georges75015

Bonjour, C’est le 2eme PC qui je rencontre le même problème Ne démarre pas le BIOS. Avant 2 mois je changée le PC, avec le nouveau âpres rencontrée le même problème. Je toutes débranchée DD etc. et démarrage seulement avec CPU, la même chose, Clear CMOS plusieurs fois mais ne BIOS ne démarre pas. Vous avez une idée d’où c’est quoi la cause de problème ? Solutions pour arriver charger le BIOS ?

Cgaque fois que j'ouvre une reprtoire avec video j'ai l'erreur : EventType : BEX P1 : explorer.exe P2 : 6.0.2900.3156 P3 : 466fc588 P4 : unknown P5 : 0.0.0.0 P6 : 00000000 P7 : 02971710 P8 : c0000005 P9 : 00000008 Meme hier au demarage le xp effectue scan .... et m'affecer une reprtoire avec videos. Aucun idee ??

OK, tout va bien Merci bcp a+ Georges

OK La solution est Start - > Run -> cmd et regsvr32 wuaapi.dll regsvr32 wuaueng1.dll regsvr32 wuaueng.dll regsvr32 wucltui.dll regsvr32 wups2.dll regsvr32 wups.dll regsvr32 wuweb.dll et on lunch update. Tout marche bien. Avec le ficher au quarantine , on efface ??

Ok je va le tester, mais sur la liste des utilisateurs j'ai unknown S-1-5-32-547 ?? et sur le rapport AVSA HKU\S-1-5-21-73586283-842925246-1957994488-100 Sur le repertoire user s-1-5-21-73586283-842925246-1957994488-1004.rrr size 9988 KB ??? Ne marche pas. Le xp fait telecharge les mis-a-jour, mais quand je clik siur installation, commence et le resultat pour toutes est is failed. Quelque chose avec root/ ou autre file qui concerve les updates avanr reparation

Bonjour, Afin après la création xp sp2 et installation avec réparation, safe mode a revenue normalement. Voila le rapport de AVAS --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 12:07:13 29/1/2008 + Scan result: HKU\S-1-5-21-73586283-842925246-1957994488-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined). ::Report end Actuellement j’ai en automatique mis a jour 90 updates, mais pour le moment j’arrive pas installe, all failled

Ok, mais avant je doit installer sp2, car en safemode j'ai ma message 0x... reistelle windows. Le restauration est off. En ce moment je cree une cd xp sp2 avec autostreamer. Apres reparation, afin qui prendre en consideration la version sp2. De suite je va suivre pas a pas le netoyage conseiller NOD32 demo derniere version Mon antivirus est le Panda Merci encore une fois

Bonjour, Je telecharge Kaspersky, a cause que je suis en sp1 L'update pou sp2, ne marche pas, xp a telercharge divers update mais l'istallation de sp2 n'avance pas. les parrorts scan au 1 lancement Detected -------- Status Object ------ ------ deleted: Trojan program Trojan-Spy.Win32.Banker.flq File: C:\PROGRAM FILES\DELUXE MENUS\DELUXE-MENU\DELUXE-TUNER\DELUXETUNER.EXE Events ------ Time Event ---- ----- 27/1/2008 17:57:58 You are advised to perform a full computer scan as soon as possible. 27/1/2008 17:57:58 Database is out of date, leaving your computer at risk of infection. Please update your database. 27/1/2008 17:58:29 Protection of your computer is enabled. 27/1/2008 17:57:33 Process (PID 908) tried to access Kaspersky Internet Security process (PID 1476), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 17:57:33 Process (PID 1488) tried to access Kaspersky Internet Security process (PID 1476), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 17:59:02 File C:\PROGRAM FILES\DELUXE MENUS\DELUXE-MENU\DELUXE-TUNER\DELUXETUNER.EXE: detected: Trojan program 'Trojan-Spy.Win32.Banker.flq'. 27/1/2008 17:59:02 Security threats have been detected. You are advised to neutralize them immediately. 27/1/2008 17:59:17 File C:\PROGRAM FILES\DELUXE MENUS\DELUXE-MENU\DELUXE-TUNER\DELUXETUNER.EXE: deleted. 27/1/2008 17:59:35 Process (PID 2484) tried to access Kaspersky Internet Security process (PID 1476), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 17:59:03 Process (PID 1528) tried to access Kaspersky Internet Security process (PID 1956), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 17:59:03 Process (PID 2484) tried to access Kaspersky Internet Security process (PID 1956), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 17:59:03 Process (PID 2484) tried to access Kaspersky Internet Security process (PID 2676), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 17:59:38 Update completed successfully 27/1/2008 17:59:16 Process (PID 3356) tried to access Kaspersky Internet Security process (PID 1956), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 17:59:16 Process (PID 3356) tried to access Kaspersky Internet Security process (PID 1476), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 18:06:23 Process (PID 908) tried to access Kaspersky Internet Security process (PID 1956), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 18:08:08 Process (PID 3684) tried to access Kaspersky Internet Security process (PID 1956), but the action has been blocked by the Self-Defense component. No action on your part is required. 27/1/2008 18:08:39 Process (PID 3684) tried to access Kaspersky Internet Security process (PID 1476), but the action has been blocked by the Self-Defense component. No action on your part is required. Reports ------- Component Status Start Finish Size --------- ------ ----- ------ ---- Anti-Spam running 27/1/2008 17:57:58 0 bytes Privacy Control running 27/1/2008 17:57:58 0 bytes Proactive Defense running 27/1/2008 17:58:29 0 bytes Mail Anti-Virus running 27/1/2008 17:58:29 0 bytes Web Anti-Virus running 27/1/2008 17:58:29 50,6 KB File Anti-Virus running 27/1/2008 17:57:58 3,9 MB Firewall running 27/1/2008 17:57:58 0 bytes Update completed 27/1/2008 17:58:08 27/1/2008 17:59:38 120,5 KB Scan startup objects completed 27/1/2008 17:59:38 27/1/2008 18:02:10 404,7 KB Scan stopped 27/1/2008 18:03:33 27/1/2008 18:09:48 698 KB Scan My Computer stopped 27/1/2008 18:10:58 27/1/2008 18:13:30 551,9 KB Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- Infected: Trojan program Trojan-Spy.Win32.Banker.flq C:\PROGRAM FILES\DELUXE MENUS\DELUXE-MENU\DELUXE-TUNER\DELUXETUNER.EXE 1,2 MB SCAN APRES DEMARAGE Protection : running -------------------- Total scanned: 447282 Detected: 19 Untreated: 0 Attacks blocked: 0 Start time: 28/1/2008 09:41:35 Duration: 02:26:49 Detected -------- Status Object ------ ------ deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{39901169-C673-4E0F-B9BC-DAD2BC059A37}\RP2\A0003089.exe deleted: Trojan program Trojan-Spy.Win32.Banker.flq File: C:\System Volume Information\_restore{39901169-C673-4E0F-B9BC-DAD2BC059A37}\RP21\A0008334.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000373.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000374.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000377.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000378.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000379.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000380.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000385.exe deleted: virus Email-Worm.Win32.Bagle.of File: C:\System Volume Information\_restore{FC7A18A1-8438-4081-AA18-0580A1406B90}\RP6\A0000389.exe detected: riskware Invader Running process: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe detected: riskware Invader Running process: C:\WINDOWS\Explorer.EXE detected: riskware Invader Running process: C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe detected: riskware Invader Running process: C:\WINDOWS\system32\svchost.exe detected: riskware Invader Running process: C:\Program Files\WinFax\FAXMNG32.EXE deleted: Trojan program Trojan.Win32.Inject.mf File: C:\temp\memory\DiagHelp.zip/DiagHelp/catchme.exe//PE_Patch.UPX//# deleted: Trojan program Trojan.Win32.Inject.mf File: C:\temp\memory\DiagHelp\catchme.exe//PE_Patch.UPX//# detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exe detected: riskware Invader Running process: C:\WINDOWS\system32\winlogon.exe Reports ------- Component Status Start Finish Size --------- ------ ----- ------ ---- Anti-Spam running 28/1/2008 09:41:35 0 bytes Privacy Control running 28/1/2008 09:41:35 0 bytes Mail Anti-Virus running 28/1/2008 09:41:35 0 bytes Firewall running 28/1/2008 09:41:35 24,6 KB File Anti-Virus running 28/1/2008 09:42:10 3,4 MB Web Anti-Virus running 28/1/2008 09:42:10 533,2 KB Proactive Defense running 28/1/2008 09:41:35 556,7 KB Update completed 28/1/2008 09:43:39 28/1/2008 09:43:50 0 bytes Scan startup objects completed 28/1/2008 09:44:16 28/1/2008 09:44:49 415,7 KB Scan My Computer stopped 28/1/2008 09:50:02 28/1/2008 12:06:40 82,9 MB Update completed 28/1/2008 12:01:37 28/1/2008 12:02:32 26,3 KB Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000377.exe 69 KB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000373.exe 69 KB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000389.exe 94 KB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000385.exe 69 KB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000380.exe 94 KB Infected: Trojan program Trojan-Spy.Win32.Banker.flq c:\system volume information\_restore{39901169-c673-4e0f-b9bc-dad2bc059a37}\rp21\a0008334.exe 1,2 MB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000374.exe 69 KB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000378.exe 69 KB Infected: Trojan program Trojan.Win32.Inject.mf c:\temp\memory\diaghelp.zip 808,6 KB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{39901169-c673-4e0f-b9bc-dad2bc059a37}\rp2\a0003089.exe 94 KB Infected: virus Email-Worm.Win32.Bagle.of c:\system volume information\_restore{fc7a18a1-8438-4081-aa18-0580a1406b90}\rp6\a0000379.exe 69 KB Infected: Trojan program Trojan.Win32.Inject.mf c:\temp\memory\diaghelp\catchme.exe 137 KB 3E SCAN LE RIEN TROUVE

Le rapport SmitFraudFix v2.274 Scan done at 12:43:11,32, ‰¬¨ 27/01/2008 Run from C:\temp\memory\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\slmdmsr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WFXSVC.EXE C:\Program Files\WinFax\WFXMOD32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\WgaTray.exe K:\eMule\emule.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Giorgio »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Giorgio\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Giorgio\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 194.219.227.2 DNS Server Search Order: 193.92.150.3 Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 195.170.0.1 DNS Server Search Order: 195.170.2.2 HKLM\SYSTEM\CCS\Services\Tcpip\..\{33159AFE-21AC-4FF0-B85E-1AE56DB77AFE}: NameServer=194.219.227.2,193.92.150.3 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DC1894A3-2163-431F-852A-CFC35B226ECF}: NameServer=195.170.0.1,195.170.2.2 HKLM\SYSTEM\CS1\Services\Tcpip\..\{33159AFE-21AC-4FF0-B85E-1AE56DB77AFE}: NameServer=194.219.227.2,193.92.150.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DC1894A3-2163-431F-852A-CFC35B226ECF}: NameServer=195.170.0.1,195.170.2.2 HKLM\SYSTEM\CS2\Services\Tcpip\..\{33159AFE-21AC-4FF0-B85E-1AE56DB77AFE}: NameServer=194.219.227.2,193.92.150.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DC1894A3-2163-431F-852A-CFC35B226ECF}: NameServer=195.170.0.1,195.170.2.2 HKLM\SYSTEM\CS3\Services\Tcpip\..\{33159AFE-21AC-4FF0-B85E-1AE56DB77AFE}: NameServer=194.219.227.2,193.92.150.3 HKLM\SYSTEM\CS3\Services\Tcpip\..\{DC1894A3-2163-431F-852A-CFC35B226ECF}: NameServer=195.170.0.1,195.170.2.2 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Impossible demare en dafe mode F8 error : 0x0000007b (0xf7aca63,0xc0000034, et 0000) J'oublie a vous dire une autre virus que je efface fle006 Le rapport Panda (old) http://gb75.ifrance.com/panda.htm Le rapport spyreraser http://gb75.ifrance.com/spyeraser.htm NOD32, ne rien trouve

Je vivre a Paris de 1984 au 2000. Lors d'execution de DiagHelp, NOD32 a bloque 27/1/2008 9:49:02 πμ Real-time file system protection file C:\DOCUME~1\Giorgio\LOCALS~1\Temp\qcimyesaES.dll probably a variant of Win32/Inject trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\temp\memory\DiagHelp\catchme.exe. Le rapport DiagHelp version v1.4 - http://www.malekal.com excute le ??? 27/01/2008 ΰ 9:48:37,99 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->27/1/2008 09:48:31 C:\WINDOWS\prefetch\WINDOWSSEARCHFILTER.EXE-2708964D.pf -->27/1/2008 09:47:33 C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->27/1/2008 09:45:22 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->27/1/2008 09:43:55 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->27/1/2008 09:42:42 C:\WINDOWS\prefetch\WGATRAY.EXE-0ED38BED.pf -->27/1/2008 09:42:42 C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->27/1/2008 09:42:39 C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->27/1/2008 09:42:24 C:\WINDOWS\prefetch\RUNDLL32.EXE-42057D8B.pf -->27/1/2008 09:42:14 C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf -->27/1/2008 09:42:06 C:\WINDOWS\System32\drivers\tmcomm.sys -->25/1/2008 17:41:02 C:\WINDOWS\System32\drivers\gmer.sys -->20/1/2008 11:23:51 C:\WINDOWS\System32\drivers\snapman.sys -->10/1/2008 16:05:55 C:\WINDOWS\System32\drivers\AegisP.sys -->8/1/2008 18:35:51 C:\WINDOWS\System32\drivers\NTIDrvr.sys -->6/1/2008 09:56:11 C:\WINDOWS\System32\drivers\epfwtdi.sys -->21/12/2007 08:21:54 C:\WINDOWS\System32\drivers\epfwndis.sys -->21/12/2007 08:21:52 C:\WINDOWS\System32\wpa.dbl -->27/1/2008 09:40:25 C:\WINDOWS\System32\PerfStringBackup.TMP -->25/1/2008 20:57:36 C:\WINDOWS\System32\perfh009.dat -->25/1/2008 20:57:36 C:\WINDOWS\System32\perfc009.dat -->25/1/2008 20:57:36 C:\WINDOWS\System32\wmpscheme.xml -->25/1/2008 10:07:06 C:\WINDOWS\System32\FNTCACHE.DAT -->25/1/2008 10:01:05 C:\WINDOWS\System32\$winnt$.inf -->25/1/2008 09:58:50 C:\WINDOWS\System32\nscompat.tlb -->25/1/2008 09:54:53 C:\WINDOWS\System32\amcompat.tlb -->25/1/2008 09:54:53 C:\WINDOWS\System32\WindowsLogon.manifest -->25/1/2008 09:52:46 C:\WINDOWS\System32\logonui.exe.manifest -->25/1/2008 09:52:46 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->25/1/2008 09:52:40 C:\WINDOWS\System32\sapi.cpl.manifest -->25/1/2008 09:52:40 C:\WINDOWS\System32\nwc.cpl.manifest -->25/1/2008 09:52:40 C:\WINDOWS\System32\ncpa.cpl.manifest -->25/1/2008 09:52:40 C:\WINDOWS\System32\cdplayer.exe.manifest -->25/1/2008 09:52:40 C:\WINDOWS\System32\Uninstall.ico -->22/1/2008 14:57:51 C:\WINDOWS\System32\pavas.ico -->22/1/2008 14:57:51 C:\WINDOWS\System32\Help.ico -->22/1/2008 14:57:51 C:\WINDOWS\System32\PerfStringBackup.INI -->20/1/2008 16:26:22 C:\WINDOWS\System32\HJZFSMJBMKQ -->20/1/2008 15:59:38 C:\WINDOWS\System32\windrv.sys -->20/1/2008 11:59:02 C:\WINDOWS\System32\asfiles.txt -->19/1/2008 20:28:46 C:\WINDOWS\System32\PAV_FOG.OPC -->19/1/2008 09:53:30 C:\WINDOWS\System32\AutoPartNt.let -->10/1/2008 16:49:26 C:\WINDOWS\setupapi.log -->27/1/2008 09:47:30 C:\WINDOWS\ModemLog_SmartUSB56 Voice Modem.txt -->27/1/2008 09:42:04 C:\WINDOWS.log -->27/1/2008 09:42:00 C:\WINDOWS\wiadebug.log -->27/1/2008 09:40:38 C:\WINDOWS\win.ini -->27/1/2008 09:40:28 C:\WINDOWS\wiaservc.log -->27/1/2008 09:40:28 C:\WINDOWS\SchedLgU.Txt -->27/1/2008 09:40:19 C:\WINDOWS\bootstat.dat -->27/1/2008 09:38:56 C:\WINDOWS\MEMORY.DMP -->26/1/2008 13:29:42 C:\WINDOWS\spslpsrm.log -->26/1/2008 13:09:28 C:\WINDOWS\ie7_main.log -->26/1/2008 13:06:52 C:\WINDOWS\svcpack.log -->26/1/2008 13:06:31 C:\WINDOWS\WindowsUpdate.log -->26/1/2008 09:59:26 C:\WINDOWS\medctroc.Log -->26/1/2008 09:58:27 C:\WINDOWS\KB906569.log -->26/1/2008 09:01:11 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 228 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0xf7000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE 0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll 0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll 0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll 0x77120000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll 0x75f80000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll 0x769c0000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll 0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll 0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll 0x5b630000 0x70000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll 0x71d40000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll 0x76b20000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL 0x129b0000 0x24000 15.00.0000.0000 C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll 0x74b30000 0x41000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll 0x74af0000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll 0x74ad0000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x72410000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll 0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x582d0000 0x4000 1.01.0001.0005 C:\WINDOWS\System32\tssoft32.acm 0x73b70000 0x7000 1.03.0003.0007 C:\WINDOWS\System32\tsd32.dll 0x58310000 0x1d000 4.04.0000.3400 C:\WINDOWS\System32\msg723.acm 0x58340000 0x4d000 8.00.0000.4477 C:\WINDOWS\System32\msaud32.acm 0x582e0000 0x1e000 3.02.0000.0000 C:\WINDOWS\System32\sl_anet.acm 0x581a0000 0x39000 2.00.0005.0053 C:\WINDOWS\System32\iac25_32.ax 0x58390000 0x8a000 1.09.0000.0305 C:\WINDOWS\System32\l3codeca.acm 0x5a600000 0x13000 8.01.0178.0000 C:\WINDOWS\System32\sirenacm.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x10000000 0x31000 1.40.0000.0000 C:\WINDOWS\System32\ac3acm.acm 0x018e0000 0x92000 0.09.0001.0000 C:\WINDOWS\System32\lameACM.acm 0x71d90000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\URL.dll 0x76400000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll 0x76200000 0x97000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll 0x72430000 0x12000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll 0x72e00000 0x114000 8.20.8730.0001 C:\WINDOWS\System32\msxml3.dll 0x760f0000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll 0x74770000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll 0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll 0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll 0x1f850000 0x16000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll 0x76170000 0x88000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll 0x68df0000 0x8c000 5.02.1776.0000 C:\WINDOWS\System32\fxsst.dll 0x69010000 0x70000 5.02.1776.0000 C:\WINDOWS\System32\FXSAPI.dll 0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 0x04470000 0x9b000 C:\PROGRA~1\IZArc\IZArcCM.dll 0x5edd0000 0x1a000 5.00.5014.0000 C:\WINDOWS\System32\olepro32.dll 0x22000000 0x2e000 3.00.0621.0000 C:\Program Files\ESET\ESET Smart Security\shellExt.dll 0x019c0000 0x27000 1.00.0000.0001 C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteShell.dll 0x029a0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 916 Command line: winlogon.exe Base Size Version Path 0x01000000 0x6e000 \??\C:\WINDOWS\system32\winlogon.exe 0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll 0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll 0x76c30000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll 0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll 0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll 0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll 0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll 0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll 0x1f850000 0x16000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll 0x76bd0000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll 0x10000000 0x1d000 6.14.0010.4162 C:\WINDOWS\system32\Ati2evxx.dll 0x77120000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll 0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll 0x01410000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll 0x582d0000 0x4000 1.01.0001.0005 C:\WINDOWS\system32\tssoft32.acm 0x73b70000 0x7000 1.03.0003.0007 C:\WINDOWS\system32\tsd32.dll 0x58310000 0x1d000 4.04.0000.3400 C:\WINDOWS\system32\msg723.acm 0x58340000 0x4d000 8.00.0000.4477 C:\WINDOWS\system32\msaud32.acm 0x582e0000 0x1e000 3.02.0000.0000 C:\WINDOWS\system32\sl_anet.acm 0x581a0000 0x39000 2.00.0005.0053 C:\WINDOWS\System32\iac25_32.ax 0x58390000 0x8a000 1.09.0000.0305 C:\WINDOWS\System32\l3codeca.acm 0x5a600000 0x13000 8.01.0178.0000 C:\WINDOWS\system32\sirenacm.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x015d0000 0x31000 1.40.0000.0000 C:\WINDOWS\system32\ac3acm.acm 0x01610000 0x92000 0.09.0001.0000 C:\WINDOWS\system32\lameACM.acm 0x71d90000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\URL.dll 0x76b20000 0x15000 3.00.9238.0000 C:\WINDOWS\system32\ATL.DLL Volume in drive C is DRIVE_C Volume Serial Number is 747A-C779 Directory of C:\WINDOWS\system32 23/08/2001 14:00 4.096 csrss.exe 1 File(s) 4.096 bytes 0 Dir(s) 112.367.980.544 bytes free Contenu de Downloaded Program Files Volume in drive C is DRIVE_C Volume Serial Number is 747A-C779 Directory of C:\WINDOWS\Downloaded Program Files 22/01/2008 16:19 <DIR> . 22/01/2008 16:19 <DIR> .. 24/08/2006 08:28 141.424 asinst.dll 22/08/2006 09:06 537 asinst.inf 25/10/2007 10:26 32 bdcore.dll 25/10/2007 10:26 118.784 bdupd.dll 30/01/2003 16:52 348.160 bitdefender.ocx 07/05/2003 11:26 192.512 CamCli.dll 19/01/2008 19:41 <DIR> CONFLICT.1 25/01/2008 09:52 65 desktop.ini 16/05/2007 08:29 227 driveragent.inf 16/05/2007 08:28 449.024 driveragent.ocx 25/07/2002 17:13 24.576 dwusplay.dll 25/07/2002 17:13 196.608 dwusplay.exe 11/04/2007 14:55 1.292 erma.inf 12/07/2000 02:02 36.864 fxfileop.dll 30/06/2007 19:09 175.968 IEAWSDC.DLL 30/06/2007 18:46 452 ieawsdc.inf 07/05/2003 11:26 180.224 ijl11.dll 25/10/2007 10:26 53.248 ipsupd.dll 16/02/2005 15:15 401.408 isusweb.dll 25/10/2007 10:26 6.742 lang.ini 13/04/2007 14:27 367 LegitCheckControl.inf 11/09/2007 13:49 12.592 LibComm.dll 25/10/2007 10:26 32 libfn.dll 25/10/2007 10:26 126 live.ini 26/10/2007 15:12 6.300 MSIWDev.inf 20/06/2006 15:44 379.704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 16/04/2007 21:50 295 muweb.inf 29/10/2007 16:45 1.244 oscan8.inf 25/10/2007 16:54 471.040 oscan8.ocx 11/09/2007 13:49 43.824 PSComm.dll 11/09/2007 13:49 100.656 PSNAdbrk.dll 20/06/2006 15:44 117.560 PURen-us.dll 09/01/2007 08:30 110.592 PURfr-fr.dll 25/10/2007 10:26 6.828 scanoptions.tsi 03/05/2007 15:35 300 setup.inf 27/03/2007 15:00 5.021 swflash.inf 29/05/2007 14:46 23.600 tvichw32.sys 31/10/2001 10:37 118 uninst.bat 26/05/2005 03:19 291 wuweb.inf 39 File(s) 3.609.030 bytes Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.1 19/01/2008 19:41 <DIR> . 19/01/2008 19:41 <DIR> .. 0 File(s) 0 bytes Total Files Listed: 39 File(s) 3.609.030 bytes 5 Dir(s) 112.367.976.448 bytes free Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [SharedTaskScheduler] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "EnableLUA"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-27 09:49:03 Windows 5.1.2600 NTFS scanning hidden services & system hive ... IPC error: 2 The system cannot find the file specified. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:1a,a7,f1,7c,c7,ab,5e,72,b4,cd,c9,a2,bb,e4,05,df,0c,92,7b,61,8a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001] "khjeh"=hex:24,62,eb,ff,3e,a8,9b,97,95,92,b7,e0,f3,5d,44,25,d7,60,e0,c4,0e,.. "d0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40] "khjeh"=hex:c1,72,a9,80,f8,ce,e6,16,b5,1e,1b,38,86,64,d2,45,87,df,9f,1d,03,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:1a,a7,f1,7c,c7,ab,5e,72,b4,cd,c9,a2,bb,e4,05,df,0c,92,7b,61,8a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001] "khjeh"=hex:24,62,eb,ff,3e,a8,9b,97,95,92,b7,e0,f3,5d,44,25,d7,60,e0,c4,0e,.. "d0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40] "khjeh"=hex:c1,72,a9,80,f8,ce,e6,16,b5,1e,1b,38,86,64,d2,45,87,df,9f,1d,03,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:1a,a7,f1,7c,c7,ab,5e,72,b4,cd,c9,a2,bb,e4,05,df,0c,92,7b,61,8a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001] "khjeh"=hex:24,62,eb,ff,3e,a8,9b,97,95,92,b7,e0,f3,5d,44,25,d7,60,e0,c4,0e,.. "d0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40] "khjeh"=hex:c1,72,a9,80,f8,ce,e6,16,b5,1e,1b,38,86,64,d2,45,87,df,9f,1d,03,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\x9f\3\x391\3\x389\3\x393\3\x394\3\x389\3\x38a\3\xae\3 ] "SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,60,1c,00,00,00,00,00,30,33,c6,98,0d,.. "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\xa3\3\x395\3\xb3\3\x38a\3\xb5\3\xbd\3\x394\3\x391\3\x399\3\x394\3\x389\3\x38a\3\xad\3\x392\3 ] "SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,b0,26,00,00,00,00,00,40,41,34,ee,fe,.. "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\x9f\3\x391\3\x389\3\x393\3\x394\3\x389\3\x38a\3\xae\3 ] "Inno Setup: Setup Version"="4.2.7" "Inno Setup: App Path"="C:\Program Files\FMY" "InstallLocation"="C:\Program Files\FMY\" "Inno Setup: Icon Group"="\x393.\x393.\x3a0.\x3a3." "Inno Setup: User"="Giorgio" "Inno Setup: Selected Tasks"="desktopicon" "Inno Setup: Deselected Tasks"="" "DisplayName"="\x39f\x3c1\x3b9\x3c3\x3c4\x3b9\x3ba\x3ae \x394\x3ae\x3bb\x3c9\x3c3\x3b7 \x3a6\x39c\x3a5 v1" "UninstallString"=""C:\Program Files\FMY\unins000.exe"" "QuietUninstallString"=""C:\Program Files\FMY\unins000.exe" /SILENT" "Publisher"="\x393\x3b5\x3bd\x3b9\x3ba\x3ae \x393\x3c1\x3b1\x3bc\x3bc\x3b1\x3c4\x3b5\x3af\x3b1 \x3a0\x3bb\x3b7\x3c1\x3bf\x3c6\x3bf\x3c1\x3b9\x3b1\x3ba\x3ce\x3bd \x3a3\x3c5\x3c3\x3c4\x3b7\x3bc\x3ac\x3c4\x3c9\x3bd" "URLInfoAbout"="http://www.gsis.gr" "HelpLink"="http://www.gsis.gr" "URLUpdateInfo"="http://www.gsis.gr" "NoModify"=dword:00000001 "NoRepair"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\xa3\3\x395\3\xb3\3\x38a\3\xb5\3\xbd\3\x394\3\x391\3\x399\3\x394\3\x389\3\x38a\3\xad\3\x392\3 ] "Inno Setup: Setup Version"="4.2.7" "Inno Setup: App Path"="C:\Program Files\KVS2007" "InstallLocation"="C:\Program Files\KVS2007\" "Inno Setup: Icon Group"="\x393.\x393.\x3a0.\x3a3." "Inno Setup: User"="Giorgio" "Inno Setup: Selected Tasks"="desktopicon" "Inno Setup: Deselected Tasks"="" "DisplayName"="\x3a3\x3c5\x3b3\x3ba\x3b5\x3bd\x3c4\x3c1\x3c9\x3c4\x3b9\x3ba\x3ad\x3c2 \x3ba\x3b1\x3c4\x3b1\x3c3\x3c4\x3ac\x3c3\x3b5\x3b9\x3c2 \x3a0\x3b5\x3bb\x3b1\x3c4\x3ce\x3bd-\x3a0\x3c1\x3bf\x3bc\x3b7\x3b8\x3b5\x3c5\x3c4\x3ce\x3bd \x388\x3ba\x3b4\x3bf\x3c3\x3b7 2007 v1" "UninstallString"=""C:\Program Files\KVS2007\unins000.exe"" "QuietUninstallString"=""C:\Program Files\KVS2007\unins000.exe" /SILENT" "Publisher"="\x393\x3b5\x3bd\x3b9\x3ba\x3ae \x393\x3c1\x3b1\x3bc\x3bc\x3b1\x3c4\x3b5\x3af\x3b1 \x3a0\x3bb\x3b7\x3c1\x3bf\x3c6\x3bf\x3c1\x3b9\x3b1\x3ba\x3ce\x3bd \x3a3\x3c5\x3c3\x3c4\x3b7\x3bc\x3ac\x3c4\x3c9\x3bd" "URLInfoAbout"="http://www.gsis.gr" "HelpLink"="http://www.gsis.gr" "URLUpdateInfo"="http://www.gsis.gr" "NoModify"=dword:00000001 "NoRepair"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\\x201c\3.] "Order"=hex:08,00,00,00,02,00,00,00,e8,00,00,00,01,00,00,00,02,00,00,00,76,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\\x201c\3.\\xa6\3.] "Order"=hex:08,00,00,00,02,00,00,00,b6,01,00,00,01,00,00,00,03,00,00,00,90,.. scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) ENUMERATION OF PROCESS LIST TERMINATED ABNORMALLY. RESULTS MAY BE INACCURATE! KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D0000 - \WINDOWS\system32\ntoskrnl.exe 806B8000 - \WINDOWS\system32\hal.dll F7BAF000 - \WINDOWS\system32\KDCOM.DLL F7ABF000 - \WINDOWS\system32\BOOTVID.dll F7662000 - ACPI.sys F7BB1000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F76AF000 - pci.sys F76BF000 - isapnp.sys F7C77000 - pciide.sys F792F000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F7BB3000 - intelide.sys F76CF000 - MountMgr.sys F7643000 - ftdisk.sys F7937000 - PartMgr.sys F76DF000 - VolSnap.sys F762D000 - atapi.sys F76EF000 - ultra.sys F7617000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS F76FF000 - disk.sys F770F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F7605000 - sr.sys F75E5000 - \WINDOWS\system32\drivers\FLTMGR.SYS F75D1000 - KSecDD.sys F754E000 - Ntfs.sys F7526000 - NDIS.sys F7AC3000 - RecAgent.sys F750C000 - Mup.sys F793F000 - agp440.sys F78FF000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F52B2000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F790F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F5298000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys F7B7B000 - \SystemRoot\System32\DRIVERS\usbohci.sys F5279000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F791F000 - \SystemRoot\system32\DRIVERS\imapi.sys F7B7F000 - \SystemRoot\system32\drivers\pfc.sys F79EF000 - \SystemRoot\system32\drivers\ASAPIW2k.sys F773F000 - \SystemRoot\System32\DRIVERS\cdrom.sys F774F000 - \SystemRoot\System32\DRIVERS\redbook.sys F5258000 - \SystemRoot\System32\DRIVERS\ks.sys F7BEF000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys F5233000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F775F000 - \SystemRoot\System32\DRIVERS\serial.sys F7B8B000 - \SystemRoot\System32\DRIVERS\serenum.sys F79F7000 - \SystemRoot\System32\DRIVERS\fdc.sys F776F000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F79FF000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F7A07000 - \SystemRoot\system32\DRIVERS\point32.sys F7A0F000 - \SystemRoot\System32\DRIVERS\mouclass.sys F521B000 - \SystemRoot\system32\drivers\DCxxMJPG.sys F777F000 - \SystemRoot\System32\DRIVERS\Epfwndis.sys F7DB5000 - \SystemRoot\System32\DRIVERS\audstub.sys F778F000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F7B93000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F5205000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F779F000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F77AF000 - \SystemRoot\System32\DRIVERS\raspptp.sys F7B97000 - \SystemRoot\System32\DRIVERS\TDI.SYS F51F4000 - \SystemRoot\System32\DRIVERS\psched.sys F77BF000 - \SystemRoot\System32\DRIVERS\msgpc.sys F7A17000 - \SystemRoot\System32\DRIVERS\ptilink.sys F7A1F000 - \SystemRoot\System32\DRIVERS\raspti.sys F77CF000 - \SystemRoot\System32\DRIVERS\termdd.sys F7DBE000 - \SystemRoot\System32\DRIVERS\swenum.sys F5132000 - \SystemRoot\System32\DRIVERS\update.sys F77DF000 - \SystemRoot\system32\DRIVERS\AmdLLD.sys F77EF000 - \SystemRoot\System32\Drivers\NDProxy.SYS F782F000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7BF1000 - \SystemRoot\System32\DRIVERS\USBD.SYS ECFCA000 - \SystemRoot\system32\DRIVERS\SLDRV\slnt7554.sys F54D8000 - \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys ECFA9000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys F7A27000 - \SystemRoot\System32\Drivers\Modem.SYS F54D4000 - \SystemRoot\system32\drivers\MODEMCSA.sys F54D0000 - \SystemRoot\system32\DRIVERS\usbscan.sys F7A2F000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F7BF5000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7CDA000 - \SystemRoot\System32\Drivers\Null.SYS F7BF7000 - \SystemRoot\System32\Drivers\Beep.SYS F7CDB000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7A3F000 - \SystemRoot\System32\drivers\vga.sys F7BF9000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7BFB000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7A47000 - \SystemRoot\System32\Drivers\Msfs.SYS F7A4F000 - \SystemRoot\System32\Drivers\Npfs.SYS F7B47000 - \SystemRoot\System32\DRIVERS\rasacd.sys F785F000 - \SystemRoot\System32\DRIVERS\ipsec.sys ECEFC000 - \SystemRoot\System32\DRIVERS\tcpip.sys ECEEA000 - \SystemRoot\System32\DRIVERS\epfwtdi.sys F786F000 - \SystemRoot\System32\DRIVERS\wanarp.sys ECEC5000 - \SystemRoot\System32\DRIVERS\netbt.sys ECEA5000 - \SystemRoot\System32\drivers\afd.sys F787F000 - \SystemRoot\System32\DRIVERS\netbios.sys F7A5F000 - \??\C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys ECDDD000 - \SystemRoot\System32\DRIVERS\rdbss.sys F7B6F000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys ECD51000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F788F000 - \SystemRoot\System32\Drivers\Fips.SYS F789F000 - \SystemRoot\System32\DRIVERS\easdrv.sys F78CF000 - \SystemRoot\System32\Drivers\Cdfs.SYS ECD3B000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7C13000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \??\C:\WINDOWS\system32\win32k.sys ECF9D000 - \??\C:\WINDOWS\system32\watchdog.sys BFF80000 - \SystemRoot\System32\drivers\dxg.sys F7CE7000 - \SystemRoot\System32\drivers\dxgthk.sys BF000000 - \SystemRoot\System32\ati2dvag.dll BF045000 - \SystemRoot\System32\ati2cqag.dll BF09A000 - \SystemRoot\System32\atikvmag.dll BF0EA000 - \SystemRoot\System32\ati3duag.dll BF39C000 - \SystemRoot\System32\ativvaxx.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL B85E4000 - \SystemRoot\System32\DRIVERS\epfw.sys F79D7000 - \SystemRoot\system32\DRIVERS\AegisP.sys B85AC000 - \SystemRoot\system32\drivers\sysaudio.sys B839D000 - \SystemRoot\System32\DRIVERS\mrxdav.sys B85C8000 - \SystemRoot\system32\DRIVERS\MaVc2K.sys B8328000 - \SystemRoot\System32\DRIVERS\eamon.sys B82AF000 - \SystemRoot\System32\DRIVERS\srv.sys B7629000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlstrm.sys B7610000 - \SystemRoot\system32\DRIVERS\SLDRV\Slnthal.sys B74AC000 - \SystemRoot\System32\Drivers\Fastfat.SYS F7DAD000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 123 Liste des programmes installes Συμβάσεις & Συμφωνητικά Συμβάσεις & Συμφωνητικά ACDSee 6.0 PowerPack Adobe ActiveShare 1.3.1 Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.1 Adobe® Photoshop® Album Starter Edition 3.0 Adobe® Photoshop® Album Starter Edition 3.0.1 ArcSoft PhotoStudio 5.5 ATI - Βοηθητικό πρόγραμμα απεγκατάστασης λογισμικού ATI Catalyst Control Center ATI Display Driver ATI Parental Control & Encoder Autorun CD Studio 2.1 AutoStreamer AutoUpdate AVI/MPEG/RM/WMV Splitter 4.28 AVIcodec (remove only) AVIVO Codecs Barre d'outils Outlook de Windows Live (Windows Live Toolbar) Bloqueur de fenetres pop-up (Windows Live Toolbar) BufferChm Caere Scan Manager 5.0 Canon CanoScan Toolbox 5.0 CanoScan 4400F Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CoffeeCup Flash Firestarter CoffeeCup Flash Form Builder - Registered CoffeeCup Flash Menu Builder CoffeeCup Flash Password Wizard CoffeeCup Flash Website Font CoffeeCup Flash Website Font Pack CoffeeCup Flash Website Search - Registered CoffeeCup GIF Animator CoffeeCup Google SiteMapper CoffeeCup HTML Editor 2007 CoffeeCup Image Mapper CoffeeCup Live Chat - Registered CoffeeCup LockBox CoffeeCup MP3 Rip & Burn CoffeeCup Photo Gallery - Registered CoffeeCup PixConverter CoffeeCup RSS News Flash - Registered CoffeeCup StyleSheet Maker CoffeeCup Visual Site Designer CoffeeCup Web Calendar CoffeeCup Web JukeBox - Registered CoffeeCup Web Video Player - Registered CoffeeCup WebCam CoffeeCup Website Color Schemer Concord WinFax Plugin v3.0 CustomerResearchQFolder CuteFTP D4200 D4200_Help Deluxe Menus Detecteur de flux Windows Live Toolbar (Windows Live Toolbar) DeviceManagementQFolder Disc2Phone DivX Content Uploader DivX Web Player dj_sf_ProductContext dj_sf_software dj_sf_software_req DScaler 5 Mpeg Decoders Dual-Core Optimizer Easy GIF Animator 4.1 eMule ESET Smart Security eSupportQFolder Extension de Windows Live Toolbar (Windows Live Toolbar) HijackThis 1.99.1 Hotfix for Microsoft .NET Framework 3.0 (KB932471) HP Customer Participation Program 8.0 HP Deskjet 8.0 Software HP Imaging Device Functions 8.0 HP Photosmart Essential HP Product Detection HP Share-to-Web HP Solution Center 8.0 HP Update HPProductAssistant HPSSupply InterVideo WinDVD Creator 2 IZArc 3.81 Jasc Animation Shop 3 Jasc Paint Shop Pro 9 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 K-Lite Codec Pack 3.6.5 Full LightScribe 1.4.136.1 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) MarketResearch Menus intelligents (Windows Live Toolbar) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 6.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft PhotoDraw 2000 Microsoft Silverlight Microsoft SQL Server Desktop Engine Microsoft User-Mode Driver Framework Feature Pack 1.0 Mon Carnet d'Adresses Mozilla ActiveX Control v1.7.12 Mozilla Firefox (2.0.0.11) Mozilla Thunderbird (2.0.0.9) MSI Live Update 3 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) NTI Backup NOW! 4 NTI Backup NOW! 4 NTI CD & DVD-Maker NTI CD & DVD-Maker 7 Platinum OneCare Advisor (Windows Live Toolbar) Outlook Express Backup Genie v2.0 Panda ActiveScan Pinnacle Hollywood FX 5 Pinnacle Studio DC10plus Pixie registration fix Presto! PageManager 7.15.14 Rapid PHP 2007 v8.2 Realtek High Definition Audio Driver Recognita Plus 5.0 SAGEM F@st 1500 ScanSoft OmniPage SE 4.0 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Windows XP (KB931784) Sharp GX25 USB-Handset Manager Skins SmartSound Quicktracks Plugin SmartSound Quicktracks Plugin SmartUSB56 Voice Modem SnatchIt! Video Screen Capture SolutionCenter Sony Ericsson PC Suite Status Studio 9 Studio 9.4 Patch Symantec WinFax PRO System Requirements Lab ThumbsPlus version 7.0 Toolbox TrayApp Ulead GIF Animator 5 Uniblue RegistryBooster 2 Uniblue SpyEraser UnloadSupport VideoLAN VLC media player 0.8.6d WebFldrs XP WebReg WeBuilder 2007 v8.0 Windows Desktop Search Windows Desktop Search (KB926356-V2) Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Live Favorites pour Windows Live Toolbar Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format Runtime Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation WinZip XML Paper Specification Shared Components Pack 1.0 Volume in drive C is DRIVE_C Volume Serial Number is 747A-C779 Directory of C:\Program Files 26/01/2008 11:12 <DIR> . 26/01/2008 11:12 <DIR> .. 15/06/2007 12:07 <DIR> ACD Systems 24/08/2007 08:45 <DIR> Adobe 03/01/2008 02:15 <DIR> AMD 27/09/2007 16:44 <DIR> ArcSoft 16/01/2008 12:30 <DIR> ATI Technologies 31/05/2007 10:40 <DIR> Autorun CD Studio 26/01/2008 11:13 <DIR> AutoStreamer 03/06/2007 10:44 <DIR> AVI MPEG RM WMV Splitter 03/06/2007 10:54 <DIR> AVIcodec 01/10/2007 10:41 <DIR> Canon 31/05/2007 19:45 <DIR> CD MEDIA 01/01/2008 20:20 <DIR> CoffeeCup Software 31/12/2007 14:52 <DIR> CoffeeCup SoftwareWebsiteFont 11/01/2008 11:33 <DIR> Common Files 29/05/2007 14:01 <DIR> ComPlus Applications 31/05/2007 19:46 <DIR> Contact 31/05/2007 16:50 <DIR> Corel 19/06/2007 13:00 <DIR> Deluxe Menus 11/01/2008 10:24 <DIR> DIFX 24/08/2007 08:46 <DIR> Disc2Phone 11/07/2007 16:54 <DIR> DivX 03/06/2007 11:15 <DIR> DScaler5 15/11/2007 18:08 <DIR> E9 30/11/2007 13:52 <DIR> Easy GIF Animator 25/01/2008 09:08 <DIR> ESET 04/11/2007 18:38 <DIR> FMY 27/09/2007 16:37 <DIR> Hewlett-Packard 01/10/2007 16:57 <DIR> HP 02/06/2007 13:02 <DIR> hp deskjet 840c series 29/05/2007 17:29 <DIR> Intel 25/01/2008 09:51 <DIR> Internet Explorer 01/06/2007 11:30 <DIR> InterVideo 21/01/2008 16:03 <DIR> IZArc 31/05/2007 10:50 <DIR> Jasc Software Inc 02/11/2007 11:43 <DIR> Java 17/01/2008 16:55 <DIR> K-Lite Codec Pack 19/01/2008 12:27 <DIR> KVS 13/12/2007 14:26 <DIR> KVS2007 31/05/2007 19:52 <DIR> LexFr 24/01/2008 19:53 <DIR> Messenger 30/05/2007 10:57 <DIR> Microsoft ActiveSync 14/06/2007 10:02 <DIR> Microsoft CAPICOM 2.1.0.2 29/05/2007 14:04 <DIR> microsoft frontpage 22/01/2008 15:08 <DIR> Microsoft IntelliPoint 31/05/2007 07:59 <DIR> Microsoft Office 22/01/2008 11:39 <DIR> Microsoft Silverlight 22/01/2008 16:19 <DIR> Microsoft SQL Server 30/05/2007 10:57 <DIR> Microsoft Visual Studio 09/06/2007 09:43 <DIR> Mobile Action 01/06/2007 12:14 <DIR> Mon Carnet d'Adresses 25/01/2008 09:52 <DIR> Movie Maker 18/10/2007 13:11 <DIR> Mozilla ActiveX Control v1.7.12 27/01/2008 09:45 <DIR> Mozilla Firefox 01/01/2008 18:27 <DIR> Mozilla Thunderbird 29/05/2007 21:53 <DIR> MSBuild 10/01/2008 10:49 <DIR> MSI 29/05/2007 14:00 <DIR> MSN 29/05/2007 14:00 <DIR> MSN Gaming Zone 22/01/2008 13:45 <DIR> MSN Messenger 01/06/2007 11:28 <DIR> MSXML 4.0 14/06/2007 09:30 <DIR> MSXML 6.0 25/01/2008 09:52 <DIR> NetMeeting 01/10/2007 18:21 <DIR> NewSoft 06/01/2008 09:58 <DIR> NewTech Infosystems 29/05/2007 14:02 <DIR> Online Services 25/01/2008 09:52 <DIR> Outlook Express 19/01/2008 22:23 <DIR> Panda Software 25/01/2008 20:51 <DIR> Passcape 24/01/2008 09:50 <DIR> Passware 26/10/2007 16:27 <DIR> pcmesh 07/11/2007 12:13 <DIR> PHP 10/01/2008 17:40 <DIR> Pinnacle 06/01/2008 10:15 <DIR> Pinnacle Systems 26/10/2007 11:20 <DIR> Rapid PHP 2007 03/01/2008 02:13 <DIR> Realtek 31/05/2007 07:50 <DIR> Recognita Plus 5.0 29/05/2007 21:46 <DIR> Reference Assemblies 16/01/2008 13:52 <DIR> SAGEM 27/09/2007 16:45 <DIR> ScanSoft 03/01/2008 11:50 <DIR> Setup Files 06/01/2008 09:53 <DIR> SmartSound Software 21/01/2008 19:31 <DIR> SnatchIt! 24/08/2007 08:36 <DIR> Sony Ericsson 20/01/2008 16:05 <DIR> Spyware Doctor 30/05/2007 11:25 <DIR> Symantec 15/06/2007 12:04 <DIR> Thumbs7 30/11/2007 14:15 <DIR> Ulead Systems 20/01/2008 16:30 <DIR> Uniblue 31/05/2007 13:49 <DIR> VideoLAN 26/10/2007 16:33 <DIR> WeBuilder 2007 22/01/2008 15:05 <DIR> Windows Desktop Search 22/01/2008 15:04 <DIR> Windows Live Favorites 22/01/2008 15:04 <DIR> Windows Live Toolbar 25/01/2008 20:31 <DIR> Windows Media Connect 2 25/01/2008 10:07 <DIR> Windows Media Player 25/01/2008 09:51 <DIR> Windows NT 22/01/2008 15:09 <DIR> WinFax 24/01/2008 10:01 <DIR> WinZip 17/01/2008 10:26 <DIR> Wise Registry Cleaner 29/05/2007 14:04 <DIR> xerox 0 File(s) 0 bytes 102 Dir(s) 112.367.886.336 bytes free Volume in drive C is DRIVE_C Volume Serial Number is 747A-C779 Directory of C:\Program Files\common files 11/01/2008 11:33 <DIR> . 11/01/2008 11:33 <DIR> .. 15/06/2007 12:07 <DIR> ACD Systems 10/01/2008 16:05 <DIR> Acronis 30/05/2007 11:09 <DIR> Adobe 03/01/2008 13:28 <DIR> ATI Technologies 31/05/2007 07:50 <DIR> Caere 27/09/2007 16:43 <DIR> CANON 31/05/2007 13:59 <DIR> Concord Shared 30/05/2007 10:57 <DIR> Designer 30/05/2007 11:09 <DIR> FotoNation 09/06/2007 09:29 <DIR> Hewlett-Packard 01/10/2007 16:58 <DIR> HP 01/06/2007 10:58 <DIR> InstallShield 31/05/2007 10:52 <DIR> Jasc Software Inc 04/06/2007 09:37 <DIR> Java 30/05/2007 10:55 <DIR> L&H 22/01/2008 15:10 <DIR> LightScribe 15/10/2007 10:53 <DIR> Microsoft Shared 29/05/2007 14:01 <DIR> MSSoap 08/06/2007 12:09 <DIR> muvee Technologies 08/06/2007 12:11 <DIR> NewTech Infosystems 31/05/2007 13:57 <DIR> Novell Shared 29/05/2007 16:49 <DIR> ODBC 19/01/2008 20:04 <DIR> Panda Software 01/10/2007 18:22 <DIR> PDFView 27/09/2007 16:46 <DIR> ScanSoft Shared 29/05/2007 14:01 <DIR> Services 29/05/2007 16:49 <DIR> SpeechEngines 01/06/2007 11:43 <DIR> SWF Studio 31/05/2007 14:00 <DIR> Symantec Shared 25/01/2008 09:52 <DIR> System 24/08/2007 08:37 <DIR> Teleca Shared 0 File(s) 0 bytes 33 Dir(s) 112.367.886.336 bytes free c:\Documents and Settings\Admin\Local Settings\Temp\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Admin\Local Settings\Temp\Adobe Reader 8\Setup.exe c:\Documents and Settings\Admin\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER.exe c:\Documents and Settings\Admin\Local Settings\Temp\wz454b\RegSearch (Trial).exe c:\Documents and Settings\Admin\Local Settings\Temp\wza26e\avenger.exe c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\C5QBG5IB\WindowsInstaller-KB893803-v2-x86[1].exe c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\CLAZ016B\winzip111[1].exe c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\EZCBM7YD\CDM_Enu_2_5_4_17[1].exe c:\Documents and Settings\Admin\My Documents\RegRun2\Files\explorer.exe c:\Documents and Settings\Admin\My Documents\RegRun2\Files\NTOSKRNL.EXE c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteFTP_CRK.exe c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\cutftp32.exe c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\stub.exe c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\unreg.exe c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\unwise32.exe c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteHTML\cutehtml.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{01B28B7B-EEC6-12D5-5B5A-5A7EBDF5EFBA}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{01E836B9-843A-42F7-9F10-0F261B3B15DA}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{06577CC6-34AC-F592-C982-ACA2C6693F4B}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{09784F06-A9D0-AD2F-9947-4637F8917EED}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{13400EBE-5DE5-48E5-FBDC-27CC4E2FB723}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{14E01A0E-14CF-A34F-6B02-24710B14E4FB}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{1BCAF2AE-302A-515A-12B5-48AF8CCE00FF}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{2BD1F67A-F41E-35FB-75F5-6D1A1D08A478}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{413A49C0-E43E-FE69-D9D5-DBF6B8F24CA4}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{4A106F8A-7C4D-F592-6FA0-71E056236F74}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{554597A5-A57A-9592-A28E-3EBDCFFC5516}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{6045FB3F-5CF6-2157-885B-20BC9DBC6B0A}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{788E737C-54C5-0E5B-2C2D-A5AE5E941765}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{7A6B26B5-6872-B3ED-A644-396778046FE4}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\NewShortcut1_7C4196CACA414F349C087724E7705D52.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{80BDA494-E9FF-2A4C-209B-AC1F84957A72}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{851B7934-1CF6-3CF7-7E60-61E74509279A}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{89C9ECA1-6FCF-CA48-FCB4-E6AD3D2E812E}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{8AA18701-9EFA-6B5D-E199-D55EA27DBC83}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{8CE62CBA-6D7E-B810-20CE-D8159427295A}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{8D5C20A6-5CBF-4D0F-7193-4703DC2F27DF}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{A9759B20-7D00-5BBF-031C-D35B297D3D19}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{ABFB9EA8-2B03-6470-39BD-0535DB3021FC}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{AE7363A2-B18A-1C20-E91A-8D31230A78C7}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B0E062C5-21A4-ADDF-759C-4852A9507AC4}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B38B8FCF-200E-9829-782F-3C47B2629B6F}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B68521B4-5BCA-E327-E0F0-FA5E0704F1B9}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B969515D-747E-1831-B8FC-9BFEF6590F9E}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BE5C71FE-D9F0-9EC8-041C-CC4D7BF5DDF0}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BF2E75D1-E386-E496-D7B7-92C47FD28B4C}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BF707D69-A99C-3D43-F408-266177F59C95}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C5B66459-7020-E809-13A9-B7401550B1D0}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C60A4D74-4922-872B-C801-DFEA30557817}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C6F58E1D-EB38-08F6-76A5-568553A2BA66}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C9D1D844-9AE6-B208-19B1-71967A62DEFC}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{CB803548-1B13-B505-A6BF-2F20B951D0C3}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{D09B05A7-714E-55F2-D9F8-4797641E961D}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{D9DD35C3-0967-1F19-8024-4C2E9202729B}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{EA117E9A-586E-A80E-FB01-D34FE9F1E61F}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{EFCF2EC0-39B9-CF5C-73DA-07DC33F91599}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{F8D32782-613E-7076-4AFD-E7232A23515D}\ARPPRODUCTICON.exe c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{FFF14D52-BE57-EA38-DEA9-B0101D14B1A2}\ARPPRODUCTICON.exe c:\Documents and Settings\All Users\Application Data\eMule\config\libbz2.dll c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteLink.dll c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteSearch.dll c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteShell.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Giorgio\Local Settings\Application Data\eMule\config\libbz2.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_BX-GEORGES.tar.gz a l'adresse http://upload.malekal.com Avec NOD32 ou manuellement je efface srosa.sys hldrrr.exe autolncu.ref wintms.exe et au registre les : hldrrr, srosa, fisrtrrrun, datetime4, wintems Chaque demarage execution "dj_sf_software" - etait repare avec sp1, alors ont doit execute le mis a jour en sp2

Au final Le windows etait affecte par virus. Je utilise PANDA INTERNET SECURITY mais plusiers virus n'aetait pas reconu. Pour scanne les virus je utilise plusiers abtivirus, la solution etait NOD32. Toutes les virus etait installe sur le nouveux installation "windows1", et par la je effecrue les scan a mon disk dur. Le NOD32, a trouver au bebout des virus sur le repertoire de "windows" mais encore n'etait impossible demare le "windows". Suite d'un execution par "windows1" online de trouver des trojan avec http://www.ewido.net/ ne rien trouve au plus, mais vu qui a scanne toutes les files et donc dans le repertoire cache c:\system information le NOD32, a trouve toutes les fichiers affecte par le virus. Apres nettoyage je demare en "windows" et tout marche presque bien, sauf l'udate sp2, l'internet explorer, .. toutes qui ont etait change avant par les updates. Si je ne pas au effectue repear avec le cd xp sp1, aucun probleme. En ce qui concerne le "access is denied" ATTENTION Si windows effectuera une update sur une repertoire user ou autre celleci de windows et program files, n'est pas possible accede de suite si vous demarer pas avec le windows que vous avec cree ou ont etait cree cette repertoires (ex. repertore update autre de repertoire windows - avec "windows1" je effectue les update de sp1 sur le repertoire c:\sp1\ impossible de entreer ou effacer par "windows" - je acceder et efface quand je entrer par "windows1") Merci bcp pour votre effort m'aider

Tout d'abort merci pour votre aide. Non pas encore de solution. Sur le meme disque dur que j'ai le windows vu le probleme avec le ecran bleu ... et si F8 apres ne demarage en safe mode mais non des chargements de utilisation, Windows XP Setup cannot run under safemode. Setup will restart now. De suite je installe le XP sur le repertoire Windows1. Quand je redemare avec Windows1, j'ai access a tout repertoires sauf l'acien user de Windows Giorgio. Je trouver le ntfs.sys sur windows et il est differente en taille avec celleci de wimdows1 (etait fait update). Alors je va esseyer faire Repear avec autre XP CD avec sp2, celle ci que je le a fait etait SP1 les images - Differente celleci de la site avec les images

Je utilisez disque Knoppix, et je ouvre toutes les repetroires de user que je souhaite. Comment je peux faire copy sur une autre repetroire ou disk ? Je le teste mais refuse a faire pour toute autre file, alors mauvaise manupulation.

J'arrive pas au menu, de le chargement en safe mode, fenetre ... ne peux pas continu setup, et je suis oblige de redemare.

Sur XP Home n'existe pas cette image. Demarage windows F8. Il start en safe mode, mais vue que je utiliser repair, ne peut pas continue le setup en safe mode et apres clik redemare. Comment revenir en demarage normal ou annule le setup. Si je va installer a nouveau sans Repear dans le repertoire windows, les files dans le doc-set/userX seront effaces ?? Si non, ne me cause pas de probleme installe a nouveaux toutes les programes, mais je ne souhaite pas perdre mes files de userX