:\Documents and Settings\bibi\.housecall6.6\8ball.txt C:\Documents and Settings\bibi\.housecall6.6\aucfg.ini C:\Documents and Settings\bibi\.housecall6.6\AU_Log C:\Documents and Settings\bibi\.housecall6.6\AU_Log\TempSave C:\Documents and Settings\bibi\.housecall6.6\AU_Log\TempSave\2296_3536 C:\Documents and Settings\bibi\.housecall6.6\AU_Log\TmuDump.txt C:\Documents and Settings\bibi\.housecall6.6\AU_Temp C:\Documents and Settings\bibi\.housecall6.6\ciussi32.dll C:\Documents and Settings\bibi\.housecall6.6\dsvout.dll C:\Documents and Settings\bibi\.housecall6.6\getMac.exe C:\Documents and Settings\bibi\.housecall6.6\jars C:\Documents and Settings\bibi\.housecall6.6\jsapi.dll C:\Documents and Settings\bibi\.housecall6.6\jupdate.dll C:\Documents and Settings\bibi\.housecall6.6\Licences C:\Documents and Settings\bibi\.housecall6.6\local.conf C:\Documents and Settings\bibi\.housecall6.6\log C:\Documents and Settings\bibi\.housecall6.6\log\engine0.log C:\Documents and Settings\bibi\.housecall6.6\log\engine0.log.lck C:\Documents and Settings\bibi\.housecall6.6\log\error0.log C:\Documents and Settings\bibi\.housecall6.6\log\error0.log.lck C:\Documents and Settings\bibi\.housecall6.6\log\execution0.log C:\Documents and Settings\bibi\.housecall6.6\log\execution0.log.lck C:\Documents and Settings\bibi\.housecall6.6\patch.exe C:\Documents and Settings\bibi\.housecall6.6\PATCHW32.DLL C:\Documents and Settings\bibi\.housecall6.6\Pattern C:\Documents and Settings\bibi\.housecall6.6\Quarantine C:\Documents and Settings\bibi\.housecall6.6\tmcomm.sys C:\Documents and Settings\bibi\.housecall6.6\TmEngDrv.dll C:\Documents and Settings\bibi\.housecall6.6\TmUpdate.dll C:\Documents and Settings\bibi\.housecall6.6\Update C:\Documents and Settings\bibi\.housecall6.6\usrbl.dat C:\Documents and Settings\bibi\.housecall6.6\usrwl.dat C:\Documents and Settings\bibi\.vpsuite_installation.xml C:\Documents and Settings\bibi\Bureau C:\Documents and Settings\bibi\Bureau\Raccourci vers jeanphiphi.exe.lnk C:\Documents and Settings\bibi\Cookies C:\Documents and Settings\bibi\Cookies\index.dat C:\Documents and Settings\bibi\Cookies\bibi@65.243.103[2].txt C:\Documents and Settings\bibi\Cookies\bibi@83.149.75[1].txt C:\Documents and Settings\bibi\Cookies\bibi@83.149.75[3].txt C:\Documents and Settings\bibi\Cookies\bibi@83.149.75[4].txt C:\Documents and Settings\bibi\Cookies\bibi@85.17.3[2].txt C:\Documents and Settings\bibi\Cookies\bibi@85.17.3[3].txt C:\Documents and Settings\bibi\Cookies\bibi@888[1].txt C:\Documents and Settings\bibi\Cookies\bibi@888[2].txt C:\Documents and Settings\bibi\Cookies\bibi@ad.yieldmanager[1].txt C:\Documents and Settings\bibi\Cookies\bibi@adrevolver[2].txt C:\Documents and Settings\bibi\Cookies\bibi@adrevolver[3].txt C:\Documents and Settings\bibi\Cookies\bibi@atdmt[2].txt C:\Documents and Settings\bibi\Cookies\bibi@banner.goldenpalace[2].txt C:\Documents and Settings\bibi\Cookies\bibi@bluestreak[1].txt C:\Documents and Settings\bibi\Cookies\bibi@broadcaster[1].txt C:\Documents and Settings\bibi\Cookies\bibi@cassava[1].txt C:\Documents and Settings\bibi\Cookies\bibi@cpvfeed[2].txt C:\Documents and Settings\bibi\Cookies\bibi@dc[1].txt C:\Documents and Settings\bibi\Cookies\bibi@dc[2].txt C:\Documents and Settings\bibi\Cookies\bibi@dc[3].txt C:\Documents and Settings\bibi\Cookies\bibi@de.trendmicro-europe[1].txt C:\Documents and Settings\bibi\Cookies\bibi@default[2].txt C:\Documents and Settings\bibi\Cookies\bibi@doubleclick[1].txt C:\Documents and Settings\bibi\Cookies\bibi@ehg-hollywoodmedia.hitbox[1].txt C:\Documents and Settings\bibi\Cookies\bibi@errorsafe[1].txt C:\Documents and Settings\bibi\Cookies\bibi@fastclick[1].txt C:\Documents and Settings\bibi\Cookies\bibi@fr.errorsafe[2].txt C:\Documents and Settings\bibi\Cookies\bibi@fr.trendmicro-europe[2].txt C:\Documents and Settings\bibi\Cookies\bibi@fr.winantivirus[1].txt C:\Documents and Settings\bibi\Cookies\bibi@goldenpalace[2].txt C:\Documents and Settings\bibi\Cookies\bibi@google[1].txt C:\Documents and Settings\bibi\Cookies\bibi@hitbox[1].txt C:\Documents and Settings\bibi\Cookies\bibi@hollywood[2].txt C:\Documents and Settings\bibi\Cookies\bibi@i2as.idregie[1].txt C:\Documents and Settings\bibi\Cookies\bibi@idregie[2].txt C:\Documents and Settings\bibi\Cookies\bibi@imiclk[2].txt C:\Documents and Settings\bibi\Cookies\bibi@indexstats[1].txt C:\Documents and Settings\bibi\Cookies\bibi@ismsyou[2].txt C:\Documents and Settings\bibi\Cookies\bibi@mail.yahoo[2].txt C:\Documents and Settings\bibi\Cookies\bibi@mail.yahoo[3].txt C:\Documents and Settings\bibi\Cookies\bibi@mail[1].txt C:\Documents and Settings\bibi\Cookies\bibi@mediaplex[1].txt C:\Documents and Settings\bibi\Cookies\bibi@movietickets[2].txt C:\Documents and Settings\bibi\Cookies\bibi@mysurvey4u[1].txt C:\Documents and Settings\bibi\Cookies\bibi@overture[2].txt C:\Documents and Settings\bibi\Cookies\bibi@pacificpoker[1].txt C:\Documents and Settings\bibi\Cookies\bibi@phpmv2[1].txt C:\Documents and Settings\bibi\Cookies\bibi@quantserve[1].txt C:\Documents and Settings\bibi\Cookies\bibi@questionmarket[2].txt C:\Documents and Settings\bibi\Cookies\bibi@redirect[1].txt C:\Documents and Settings\bibi\Cookies\bibi@smetsys[1].txt C:\Documents and Settings\bibi\Cookies\bibi@stats1.reliablestats[1].txt C:\Documents and Settings\bibi\Cookies\bibi@statse.webtrendslive[2].txt C:\Documents and Settings\bibi\Cookies\bibi@virusbuster[1].txt C:\Documents and Settings\bibi\Cookies\bibi@weborama[1].txt C:\Documents and Settings\bibi\Cookies\bibi@winantivirus[2].txt C:\Documents and Settings\bibi\Cookies\bibi@www.amaena[1].txt C:\Documents and Settings\bibi\Cookies\bibi@www.avira[1].txt C:\Documents and Settings\bibi\Cookies\bibi@www.clubic[1].txt C:\Documents and Settings\bibi\Cookies\bibi@www.errorsafe[1].txt C:\Documents and Settings\bibi\Cookies\bibi@www.movietickets[2].txt C:\Documents and Settings\bibi\Cookies\bibi@www.smartadserver[1].txt C:\Documents and Settings\bibi\Cookies\bibi@www.virusbuster[1].txt C:\Documents and Settings\bibi\Cookies\bibi@xiti[1].txt C:\Documents and Settings\bibi\Cookies\bibi@yahoo[2].txt C:\Documents and Settings\bibi\Cookies\bibi@zebulon[1].txt C:\Documents and Settings\bibi\Cookies\bibi@zedo[1].txt C:\Documents and Settings\bibi\Favoris C:\Documents and Settings\bibi\Favoris\Forums Zebulon.fr - Analyse rapports HijackThis, Eradication malwares.url C:\Documents and Settings\bibi\Favoris\Infection par HEUR-DBLEXT-Crypted - Forums Zebulon.fr.url C:\Documents and Settings\bibi\Favoris\TREND MICRO HouseCall 6.5.url C:\Documents and Settings\bibi\Favoris\Tutorial et Guide DiagHelp.url C:\Documents and Settings\bibi\intlname.ols C:\Documents and Settings\bibi\Local Settings\desktop.ini C:\Documents and Settings\bibi\Local Settings\Temp C:\Documents and Settings\bibi\Local Settings\Temp\.cleanup.tmp C:\Documents and Settings\bibi\Local Settings\Temp\.cleanup.tmp\remove.exe C:\Documents and Settings\bibi\Local Settings\Temp\bt1526.bat C:\Documents and Settings\bibi\Local Settings\Temp\del3.tmp C:\Documents and Settings\bibi\Local Settings\Temp\ExchangePerflog_8484fa31e34b2cbecfcccd43.dat C:\Documents and Settings\bibi\Local Settings\Temp\fla13.tmp C:\Documents and Settings\bibi\Local Settings\Temp\hsperfdata_bibi C:\Documents and Settings\bibi\Local Settings\Temp\hsperfdata_bibi\1844 C:\Documents and Settings\bibi\Local Settings\Temp\i4j46017.exe C:\Documents and Settings\bibi\Local Settings\Temp\java_install_reg.log C:\Documents and Settings\bibi\Local Settings\Temp\persistent_state C:\Documents and Settings\bibi\Local Settings\Temp\platform C:\Documents and Settings\bibi\Local Settings\Temp\psuninst.log C:\Documents and Settings\bibi\Local Settings\Temp\RarSFX0 C:\Documents and Settings\bibi\Local Settings\Temp\removefiles.txttemp C:\Documents and Settings\bibi\Local Settings\Temp\_ZCTmp.Dir C:\Documents and Settings\bibi\Local Settings\Temp\_ZCTmp.Dir\_ZC000.TMP C:\Documents and Settings\bibi\Local Settings\Temp\~DF9B7A.tmp C:\Documents and Settings\bibi\Local Settings\Temp\~DFF99B.tmp C:\Documents and Settings\bibi\Local Settings\Temp\~nsu.tmp C:\Documents and Settings\bibi\Local Settings\Temp\~WRD0002.doc C:\Documents and Settings\bibi\Menu Démarrer\Programmes C:\Documents and Settings\bibi\Mes documents C:\Documents and Settings\bibi\Mes documents\antivir.doc C:\Documents and Settings\bibi\Mes documents\Avira.doc C:\Documents and Settings\bibi\Mes documents\AVSCAN-20070509-172237-76FD8427.LOG C:\Documents and Settings\bibi\Mes documents\awf.txt C:\Documents and Settings\bibi\Mes documents\diaghelp C:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp C:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\chercher.cmd C:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\go.cmd C:\Documents and Settings\bibi\Mes documents\DiagHelp.zip C:\Documents and Settings\bibi\Mes documents\dir.txt C:\Documents and Settings\bibi\Mes documents\FindAWF.exe C:\Documents and Settings\bibi\Mes documents\hijackthis.zip C:\Documents and Settings\bibi\Mes documents\locate.com C:\Documents and Settings\bibi\Mes documents\Mes images C:\Documents and Settings\bibi\Mes documents\Mes images\mal_packer.JPG C:\Documents and Settings\bibi\Mes documents\Mes images\Thumbs.db C:\Documents and Settings\bibi\Mes documents\Mes images\troj_agentEKY.JPG C:\Documents and Settings\bibi\Mes documents\Mes images\virus.JPG C:\Documents and Settings\bibi\Mes documents\virus_heur_dblext.txt C:\Documents and Settings\bibi\NTUSER.DAT C:\Documents and Settings\bibi\ntuser.ini C:\Documents and Settings\bibi\UserData\index.dat C:\Documents and Settings\LocalService\Cookies\index.dat C:\Documents and Settings\LocalService\Local Settings\desktop.ini C:\Documents and Settings\LocalService\NTUSER.DAT C:\Documents and Settings\LocalService\ntuser.dat.LOG C:\Documents and Settings\NetworkService\Local Settings\desktop.ini C:\Documents and Settings\NetworkService\Local Settings\Temp C:\Documents and Settings\NetworkService\NTUSER.DAT C:\Documents and Settings\NetworkService\ntuser.dat.LOG C:\Documents and Settings\Srv-pcmsvc32\Local Settings\desktop.ini C:\Documents and Settings\Srv-pcmsvc32\NTUSER.DAT C:\Documents and Settings\Srv-pcmsvc32\ntuser.dat.LOG C:\Documents and Settings\Srv-Sophos\Local Settings\desktop.ini C:\Documents and Settings\Srv-Sophos\NTUSER.DAT C:\Documents and Settings\Srv-Sophos\ntuser.dat.LOG C:\Documents and Settings\Srv-Sophos\ntuser.ini C:\pagefile.sys C:\pcmsvc\logs C:\pcmsvc\logs\pacman.log C:\pcmsvc\logs\pacman.lo_ C:\Program Files C:\Program Files\AntiVir PersonalEdition Classic C:\Program Files\EasyZip\favorites.dat C:\Program Files\EasyZip\UNINST.INF C:\Program Files\Fichiers communs C:\Program Files\Fichiers communs\Java C:\Program Files\Fichiers communs\Java\Update C:\Program Files\Fichiers communs\Java\Update\Base Images C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64 C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05 C:\Program Files\Hijackthis C:\Program Files\Hijackthis\backups C:\Program Files\Hijackthis\backups\backup-20070510-111730-340 C:\Program Files\Hijackthis\backups\backup-20070510-111730-560 C:\Program Files\Hijackthis\backups\backup-20070510-111730-735 C:\Program Files\Hijackthis\backups\backup-20070510-111730-830 C:\Program Files\Hijackthis\backups\backup-20070510-111730-830.dll C:\Program Files\Hijackthis\backups\backup-20070510-114934-306 C:\Program Files\Hijackthis\backups\backup-20070510-114934-410 C:\Program Files\Hijackthis\hijackthis.log C:\Program Files\Hijackthis\hijackthis.zip C:\Program Files\Hijackthis\hijackthis01.log C:\Program Files\Hijackthis\hijackthis02.log C:\Program Files\Java C:\Program Files\Java\jre1.5.0_06 C:\Program Files\Java\jre1.5.0_06\bin C:\Program Files\Java\jre1.5.0_06\bin\client C:\Program Files\Java\jre1.5.0_06\bin\client\classes.jsa C:\Program Files\Java\jre1.5.0_06\bin\client\Xusage.txt C:\Program Files\Java\jre1.5.0_06\bin\unicows.dll C:\Program Files\Java\jre1.5.0_06\lib C:\Program Files\Java\jre1.5.0_06\lib\applet C:\Program Files\Java\jre1.5.0_06\lib\classlist C:\Program Files\Java\jre1.5.0_06\lib\cmm C:\Program Files\Java\jre1.5.0_06\lib\cmm\CIEXYZ.pf C:\Program Files\Java\jre1.5.0_06\lib\cmm\GRAY.pf C:\Program Files\Java\jre1.5.0_06\lib\cmm\LINEAR_RGB.pf C:\Program Files\Java\jre1.5.0_06\lib\cmm\sRGB.pf C:\Program Files\Java\jre1.5.0_06\lib\content-types.properties C:\Program Files\Java\jre1.5.0_06\lib\ext C:\Program Files\Java\jre1.5.0_06\lib\flavormap.properties C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.98.bfc C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.98.properties.src C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.bfc C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.Me.bfc C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.Me.properties.src C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.properties.src C:\Program Files\Java\jre1.5.0_06\lib\fonts C:\Program Files\Java\jre1.5.0_06\lib\fonts\LucidaSansRegular.ttf C:\Program Files\Java\jre1.5.0_06\lib\i386 C:\Program Files\Java\jre1.5.0_06\lib\i386\jvm.cfg C:\Program Files\Java\jre1.5.0_06\lib\im C:\Program Files\Java\jre1.5.0_06\lib\images C:\Program Files\Java\jre1.5.0_06\lib\images\cursors C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\cursors.properties C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\invalid32x32.gif C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_CopyDrop32x32.gif C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_LinkDrop32x32.gif C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_MoveDrop32x32.gif C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Program Files\Java\jre1.5.0_06\lib\javaws C:\Program Files\Java\jre1.5.0_06\lib\javaws\miniSplash.jpg C:\Program Files\Java\jre1.5.0_06\lib\jvm.hprof.txt C:\Program Files\Java\jre1.5.0_06\lib\logging.properties C:\Program Files\Java\jre1.5.0_06\lib\management C:\Program Files\Java\jre1.5.0_06\lib\management\jmxremote.access C:\Program Files\Java\jre1.5.0_06\lib\management\jmxremote.password.template C:\Program Files\Java\jre1.5.0_06\lib\management\management.properties C:\Program Files\Java\jre1.5.0_06\lib\management\snmp.acl.template C:\Program Files\Java\jre1.5.0_06\lib\net.properties C:\Program Files\Java\jre1.5.0_06\lib\psfont.properties.ja C:\Program Files\Java\jre1.5.0_06\lib\psfontj2d.properties C:\Program Files\Java\jre1.5.0_06\lib\security C:\Program Files\Java\jre1.5.0_06\lib\security\java.policy C:\Program Files\Java\jre1.5.0_06\lib\security\java.security C:\Program Files\Java\jre1.5.0_06\lib\security\javaws.policy C:\Program Files\Java\jre1.5.0_06\lib\security\local_policy.jar C:\Program Files\Java\jre1.5.0_06\lib\security\US_export_policy.jar C:\Program Files\Java\jre1.5.0_06\lib\sound.properties C:\Program Files\Java\jre1.5.0_06\lib\tzmappings C:\Program Files\Java\jre1.5.0_06\lib\zi C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Abidjan C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Accra C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Addis_Ababa C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Algiers C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Asmera C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bamako C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bangui C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Banjul C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bissau C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Blantyre C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Brazzaville C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bujumbura C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Cairo C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Casablanca C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Ceuta C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Conakry C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Dakar C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Dar_es_Salaam C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Djibouti C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Douala C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\El_Aaiun C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Freetown C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Gaborone C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Harare C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Johannesburg C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Kampala C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Khartoum C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Kigali C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Kinshasa C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lagos C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Libreville C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lome C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Luanda C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lubumbashi C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lusaka C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Malabo C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Maputo C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Maseru C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Mbabane C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Mogadishu C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Monrovia C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Nairobi C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Ndjamena C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Niamey C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Nouakchott C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Ouagadougou C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Porto-Novo C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Sao_Tome C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Tripoli C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Windhoek C:\Program Files\Java\jre1.5.0_06\lib\zi\America C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Anguilla C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Antigua C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Araguaina C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Aruba C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Bahia C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Barbados C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Belem C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Belize C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Boa_Vista C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Bogota C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cambridge_Bay C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cancun C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Caracas C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cayenne C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cayman C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Chihuahua C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Costa_Rica C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Curacao C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Danmarkshavn C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Dawson C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Dawson_Creek C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Dominica C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Edmonton C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Eirunepe C:\Program Files\Java\jre1.5.0_06\lib\zi\America\El_Salvador C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Fortaleza C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Glace_Bay C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Godthab C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Goose_Bay C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Grand_Turk C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Grenada C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guadeloupe C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guatemala C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guayaquil C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guyana C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Halifax C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Hermosillo C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Indiana C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Inuvik C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Iqaluit C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Jamaica C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Kentucky C:\Program Files\Java\jre1.5.0_06\lib\zi\America\La_Paz C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Maceio C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Manaus C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Martinique C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Mazatlan C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Merida C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Mexico_City C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Miquelon C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Monterrey C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Montreal C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Montserrat C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Nassau C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Nipigon C:\Program Files\Java\jre1.5.0_06\lib\zi\America\North_Dakota C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Panama C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Pangnirtung C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Paramaribo C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Phoenix C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Porto_Velho C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Port_of_Spain C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Puerto_Rico C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Rainy_River C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Rankin_Inlet C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Recife C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Regina C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Rio_Branco C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Santiago C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Santo_Domingo C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Scoresbysund C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Johns C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Kitts C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Lucia C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Thomas C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Vincent C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Swift_Current C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Tegucigalpa C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Thule C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Tijuana C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Tortola C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Vancouver C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Whitehorse C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Winnipeg C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Yellowknife C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Casey C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Davis C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\DumontDUrville C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Mawson C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\McMurdo C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Palmer C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Rothera C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Syowa C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Vostok C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Aden C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Amman C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Anadyr C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Ashgabat C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Baghdad C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Bahrain C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Bangkok C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Beirut C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Bishkek C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Brunei C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Calcutta C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Chongqing C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Colombo C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Damascus C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dhaka C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dili C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dubai C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dushanbe C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Gaza C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Harbin C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Hong_Kong C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Irkutsk C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Jakarta C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Jayapura C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kabul C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kamchatka C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Karachi C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kashgar C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Katmandu C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Krasnoyarsk C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kuwait C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Macau C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Magadan C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Makassar C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Manila C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Muscat C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Nicosia C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Novosibirsk C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Omsk C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Phnom_Penh C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Pontianak C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Pyongyang C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Qatar C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Rangoon C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Saigon C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Sakhalin C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Samarkand C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Seoul C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Shanghai C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Taipei C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Tashkent C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Thimphu C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Urumqi C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Vientiane C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Vladivostok C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Yakutsk C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Yekaterinburg C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Yerevan C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Azores C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Bermuda C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Canary C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Cape_Verde C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Faeroe C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Madeira C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Reykjavik C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\South_Georgia C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Stanley C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\St_Helena C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Brisbane C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Darwin C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Lindeman C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Perth C:\Program Files\Java\jre1.5.0_06\lib\zi\CET C:\Program Files\Java\jre1.5.0_06\lib\zi\EET C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+1 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+10 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+11 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+12 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+2 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+3 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+4 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+5 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+6 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+7 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+8 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+9 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-1 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-10 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-11 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-12 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-13 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-14 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-2 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-3 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-4 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-5 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-6 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-7 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-8 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-9 C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\UCT C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\UTC C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Amsterdam C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Andorra C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Athens C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Belgrade C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Berlin C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Brussels C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Bucharest C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Budapest C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Chisinau C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Copenhagen C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Dublin C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Gibraltar C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Helsinki C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Istanbul C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Kaliningrad C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Kiev C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Lisbon C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\London C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Luxembourg C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Madrid C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Malta C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Minsk C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Monaco C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Moscow C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Oslo C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Paris C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Prague C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Riga C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Rome C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Samara C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Simferopol C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Sofia C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Stockholm C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Tallinn C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Tirane C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Uzhgorod C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Vaduz C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Vienna C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Vilnius C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Zaporozhye C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Zurich C:\Program Files\Java\jre1.5.0_06\lib\zi\GMT C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Antananarivo C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Christmas C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Cocos C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Comoro C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Kerguelen C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Mahe C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Maldives C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Mauritius C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Mayotte C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Reunion C:\Program Files\Java\jre1.5.0_06\lib\zi\MET C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Apia C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Auckland C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Chatham C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Easter C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Efate C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Enderbury C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Fakaofo C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Fiji C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Funafuti C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Galapagos C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Gambier C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Guadalcanal C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Guam C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Honolulu C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Johnston C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Kiritimati C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Kosrae C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Kwajalein C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Majuro C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Marquesas C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Midway C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Nauru C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Niue C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Norfolk C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Noumea C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Pago_Pago C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Palau C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Pitcairn C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Ponape C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Port_Moresby C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Rarotonga C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Saipan C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Tahiti C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Tarawa C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Tongatapu C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Truk C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Wake C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Wallis C:\Program Files\Java\jre1.5.0_06\lib\zi\WET C:\Program Files\Java\jre1.5.0_06\PATCH.ERR C:\Program Files\Java\jre1.5.0_11 C:\Program Files\Java\jre1.5.0_11\bin C:\Program Files\Organic\DPScreen\dpscreen.ini C:\Program Files\Organic\DPScreen\TEMP\dpscreen.ini C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\ALIASES.TXT C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\BISADM.FLT C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\BIS_DEV C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\BIS_DEV\BISADM C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\BIS_DEV\BISADM.TBL C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\BIS_DEV\Projects.Lst C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\CONNECTIONS.INI C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\desktops.xml C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\PARAMS.TXT C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\plsqlkeys.bin C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\plsqlopts.txt C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\plsqlsub.txt C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\REVWORDS.TXT C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\SAVEDSQL.xml C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\SBFilterHist.xml C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\SQLFILES.TXT C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\templates.xml C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\Toad.ini C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\ToadDebug.txt C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\TOADMONITORS.INI C:\Program Files\Quest Software\Toad for Oracle FREEWARE\User Files\TOAD_GUI.INI C:\Program Files\Sophos SWEEP for NT C:\Program Files\Sophos SWEEP for NT\Reports\bibi.REP C:\Program Files\VisualParadigm Suite 2.2 C:\Program Files\VisualParadigm Suite 2.2\bin C:\Program Files\VisualParadigm Suite 2.2\bin\vpuml C:\Program Files\VisualParadigm Suite 2.2\shapes C:\Program Files\VisualParadigm Suite 2.2\shapes\default C:\Program Files\Winamp C:\Program Files\Zero G Registry C:\Program Files\Zero G Registry\.com.zerog.registry.xml C:\sauvegarde_pc_NT4\Thumbs.db C:\sauvegarde_sgd_refonte C:\SMS.INI C:\temp C:\Thumbs.db C:\WINDOWS C:\WINDOWS.log C:\WINDOWS\bootstat.dat C:\WINDOWS\CSC000001 C:\WINDOWS\Debug\PASSWD.LOG C:\WINDOWS\Debug\UserMode C:\WINDOWS\ntbtlog.txt C:\WINDOWS\pchealth\helpctr\DataColl C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13006.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13008.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13010.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13012.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13014.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13016.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13017.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13018.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13020.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13022.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13024.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13026.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13027.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13028.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13030.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13032.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13033.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13034.xml C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_13035.xml C:\WINDOWS\pchealth\helpctr\DataColl\history_db.xml C:\WINDOWS\SchedLgU.Txt C:\WINDOWS\setupact.log C:\WINDOWS\setuperr.log C:\WINDOWS\Sti_Trace.log C:\WINDOWS\system32 C:\WINDOWS\system32\drivers C:\WINDOWS\system32\jupdate-1.5.0_06-b05.log C:\WINDOWS\system32\spool\PRINTERS C:\WINDOWS\system32\tmp22.tmp.dll C:\WINDOWS\system32\tmp4.tmp.dll C:\WINDOWS\Tasks\SA.DAT C:\WINDOWS\Temp C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat C:\WINDOWS\Temp\Upd2E.tmp C:\WINDOWS\Temp\Upd2F.tmp C:\WINDOWS\wiadebug.log C:\WINDOWS\wiaservc.log C:\WINDOWS\WindowsUpdate.log Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\avipbb.sys -->20/03/2007 09:55:45 C:\WINDOWS\System32/drivers\ssmdrv.sys -->01/03/2007 10:34:36 C:\WINDOWS\System32/drivers\avgntdd.sys -->27/02/2007 15:18:30 C:\WINDOWS\System32/drivers\avgntmgr.sys -->22/11/2006 14:30:31 C:\WINDOWS\System32/drivers\PxHelp20.sys -->25/08/2006 05:47:00 C:\WINDOWS\System32/drivers\cdralw2k.sys -->19/05/2006 23:16:24 C:\WINDOWS\System32/drivers\cdr4_xp.sys -->19/05/2006 23:16:24 C:\WINDOWS\System32\catman.dns -->10/05/2007 15:02:03 C:\WINDOWS\System32\tmp22.tmp.dll -->09/05/2007 16:40:56 C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->09/05/2007 16:25:49 C:\WINDOWS\System32\tmp4.tmp.dll -->09/05/2007 16:10:22 C:\WINDOWS\System32\wpa.dbl -->09/05/2007 13:59:12 C:\WINDOWS\System32\tmp77.tmp.dll -->09/05/2007 11:24:51 C:\WINDOWS\System32\tmp70.tmp.dll -->08/05/2007 13:49:33 C:\WINDOWS\System32\catman.dll -->03/05/2007 23:13:27 C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log -->10/04/2007 09:07:23 C:\WINDOWS\System32\perfh00C.dat -->26/03/2007 14:15:01 C:\WINDOWS\System32\perfh009.dat -->26/03/2007 14:15:01 C:\WINDOWS\System32\perfc00C.dat -->26/03/2007 14:15:01 C:\WINDOWS\System32\perfc009.dat -->26/03/2007 14:15:00 C:\WINDOWS\System32\PerfStringBackup.INI -->26/03/2007 14:14:59 C:\WINDOWS\System32\DWRCSAccess.log -->26/02/2007 15:17:35 C:\WINDOWS\System32\vxblock.dll -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxwave.dll -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxsfs.dll -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxmas.dll -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxinsi64.exe -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxinsa64.exe -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxhpinst.exe -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxdrv.dll -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxcpya64.exe -->25/08/2006 05:47:00 C:\WINDOWS\System32\pxafs.dll -->25/08/2006 05:47:00 C:\WINDOWS.log -->10/05/2007 11:12:12 C:\WINDOWS\bootstat.dat -->10/05/2007 11:10:32 C:\WINDOWS\WindowsUpdate.log -->10/05/2007 11:09:25 C:\WINDOWS\setuperr.log -->10/05/2007 09:36:45 C:\WINDOWS\setupact.log -->10/05/2007 09:36:45 C:\WINDOWS\ntbtlog.txt -->10/05/2007 09:34:33 C:\WINDOWS\SchedLgU.Txt -->10/05/2007 09:29:53 C:\WINDOWS\wiadebug.log -->10/05/2007 09:29:50 C:\WINDOWS\wiaservc.log -->09/05/2007 16:16:47 C:\WINDOWS\Sti_Trace.log -->09/05/2007 16:16:47 C:\WINDOWS\uedit32.INI -->03/05/2007 15:12:13 C:\WINDOWS\win.ini -->17/04/2007 14:22:48 C:\WINDOWS\OPLM.INI -->26/02/2007 16:27:05 C:\WINDOWS\CPC10Q.INI -->15/02/2007 12:40:14 C:\WINDOWS\wininit.ini -->22/01/2007 12:03:04 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4CD9-1DC5 Répertoire de C:\WINDOWS\system32 05/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 7 514 574 848 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4CD9-1DC5 Répertoire de C:\WINDOWS\Downloaded Program Files 17/02/2006 12:08 <REP> . 17/02/2006 12:08 <REP> .. 02/02/2006 10:43 65 desktop.ini 17/02/2006 12:08 320 504 Spider80.ocx 2 fichier(s) 320 569 octets Total des fichiers listés : 2 fichier(s) 320 569 octets 2 Rép(s) 7 514 574 848 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues C:\WINDOWS\system32\bak existe Possible infection Trojan.Lowzone.SV C:\Program Files\Java\jre1.5.0_06\bin\bak existe Possible infection Trojan.Lowzone.SV catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-10 15:03:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Liste des programmes installes 7-Zip 4.32 Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe SVG Viewer 3.0 Affinity 32 Analyseur et SDK MSXML 4.0 SP2 Analyseur MSXML 6.0 ATI Display Driver Avira AntiVir PersonalEdition Classic Borland C++Builder 5 CCleaner (remove only) DameWare Mini Remote Control DPScreen V2 EasyZip EscapeE Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) GTK+ 2.8.18-1 runtime environment HijackThis 1.99.1 IBM WebSphere Studio Application Developer 5.1.2 InterBase IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft MSDN 2005 Express - FRA Microsoft MSDN 2005 Express Edition - FRA Microsoft Office Professional Edition 2003 Microsoft Office Visio Professional 2003 Microsoft Platform SDK (3790.1830) Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Express - FRA Microsoft Visual C++ 2005 Express Edition - FRA Microsoft Visual SourceSafe V5.0 Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA MSXML - XML Validation IE Extention MSXML - XSL Output IE Extention Oxlays Client PDFCreator PDFCreator 0.8.0 RealPlayer Servant Salamander 2.5 beta 4 Sophos Anti-Virus version 4.16.0 The GIMP 2.2.13 Toad for Oracle Freeware VisiBroker for Cpp 4.0 VMware Workstation VTD8 WebFldrs XP Windows Installer 3.1 (KB893803) XManager 1.3.9 ZipCentral Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4CD9-1DC5 Répertoire de C:\Program Files 10/05/2007 11:22 <REP> . 10/05/2007 11:22 <REP> .. 21/02/2006 11:58 <REP> 7-Zip 02/02/2006 12:08 <REP> Adobe 09/05/2007 17:20 <REP> AntiVir PersonalEdition Classic 21/02/2006 15:45 <REP> Borland 11/04/2006 17:34 <REP> Bouml 20/03/2007 18:19 <REP> CCleaner 21/02/2006 15:56 <REP> ComPlus Applications 16/03/2006 10:11 <REP> Crimson Editor 03/02/2006 11:32 <REP> DameWare Development 21/02/2006 11:56 <REP> EasyZip 09/05/2007 16:25 <REP> Fichiers communs 04/12/2006 18:31 <REP> GIMP-2.0 13/09/2006 10:16 <REP> Google 10/05/2007 11:48 <REP> Hijackthis 21/02/2006 15:54 <REP> Inprise 21/02/2006 15:55 <REP> InterBase Corp 17/02/2006 12:49 <REP> Internet Explorer 17/02/2006 11:05 <REP> IrfanView 09/05/2007 16:25 <REP> Java 21/02/2006 16:01 <REP> JustZIPit 21/02/2007 11:13 <REP> Messenger 02/02/2006 10:45 <REP> microsoft frontpage 20/02/2006 16:27 <REP> Microsoft Office 20/02/2006 16:24 <REP> Microsoft Platform SDK 17/02/2006 15:13 <REP> Microsoft SQL Server 20/02/2006 16:23 <REP> Microsoft Visual Studio .NET 2003 17/02/2006 15:07 <REP> Microsoft Visual Studio 8 17/02/2006 15:11 <REP> Microsoft.NET 02/02/2006 10:42 <REP> Movie Maker 22/01/2007 12:03 <REP> Mozilla Firefox 02/02/2006 10:40 <REP> MSN 02/02/2006 10:41 <REP> MSN Gaming Zone 22/03/2006 11:09 <REP> MSXML 4.0 02/02/2006 10:42 <REP> NetMeeting 02/02/2006 10:41 <REP> Online Services 02/02/2006 12:20 <REP> Oracle 02/02/2006 12:18 <REP> Organic 02/02/2006 10:42 <REP> Outlook Express 02/02/2006 12:17 <REP> PDFCreator 11/04/2006 15:19 <REP> Quest Software 17/08/2006 14:48 <REP> Real 03/02/2006 13:00 <REP> REDTITAN 02/02/2006 12:18 <REP> Robocopy 21/02/2006 12:03 <REP> Salamander 02/02/2006 10:43 <REP> Services en ligne 07/08/2006 09:07 <REP> SolidDocuments 10/05/2007 11:12 <REP> Sophos SWEEP for NT 05/03/2007 11:16 <REP> Spybot - Search & Destroy 24/02/2006 16:30 <REP> UltraEdit 10/05/2007 11:26 <REP> VisualParadigm Suite 2.2 03/02/2006 11:43 <REP> VMware 10/05/2007 11:24 <REP> Winamp 02/02/2006 10:45 <REP> Windows Media Player 02/02/2006 10:41 <REP> Windows NT 02/02/2006 10:45 <REP> xerox 01/03/2006 11:40 <REP> XManager 1.3.9 02/02/2006 12:19 <REP> ZipCentral 0 fichier(s) 0 octets 59 Rép(s) 7 514 357 760 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4CD9-1DC5 Répertoire de C:\Program Files\fichiers communs 09/05/2007 16:25 <REP> . 09/05/2007 16:25 <REP> .. 07/04/2006 10:44 <REP> Adobe 21/02/2006 15:49 <REP> Borland Shared 02/02/2006 12:21 <REP> DESIGNER 04/12/2006 18:17 <REP> GTK 11/04/2006 17:33 <REP> InstallShield 09/05/2007 16:25 <REP> Java 17/02/2006 12:08 <REP> Mercury Interactive 17/02/2006 15:04 <REP> Merge Modules 20/02/2006 16:23 <REP> Microsoft Shared 02/02/2006 10:42 <REP> MSSoap 02/02/2006 11:30 <REP> ODBC 17/08/2006 14:48 <REP> Real 02/02/2006 10:42 <REP> Services 02/02/2006 11:30 <REP> SpeechEngines 02/02/2006 12:13 <REP> System 17/08/2006 14:48 <REP> xing shared 0 fichier(s) 0 octets 18 Rép(s) 7 514 357 760 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4CD9-1DC5 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 02/02/2006 12:22 <REP> . 02/02/2006 12:22 <REP> .. 02/02/2006 12:21 <REP> 1033 02/02/2006 12:21 <REP> 1036 11/07/2003 11:15 1 292 872 MSONSEXT.DLL 15/07/2003 07:52 35 896 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 11/07/2003 03:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 7 514 357 760 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4CD9-1DC5 Répertoire de C:\ 08/05/2007 11:48 68 096 diff.exe 26/02/2007 15:05 151 696 FxSasser.exe 08/05/2007 11:48 103 424 grep.exe 3 fichier(s) 323 216 octets 0 Rép(s) 7 514 357 760 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4CD9-1DC5 Répertoire de C:\ c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\Setup.exe c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\components\50comupd.exe c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\components\InstMsiA.Exe c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\components\InstMsiW.Exe c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\components\msaardk.exe c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\components\msxml3sp1.exe c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\solidconverterpdf\setup.exe c:\Documents and Settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\bibi\SolidSFX_Data\solidconverterpdf\solidconvertersetuppdf.exe c:\Documents and Settings\bibi\.housecall6.6\getMac.exe c:\Documents and Settings\bibi\.housecall6.6\patch.exe c:\Documents and Settings\bibi\Local Settings\Temp\i4j46017.exe c:\Documents and Settings\bibi\Local Settings\Temp\.cleanup.tmp\remove.exe c:\Documents and Settings\bibi\Local Settings\Temp\~nsu.tmp\Au_.exe c:\Documents and Settings\bibi\Mes documents\dbvis_windows_5_1_1.exe c:\Documents and Settings\bibi\Mes documents\FindAWF.exe c:\Documents and Settings\bibi\Mes documents\jre-1_5_0_11-windows-i586-p-iftw.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\catchme.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\diff.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\dumphive.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\find2.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\Fport.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\grep.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\LFiles.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\pslist.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\streams.exe c:\Documents and Settings\bibi\Mes documents\diaghelp\DiagHelp\swreg.exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\Setup.exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\components\50comupd.exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\components\InstMsiA.Exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\components\InstMsiW.Exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\components\msaardk.exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\components\msxml3sp1.exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\solidconverterpdf\setup.exe c:\Program Files\SolidDocuments\installer\solidconverterpdf\solidconverterpdf\solidconvertersetuppdf.exe Liste des drivers... < Service Pack 2 5 10 2007 15:19:16.500 < Pilote charg' \WINDOWS\system32\ntkrnlpa.exe < Pilote charg' \WINDOWS\system32\hal.dll < Pilote charg' \WINDOWS\system32\KDCOM.DLL < Pilote charg' \WINDOWS\system32\BOOTVID.dll < Pilote charg' ACPI.sys < Pilote charg' \WINDOWS\system32\DRIVERS\WMILIB.SYS < Pilote charg' pci.sys < Pilote charg' isapnp.sys < Pilote charg' pciide.sys < Pilote charg' \WINDOWS\system32\DRIVERS\PCIIDEX.SYS < Pilote charg' MountMgr.sys < Pilote charg' ftdisk.sys < Pilote charg' dmload.sys < Pilote charg' dmio.sys < Pilote charg' PartMgr.sys < Pilote charg' VolSnap.sys < Pilote charg' atapi.sys < Pilote charg' disk.sys < Pilote charg' \WINDOWS\system32\DRIVERS\CLASSPNP.SYS < Pilote charg' fltMgr.sys < Pilote charg' sr.sys < Pilote charg' PxHelp20.sys < Pilote charg' KSecDD.sys < Pilote charg' Ntfs.sys < Pilote charg' NDIS.sys < Pilote charg' Mup.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ati2mtag.sys < Pilote charg' \SystemRoot\system32\DRIVERS\usbohci.sys < Pilote charg' \SystemRoot\system32\DRIVERS\usbehci.sys < Pilote charg' \SystemRoot\system32\DRIVERS\cdrom.sys < Pilote charg' \SystemRoot\system32\DRIVERS\redbook.sys < Pilote charg' \SystemRoot\system32\DRIVERS\serial.sys < Pilote charg' \SystemRoot\system32\DRIVERS\serenum.sys < Pilote charg' \SystemRoot\system32\DRIVERS\fdc.sys < Pilote charg' \SystemRoot\system32\DRIVERS\parport.sys < Pilote charg' \SystemRoot\system32\DRIVERS\i8042prt.sys < Pilote charg' \SystemRoot\system32\DRIVERS\mouclass.sys < Pilote charg' \SystemRoot\system32\DRIVERS\Rtlnicxp.sys < Pilote charg' \SystemRoot\system32\drivers\ALCXWDM.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\processr.sys < Pilote charg' \SystemRoot\system32\DRIVERS\audstub.sys < Pilote charg' \SystemRoot\system32\DRIVERS\rasl2tp.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ndistapi.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ndiswan.sys < Pilote charg' \SystemRoot\system32\DRIVERS\raspppoe.sys < Pilote charg' \SystemRoot\system32\DRIVERS\raspptp.sys < Pilote charg' \SystemRoot\system32\DRIVERS\msgpc.sys < Pilote charg' \SystemRoot\system32\DRIVERS\psched.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ptilink.sys < Pilote charg' \SystemRoot\system32\DRIVERS\raspti.sys < Pilote charg' \SystemRoot\system32\DRIVERS\rdpdr.sys < Pilote charg' \SystemRoot\system32\DRIVERS\termdd.sys < Pilote charg' \SystemRoot\system32\DRIVERS\kbdclass.sys < Pilote charg' \SystemRoot\system32\DRIVERS\swenum.sys < Pilote charg' \SystemRoot\system32\DRIVERS\update.sys < Pilote charg' \SystemRoot\system32\DRIVERS\mssmbios.sys < Pilote charg' \SystemRoot\system32\DRIVERS\vmnetadapter.sys < Pilote charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\usbhub.sys < Pilote charg' \SystemRoot\system32\DRIVERS\flpydisk.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\lbrtfdc.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Sfloppy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\i2omgmt.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Changer.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Cdaudio.SYS < Pilote charg' \SystemRoot\System32\Drivers\Fs_Rec.SYS < Pilote charg' \SystemRoot\System32\Drivers\Null.SYS < Pilote charg' \SystemRoot\System32\Drivers\Beep.SYS < Le pilote n'a pas 't' charg' \SystemRoot\system32\DRIVERS\kbdhid.sys < Pilote charg' \SystemRoot\System32\drivers\vga.sys < Pilote charg' \SystemRoot\System32\Drivers\mnmdd.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\RDPCDD.sys < Pilote charg' \SystemRoot\System32\Drivers\Msfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\Npfs.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\rasacd.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ipsec.sys < Pilote charg' \SystemRoot\system32\DRIVERS\tcpip.sys < Pilote charg' \SystemRoot\system32\DRIVERS\netbt.sys < Pilote charg' \SystemRoot\System32\drivers\afd.sys < Pilote charg' \SystemRoot\system32\DRIVERS\netbios.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\PCIDump.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\rdbss.sys < Pilote charg' \SystemRoot\system32\DRIVERS\mrxsmb.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\DRIVERS\imapi.sys < Pilote charg' \SystemRoot\system32\DRIVERS\hidusb.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ipnat.sys < Pilote charg' \SystemRoot\system32\DRIVERS\wanarp.sys < Pilote charg' \SystemRoot\System32\Drivers\Fips.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\avipbb.sys < Pilote charg' \SystemRoot\system32\DRIVERS\kbdhid.sys < Pilote charg' \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys < Pilote charg' \SystemRoot\System32\Drivers\Cdfs.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\vmnetbridge.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ndisuio.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\DRIVERS\rdbss.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\DRIVERS\mrxsmb.sys < Pilote charg' \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys < Pilote charg' \SystemRoot\system32\DRIVERS\mrxdav.sys < Pilote charg' \??\C:\WINDOWS\system32\Drivers\hcmon.sys < Pilote charg' \??\C:\WINDOWS\system32\Drivers\VMparport.sys < Pilote charg' \??\C:\WINDOWS\system32\Drivers\vmx86.sys < Pilote charg' \SystemRoot\system32\DRIVERS\srv.sys < Pilote charg' \SystemRoot\system32\drivers\wdmaud.sys < Pilote charg' \SystemRoot\system32\drivers\sysaudio.sys < Pilote charg' \SystemRoot\system32\drivers\splitter.sys < Pilote charg' \SystemRoot\system32\drivers\aec.sys < Pilote charg' \SystemRoot\system32\drivers\swmidi.sys < Pilote charg' \SystemRoot\system32\drivers\DMusic.sys < Pilote charg' \SystemRoot\system32\drivers\kmixer.sys < Pilote charg' \SystemRoot\system32\drivers\drmkaud.sys < Pilote charg' \SystemRoot\System32\drivers\vmnetuserif.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\DRIVERS\ipnat.sys Je lance FindAWF.exe mais il ne termine jamais (peut-être que je n'attends pas assez longtemps...) Je l'ai relancé et je vais attendre une réponse, mais est-ce qu'avant ça tu peux voir qque-chose ? Merci pour ton aide en tout cas. JP

Bonjour, voici mon rapport Hijackthis pour le trojan HEUR-DBLEXT/Crypted Quelqu'un peut-il m'aider ? Merci, je n'arrive pas à m'en débarrasser... J'ai déjà passé Antivir en mode sans échec. Logfile of HijackThis v1.99.1 Scan saved at 11:37:08, on 10/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\WINDOWS\INV32CLI.EXE C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\vmnat.exe C:\WINDOWS\WUSER32.EXE C:\WINDOWS\System32\vmnetdhcp.exe C:\WINDOWS\SYSTEM32\DWRCST.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Organic\DPScreen\DPScreen.exe C:\Program Files\Sophos SWEEP for NT\ICMON.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\jeanphiphi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s070110.informatique.organic.intra/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://s070110.informatique.organic.intra R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par le RSI R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.organic.intra:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dqi.net;*.canam.net;*.intra;projet-rsi.cancava.fr;10.*.*.*;180.*.*.*;192.168.*.*;172.16.*.*;172.17.*.*;130.*.*.*;127.0.0.1;suni*.canam.fr;annu93*;*.le-rsi.net;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: (no name) - {73c997ca-7ba4-48bb-9645-7d5cd41d7599} - C:\WINDOWS\system32\catman.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Direct Print Screen.lnk = C:\Program Files\Organic\DPScreen\DPScreen.exe O4 - Global Startup: DWRC.bat O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Validate XML - C:\WINDOWS\web\msxmlval.htm O8 - Extra context menu item: View XSL Output - C:\WINDOWS\web\msxmlvw.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://s070110.informatique.organic.intra O15 - Trusted Zone: www.adobe.com O15 - Trusted Zone: *.adobe.com O15 - Trusted Zone: *.autodesk.fr O15 - Trusted Zone: http://*.cancava.fr O15 - Trusted Zone: espaceprojet-devweb.infocom.eic.intra O15 - Trusted Zone: http://espaceprojet-devweb.infocom.eic.intra O15 - Trusted Zone: espaceprojet-integ.infocom.eic.intra O15 - Trusted Zone: espaceprojet.infocom.eic.intra O15 - Trusted Zone: http://pwatest.eic.intra O15 - Trusted Zone: http://*.gip-infos-retraite.fr O15 - Trusted Zone: http://www.journal-officiel.gouv.fr O15 - Trusted Zone: http://*.infocom.eic O15 - Trusted Zone: http://*.mutuelle-medicis.com O15 - Trusted Zone: http://pwa.organic.intra O15 - Trusted Zone: http://*.organic.intra O15 - Trusted Zone: http://www.societe.com O15 - Trusted Zone: http://pwa.organic.intra (HKLM) O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://s070115/tdbin/Spider80.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{137DFE3A-059B-4DEE-97DB-36610EE09AB5}: NameServer = 172.16.29.1,172.17.29.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = organic.intra,infocom.eic.intra,informatique.organic.intra,cancava.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = organic.intra,infocom.eic.intra,informatique.organic.intra,cancava.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = organic.intra,infocom.eic.intra,informatique.organic.intra,cancava.fr O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: catman - C:\WINDOWS\SYSTEM32\catman.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Oracleora817ClientCache - Unknown owner - c:\ora817\BIN\ONRSD.EXE O23 - Service: Sweep for Windows NT Network (SWEEPNET) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: Sweep for Windows NT Update (SWEEPUPDATE) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe