Aller au contenu

AR1971

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

AR1971's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. AR1971
    Salut, J'ai fait la manip avec combofix, voila le log, par contre le scan kaspersky est tellement long que je n'ai pas trouvé de créneau pour qu'il arrive au bout. Ca va venir: ComboFix 08-11-21.04 - Alain 2008-11-23 10:17:06.3 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.363 [GMT 1:00] Lancé depuis: c:\documents and settings\Alain.Z6PO\Mes documents\Downloads\Programs\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Alain.Z6PO\Mes documents\Downloads\Programs\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: c:\windows\System32\drivers\cxqedulq.dat c:\windows\System32\drivers\jmmhwdqe.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\System32\drivers\cxqedulq.dat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PCVULKPP -------\Legacy_SUYKPTCV -------\Service_pcvulkpp -------\Service_suykptcv ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 )))))))))))))))))))))))))))))))))))) . 2008-11-21 16:50 . 2008-11-21 16:50 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-11-21 16:50 . 2008-11-21 16:50 <REP> d-------- c:\documents and settings\Alain.Z6PO\Application Data\Malwarebytes 2008-11-21 16:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-21 16:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-16 10:08 . 2008-11-16 10:08 <REP> d-------- c:\program files\Avira 2008-11-11 17:31 . 2008-11-22 16:36 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-11 17:31 . 2008-11-11 17:31 1,409 --a------ c:\windows\QTFont.for 2008-11-06 22:08 . 2008-11-08 11:08 <REP> d-------- c:\documents and settings\Alain.Z6PO\.housecall6.6 2008-11-04 17:57 . 2008-11-04 17:57 <REP> d-------- c:\program files\Fichiers communs\EZB Systems 2008-11-04 14:45 . 2008-11-12 22:16 <REP> d-------- c:\documents and settings\Alain.Z6PO\Application Data\uTorrent . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 09:24 --------- d-----w c:\documents and settings\Alain.Z6PO\Application Data\DMCache 2008-11-22 09:10 92,160 ----a-w c:\windows\Internet Logs\xDB152.tmp 2008-11-22 08:03 1,836,544 ----a-w c:\windows\Internet Logs\xDB150.tmp 2008-11-16 20:36 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-11-16 09:08 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira 2008-11-13 21:06 --------- d-----w c:\program files\VstPlugins 2008-11-13 21:06 --------- d-----w c:\program files\Toontrack 2008-11-12 21:15 107,008 ----a-w c:\windows\Internet Logs\xDB14F.tmp 2008-11-12 21:15 1,725,440 ----a-w c:\windows\Internet Logs\xDB14E.tmp 2008-11-09 23:03 1,321,984 ----a-w c:\windows\Internet Logs\xDB14D.tmp 2008-11-09 22:40 1,725,440 ----a-w c:\windows\Internet Logs\xDB14C.tmp 2008-11-05 21:51 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 16:33 1,705,472 ----a-w c:\windows\Internet Logs\xDB149.tmp 2008-10-26 11:37 2,478,080 ----a-w c:\windows\Internet Logs\xDB14A.tmp 2008-10-12 16:08 --------- d-----w c:\program files\Fichiers communs\DigiDesign 2008-09-27 08:50 --------- d-----w c:\program files\Ableton 2008-09-27 08:49 --------- d-----w c:\documents and settings\Alain.Z6PO\Application Data\Ableton 2008-09-18 18:51 330,752 ----a-w c:\windows\Internet Logs\xDB14B.tmp 2008-09-18 18:51 1,682,944 ----a-w c:\windows\Internet Logs\xDB148.tmp 2008-09-12 13:12 24,064 ----a-w c:\windows\Internet Logs\xDB147.tmp 2008-09-12 13:12 1,666,048 ----a-w c:\windows\Internet Logs\xDB146.tmp 2008-09-11 10:33 41,984 ----a-w c:\windows\Internet Logs\xDB145.tmp 2008-09-11 10:33 1,666,048 ----a-w c:\windows\Internet Logs\xDB144.tmp 2008-09-08 19:38 643,129 ----a-w c:\program files\unins000.exe 2008-09-08 19:38 2,227 ----a-w c:\program files\unins000.dat 2008-09-01 18:27 15,872 ----a-w c:\windows\Internet Logs\xDB143.tmp 2008-09-01 18:27 1,664,000 ----a-w c:\windows\Internet Logs\xDB142.tmp 2008-08-31 19:00 76,800 ----a-w c:\windows\Internet Logs\xDB141.tmp 2008-08-31 19:00 1,664,000 ----a-w c:\windows\Internet Logs\xDB13F.tmp 2005-12-11 01:51 2,334 ----a-w c:\program files\SolidWorks (2)swxJRNL.BAK 1998-09-29 11:56 10,000 ----a-w c:\windows\inf\unregpn.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-22_13.44.46.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-22 12:39:07 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-11-23 07:52:16 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-11-22 12:39:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-11-23 07:52:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-10-26 10:16:05 52,764 ----a-w c:\windows\system32\perfc009.dat + 2008-11-22 12:41:14 52,764 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 10:16:05 63,614 ----a-w c:\windows\system32\perfc00C.dat + 2008-11-22 12:41:15 63,614 ----a-w c:\windows\system32\perfc00C.dat - 2008-10-26 10:16:05 380,350 ----a-w c:\windows\system32\perfh009.dat + 2008-11-22 12:41:15 380,350 ----a-w c:\windows\system32\perfh009.dat - 2008-10-26 10:16:05 445,016 ----a-w c:\windows\system32\perfh00C.dat + 2008-11-22 12:41:15 445,016 ----a-w c:\windows\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36F66B72-219B-4E52-9C63-E7E868E83CE7}] c:\windows\System32\AgCPanelTraditionalChines.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\utilitaires\creative nano\media source\Detector\CTDetect.exe" [2004-12-02 102400] "SuperCopier.exe"="c:\utilitaires\SuperCopier\SuperCopier.exe" [2003-04-24 683520] "IDMan"="c:\utilitaires\Internet Download Manager\IDMan.exe" [2008-07-15 931248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872] "PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016] "Zone Labs Client"="c:\utilit~1\ZONEAL~1\zlclient.exe" [2004-02-17 693528] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-12 155648] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "WinFaxAppPortStarter"="wfxsnt40.exe" [2000-05-03 c:\windows\system32\WFXSNT40.EXE] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 323646] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2004-12-25 573440] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoLogoff"= 0 (0x0) "EnforceShellExtensionSecurity"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\utilitaires\Symantec\DelFax\WfxSeh32.Dll" [1998-07-27 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.ACDV"= ACDV.dll "VIDC.VDOM"= vdowave.drv [HKLM\~\startupfolder\C:^Documents and Settings^Alain.Z6PO^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk] path=c:\documents and settings\Alain.Z6PO\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk backup=c:\windows\pss\palmOne Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Post-it® Software Notes Lite.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Post-it® Software Notes Lite.lnk backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray] --a------ 2006-08-16 15:56 339968 c:\program files\AGEIA Technologies\TrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2004-09-02 22:57 57344 c:\utilitaires\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2005-10-06 17:03 278528 c:\utilitaires\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-04-12 11:49 155648 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a------ 2002-04-11 03:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-05-15 23:33 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe R0 avgntmgr;avgntmgr;c:\windows\System32\DRIVERS\avgntmgr.sys [2008-11-16 22336] R1 avgntdd;avgntdd;c:\windows\System32\DRIVERS\avgntdd.sys [2008-11-16 45376] R2 DLPortIO;DriverLINX Port I/O Driver;\??\c:\windows\System32\DRIVERS\DLPortIO.SYS [2003-12-14 3584] R2 wfxsvc;DelrinaFax PRO;c:\windows\System32\WFXSVC.EXE [2005-09-21 129536] S3 P0630VID;Creative WebCam Live!;c:\windows\System32\DRIVERS\P0630Vid.sys [2008-01-13 91841] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\System32\DRIVERS\ss_bus.sys [2008-07-08 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\System32\DRIVERS\ss_mdfl.sys [2008-07-08 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\System32\DRIVERS\ss_mdm.sys [2008-07-08 109704] S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\windows\System32\DRIVERS\SWUSBFLT.sys [2003-11-02 3968] S4 hpt3xx;hpt3xx; [] . Contenu du dossier 'Tâches planifiées' 2008-01-02 c:\windows\Tasks\1 Copernic Intra-Daily ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] 2008-01-02 c:\windows\Tasks\2 Copernic Daily ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] 2008-01-02 c:\windows\Tasks\3 Copernic Weekly ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] 2008-01-02 c:\windows\Tasks\4 Copernic Monthly ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 10:24:09 Windows 5.1.2600 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: c:\windows\explorer.exe -> c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\CTSVCCDA.EXE c:\utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\wdfmgr.exe c:\program files\Java\jre1.5.0_01\bin\jucheck.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark 2200 Series\lxbvbmon.exe c:\utilitaires\Symantec\DelFax\WFXMOD32.EXE c:\program files\Logitech\SetPoint\KHALMNPR.exe c:\utilitaires\Internet Download Manager\IEMonitor.exe c:\windows\system32\ZoneLabs\vsmon.exe . ************************************************************************** . Heure de fin: 2008-11-23 10:30:20 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-23 09:30:15 ComboFix2.txt 2008-11-22 12:45:36 Avant-CF: 21 177 835 520 octets libres Après-CF: 21,163,032,576 octets libres 212
  2. AR1971
    Voila le rapport, j'ai vu qu'il a supprimé ma dll; ComboFix 08-11-21.04 - Alain 2008-11-22 13:31:41.2 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.368 [GMT 1:00] Lancé depuis: c:\documents and settings\Alain.Z6PO\Mes documents\Downloads\Programs\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\ftpupd.exe c:\windows\system32\FTPx.dll c:\windows\system32\ldrx32a.exe c:\windows\system32\netreg.exe c:\windows\system32\nhmm.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Legacy_NVCPLSCAN -------\Legacy_VFILT -------\Service_ISODrive ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 )))))))))))))))))))))))))))))))))))) . 2008-11-21 16:50 . 2008-11-21 16:50 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-11-21 16:50 . 2008-11-21 16:50 <REP> d-------- c:\documents and settings\Alain.Z6PO\Application Data\Malwarebytes 2008-11-21 16:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-21 16:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-16 10:08 . 2008-11-16 10:08 <REP> d-------- c:\program files\Avira 2008-11-11 17:31 . 2008-11-17 15:42 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-11 17:31 . 2008-11-11 17:31 1,409 --a------ c:\windows\QTFont.for 2008-11-06 22:08 . 2008-11-08 11:08 <REP> d-------- c:\documents and settings\Alain.Z6PO\.housecall6.6 2008-11-04 17:57 . 2008-11-04 17:57 <REP> d-------- c:\program files\Fichiers communs\EZB Systems 2008-11-04 14:45 . 2008-11-12 22:16 <REP> d-------- c:\documents and settings\Alain.Z6PO\Application Data\uTorrent . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 09:10 92,160 ----a-w c:\windows\Internet Logs\xDB152.tmp 2008-11-22 08:03 1,836,544 ----a-w c:\windows\Internet Logs\xDB150.tmp 2008-11-22 08:03 --------- d-----w c:\documents and settings\Alain.Z6PO\Application Data\DMCache 2008-11-16 20:36 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-11-16 09:08 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira 2008-11-13 21:06 --------- d-----w c:\program files\VstPlugins 2008-11-13 21:06 --------- d-----w c:\program files\Toontrack 2008-11-12 21:15 107,008 ----a-w c:\windows\Internet Logs\xDB14F.tmp 2008-11-12 21:15 1,725,440 ----a-w c:\windows\Internet Logs\xDB14E.tmp 2008-11-09 23:03 1,321,984 ----a-w c:\windows\Internet Logs\xDB14D.tmp 2008-11-09 22:40 1,725,440 ----a-w c:\windows\Internet Logs\xDB14C.tmp 2008-11-05 21:51 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 16:33 1,705,472 ----a-w c:\windows\Internet Logs\xDB149.tmp 2008-10-26 11:37 2,478,080 ----a-w c:\windows\Internet Logs\xDB14A.tmp 2008-10-12 16:08 --------- d-----w c:\program files\Fichiers communs\DigiDesign 2008-09-27 08:50 --------- d-----w c:\program files\Ableton 2008-09-27 08:49 --------- d-----w c:\documents and settings\Alain.Z6PO\Application Data\Ableton 2008-09-18 18:51 330,752 ----a-w c:\windows\Internet Logs\xDB14B.tmp 2008-09-18 18:51 1,682,944 ----a-w c:\windows\Internet Logs\xDB148.tmp 2008-09-12 13:12 24,064 ----a-w c:\windows\Internet Logs\xDB147.tmp 2008-09-12 13:12 1,666,048 ----a-w c:\windows\Internet Logs\xDB146.tmp 2008-09-11 10:33 41,984 ----a-w c:\windows\Internet Logs\xDB145.tmp 2008-09-11 10:33 1,666,048 ----a-w c:\windows\Internet Logs\xDB144.tmp 2008-09-08 19:38 643,129 ----a-w c:\program files\unins000.exe 2008-09-08 19:38 2,227 ----a-w c:\program files\unins000.dat 2008-09-01 18:27 15,872 ----a-w c:\windows\Internet Logs\xDB143.tmp 2008-09-01 18:27 1,664,000 ----a-w c:\windows\Internet Logs\xDB142.tmp 2008-08-31 19:00 76,800 ----a-w c:\windows\Internet Logs\xDB141.tmp 2008-08-31 19:00 1,664,000 ----a-w c:\windows\Internet Logs\xDB13F.tmp 2005-12-11 01:51 2,334 ----a-w c:\program files\SolidWorks (2)swxJRNL.BAK 1998-09-29 11:56 10,000 ----a-w c:\windows\inf\unregpn.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\utilitaires\creative nano\media source\Detector\CTDetect.exe" [2004-12-02 102400] "SuperCopier.exe"="c:\utilitaires\SuperCopier\SuperCopier.exe" [2003-04-24 683520] "IDMan"="c:\utilitaires\Internet Download Manager\IDMan.exe" [2008-07-15 931248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872] "PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016] "Zone Labs Client"="c:\utilit~1\ZONEAL~1\zlclient.exe" [2004-02-17 693528] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-12 155648] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "WinFaxAppPortStarter"="wfxsnt40.exe" [2000-05-03 c:\windows\system32\WFXSNT40.EXE] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312] "Symantec Network Driver Update Warning"="c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-04-30 91256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SRUUninstall"="c:\windows\System32\msiexec.exe" [2005-05-04 78848] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 323646] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2004-12-25 573440] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoLogoff"= 0 (0x0) "EnforceShellExtensionSecurity"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\utilitaires\Symantec\DelFax\WfxSeh32.Dll" [1998-07-27 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.ACDV"= ACDV.dll "VIDC.VDOM"= vdowave.drv [HKLM\~\startupfolder\C:^Documents and Settings^Alain.Z6PO^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk] path=c:\documents and settings\Alain.Z6PO\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk backup=c:\windows\pss\palmOne Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Post-it® Software Notes Lite.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Post-it® Software Notes Lite.lnk backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray] --a------ 2006-08-16 15:56 339968 c:\program files\AGEIA Technologies\TrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2004-09-02 22:57 57344 c:\utilitaires\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2005-10-06 17:03 278528 c:\utilitaires\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-04-12 11:49 155648 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a------ 2002-04-11 03:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-05-15 23:33 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe R0 avgntmgr;avgntmgr;c:\windows\System32\DRIVERS\avgntmgr.sys [2008-11-16 22336] R0 pcvulkpp;pcvulkpp;c:\windows\System32\drivers\cxqedulq.dat [] R1 avgntdd;avgntdd;c:\windows\System32\DRIVERS\avgntdd.sys [2008-11-16 45376] R2 DLPortIO;DriverLINX Port I/O Driver;\??\c:\windows\System32\DRIVERS\DLPortIO.SYS [2003-12-14 3584] R2 wfxsvc;DelrinaFax PRO;c:\windows\System32\WFXSVC.EXE [2005-09-21 129536] S0 suykptcv;suykptcv;c:\windows\System32\drivers\jmmhwdqe.sys [] S3 P0630VID;Creative WebCam Live!;c:\windows\System32\DRIVERS\P0630Vid.sys [2008-01-13 91841] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\System32\DRIVERS\ss_bus.sys [2008-07-08 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\System32\DRIVERS\ss_mdfl.sys [2008-07-08 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\System32\DRIVERS\ss_mdm.sys [2008-07-08 109704] S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\windows\System32\DRIVERS\SWUSBFLT.sys [2003-11-02 3968] S4 hpt3xx;hpt3xx; [] . Contenu du dossier 'Tâches planifiées' 2008-01-02 c:\windows\Tasks\1 Copernic Intra-Daily ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] 2008-01-02 c:\windows\Tasks\2 Copernic Daily ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] 2008-01-02 c:\windows\Tasks\3 Copernic Weekly ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] 2008-01-02 c:\windows\Tasks\4 Copernic Monthly ~Z6PO Alain.job - c:\utilitaires\Copernic Agent\CopernicAgent.exe [2003-09-26 12:56] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{36F66B72-219B-4E52-9C63-E7E868E83CE7} - c:\windows\System32\AgCPanelTraditionalChines.dll BHO-{4928A760-0D61-4137-9DD9-897C467E270B} - (no file) BHO-{C2FA9B8C-068A-4948-ADE2-D191BF273B2F} - (no file) HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe HKU-Default-Run-Windows Update - e.exe HKU-Default-Run-msdev - msdev.exe HKU-Default-Run-Microsoft Windows Update - swwhost.exe HKU-Default-Run-Windows Media Player - hkcmd.exe HKU-Default-Run-MSChoEx - suge.exe HKU-Default-RunOnce-Windows Update - e.exe HKU-Default-RunOnce-msdev - msdev.exe HKU-Default-RunOnce-Microsoft Windows Update - swwhost.exe HKU-Default-RunServices-Windows Media Player - hkcmd.exe MSConfigStartUp-ashMaiSv - c:\utilit~1\avast\ashmaisv.exe MSConfigStartUp-IncrediMail - c:\utilit~1\INCRED~1\bin\IncrediMail.exe MSConfigStartUp-Watch - c:\utilit~1\Minitel\Watch.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Alain.Z6PO\Application Data\Mozilla\Firefox\Profiles\t0pqzlpt.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-22 13:39:41 Windows 5.1.2600 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pcvulkpp] "ImagePath"="system32\drivers\cxqedulq.dat" . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: c:\windows\explorer.exe -> c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\CTSVCCDA.EXE c:\utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\utilitaires\Symantec\DelFax\WFXMOD32.EXE c:\windows\system32\rundll32.exe c:\program files\Lexmark 2200 Series\lxbvbmon.exe c:\program files\Logitech\SetPoint\KHALMNPR.exe c:\utilitaires\Internet Download Manager\IEMonitor.exe . ************************************************************************** . Heure de fin: 2008-11-22 13:45:34 - La machine a redémarré [Alain] ComboFix-quarantined-files.txt 2008-11-22 12:45:27 Avant-CF: 21,183,594,496 octets libres Après-CF: 21,119,864,832 octets libres 226
  3. AR1971
    Salut, Voila j'ai lançé combofix sur mon PC mais il reste bloqué à l'étape 17 et donc je suis coinçé car je n'ose pas l'arrêter rapport à ce que tu m'as dit précédemment; Merci edit: help qui peut m'aider??
  4. AR1971
    J'ai refait un scan antivir, ma dll infectée est toujours présente: Avira AntiVir Personal Report file date: vendredi 21 novembre 2008 17:49 Scanning for 1045520 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Boot mode: Normally booted Username: Alain Computer name: Z6PO Version information: BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:44:03 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 13:44:08 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 13:44:10 ANTIVIR3.VDF : 7.1.0.122 154112 Bytes 21/11/2008 15:35:36 Engineversion : 8.2.0.35 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 18/11/2008 13:44:20 AESCN.DLL : 8.1.1.5 123251 Bytes 18/11/2008 13:44:20 AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 13:44:19 AEPACK.DLL : 8.1.3.4 393591 Bytes 18/11/2008 13:44:18 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 18/11/2008 13:44:17 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 18/11/2008 13:44:16 AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 13:57:15 AEGEN.DLL : 8.1.1.5 323956 Bytes 21/11/2008 15:35:37 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56 AECORE.DLL : 8.1.5.1 172406 Bytes 21/11/2008 15:35:36 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18/11/2008 13:44:11 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Windows System Directory Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Start of the scan: vendredi 21 novembre 2008 17:49 Starting search for hidden objects. '60129' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'IEMonitor.exe' - '1' Module(s) have been scanned Scan process 'WFXMOD32.EXE' - '1' Module(s) have been scanned Scan process 'WFXSVC.EXE' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindService.exe' - '1' Module(s) have been scanned Scan process 'hposol08.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned Scan process 'KEM.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'hpobnz08.exe' - '1' Module(s) have been scanned Scan process 'IDMan.exe' - '1' Module(s) have been scanned Scan process 'CTDetect.exe' - '1' Module(s) have been scanned Scan process 'lxbvbmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'lxbvbmgr.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'WFXSNT40.EXE' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '60' files ). Starting the file scan: Begin scan in 'C:\WINDOWS\System32' C:\WINDOWS\System32\AgCPanelTraditionalChines.dll [DETECTION] Is the TR/BHO.Gen Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The file could not be deleted! [NOTE] Attempting to perform action using the ARK lib. [NOTE] The file was moved to '4bce43c1.qua'! C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9OLIQIX\ymsgr_2.5.3-ppc_install[1].bin [0] Archive type: MacBinary --> Yahoo Messenger 2.5.3 [WARNING] The file could not be read! --> Yahoo Messenger 2.5.3.rsrc [WARNING] The file could not be read! End of the scan: vendredi 21 novembre 2008 18:07 Used time: 17:44 Minute(s) The scan has been done completely. 201 Scanning directories 10074 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 10073 Files not concerned 10 Archives were scanned 3 Warnings 1 Notes 60129 Objects were scanned with rootkit scan 0 Hidden objects were found
  5. AR1971
    Voila le resultat MAM: Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1414 Windows 5.1.2600 Service Pack 1 21/11/2008 17:33:56 mbam-log-2008-11-21 (17-33-56).txt Type de recherche: Examen rapide Eléments examinés: 62678 Temps écoulé: 8 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cssrss.exe (Backdoor.Knocker) -> Quarantined and deleted successfully.
  6. AR1971
    Logfile of HijackThis v1.99.1 Scan saved at 22:06:48, on 20/11/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\UTILIT~1\ZONEAL~1\zlclient.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\System32\wfxsnt40.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Utilitaires\creative nano\media source\Detector\CTDetect.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\Utilitaires\Internet Download Manager\IDMan.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Utilitaires\Symantec\DelFax\WFXMOD32.EXE C:\Utilitaires\Internet Download Manager\IEMonitor.exe C:\Utilitaires\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Utilitaires\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {36F66B72-219B-4E52-9C63-E7E868E83CE7} - C:\WINDOWS\System32\AgCPanelTraditionalChines.dll O2 - BHO: (no name) - {4928A760-0D61-4137-9DD9-897C467E270B} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\UTILIT~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2FA9B8C-068A-4948-ADE2-D191BF273B2F} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\UTILIT~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Zone Labs Client] C:\UTILIT~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Creative Detector] "C:\Utilitaires\creative nano\media source\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [superCopier.exe] C:\Utilitaires\SuperCopier\SuperCopier.exe O4 - HKCU\..\Run: [iDMan] C:\Utilitaires\Internet Download Manager\IDMan.exe /onboot O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Utilitaires\Copernic Agent\Web\SearchExt.htm O8 - Extra context menu item: Download all links with IDM - C:\Utilitaires\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Utilitaires\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Utilitaires\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTILIT~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTILIT~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.9online.fr O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB18902-A3AB-4898-B2D8-5B69D5E085C1}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  7. AR1971
    Salut, Voila, j'ai un fichier infecté que je n'arrive pas à supprimer; je connaissais OTmoveit, mais je ne le trouve plus; quel logiciel utilisez vous faire ce travail? Merci EDIT: Voila j'ai trouvé otmoveit mais je ne peux pas le faire fonctionner, donc je poste un rapport HJT; je précise que j'ai déja nettoyé mon pc de font en comble avec suppréssion de tous les fichiers temp et internet avec ccleaner, scan et suppression de spyware et scan antivirus en mode sans échec, il ne me reste qu'une dll infectée (enfin je pense, mais je ne suis pas expert) que je n'arrive pas a supprimer. Donc si qqun peut m'aider merci d'avance.
  8. AR1971
    Bonjour, Merci beaucoup pour votre aide pear, grace à vous mon pc est a présent presque nickel, merci encore.
  9. AR1971
    Bonsoir, Voila le scan kas; il y a des choses à voir en effet; je vais nettoyer mais j'attend vos conseils d'abord. Merci ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, February 21, 2008 10:22:11 PM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 21/02/2008 Kaspersky Anti-Virus database records: 574259 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 138128 Number of viruses found: 10 Number of infected objects: 23 Number of suspicious objects: 0 Duration of the scan process: 02:25:55 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Alain.Z6PO\.housecall6.6\Quarantine\coinstm.dll.bac_a00228 Infected: Trojan.Win32.Pakes.cdw skipped C:\Documents and Settings\Alain.Z6PO\Application Data\3M\PSNotes\PSNData Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Application Data\Mozilla\Firefox\Profiles\t0pqzlpt.default\history.dat Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Application Data\Mozilla\Firefox\Profiles\t0pqzlpt.default\parent.lock Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Application Data\Mozilla\Firefox\Profiles\t0pqzlpt.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Application Data\Mozilla\Firefox\Profiles\t0pqzlpt.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Application Data\Mozilla\Firefox\Profiles\t0pqzlpt.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Application Data\Mozilla\Firefox\Profiles\t0pqzlpt.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Historique\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\dat1A.tmp Infected: Trojan-Downloader.Win32.Agent.hzx skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\flaB0B.tmp Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\~DFF91F.tmp Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Temporary Internet Files\Content.IE5\KHGHMJG1\install_fr[1].cab/UGA6PV_0001_N122M2910NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped C:\Documents and Settings\Alain.Z6PO\Local Settings\Temporary Internet Files\Content.IE5\KHGHMJG1\install_fr[1].cab CAB: infected - 1 skipped C:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX6.2.5\keygen.exe Infected: not-a-virus:PSWTool.Win32.GetPass.h skipped C:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\kazaa_lite_202zip.zip/kazaa_lite_202_english.exe/data0014 Infected: not-a-virus:AdWare.Win32.Altnet.o skipped C:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\kazaa_lite_202zip.zip/kazaa_lite_202_english.exe Infected: not-a-virus:AdWare.Win32.Altnet.o skipped C:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\kazaa_lite_202zip.zip ZIP: infected - 2 skipped C:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Mirc6.12US_GetoneV1.zip/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Mirc6.12US_GetoneV1.zip ZIP: infected - 1 skipped C:\Documents and Settings\Alain.Z6PO\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Alain.Z6PO\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluebeam Software\Brewery\V4\Printer Support\BBPDFPortMon.log Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped C:\Jeux\cosmopolitan virtual look\exe\DSSAGENT.EXE Infected: not-a-virus:AdWare.Win32.Background skipped C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\logs\starwind.2008-02-21.12-29-32.log Object is locked skipped C:\Utilitaires\MircCaamelot\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Utilitaires\MircServer2\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Utilitaires\MircServer3\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Utilitaires\MircServer4\download\mirc_+_invision_+_fserver_configuration_complete\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Utilitaires\MircServer4\download\mirc_+_invision_+_fserver_configuration_complete\mirc612.exe mIRC: infected - 1 skipped C:\Utilitaires\MircServer4\download\mirc_+_invision_+_fserver_configuration_complete.rar/mirc_+_invision_+_fserver_configuration_complete/mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Utilitaires\MircServer4\download\mirc_+_invision_+_fserver_configuration_complete.rar/mirc_+_invision_+_fserver_configuration_complete/mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Utilitaires\MircServer4\download\mirc_+_invision_+_fserver_configuration_complete.rar RAR: infected - 2 skipped C:\Utilitaires\MircServer4\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped C:\Utilitaires\Mirc_Caamelot\Mirc_Download\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped C:\Utilitaires\NOD32\nod32\cache\CACHE.NDB Object is locked skipped C:\Utilitaires\NOD32\nod32\infected\IBK03VBA.NQF Infected: Trojan.Win32.Inject.mf skipped C:\Utilitaires\NOD32\nod32\logs\virlog.dat Object is locked skipped C:\Utilitaires\NOD32\nod32\logs\warnlog.dat Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status.WFD Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status.WFF Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status.WFG Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status.WFR Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status.WFX Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status2.WFD Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status2.WFG Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status2.WFX Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status3.WFD Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status3.WFG Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\Status3.WFX Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\StatusS.WFD Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\StatusS.WFG Object is locked skipped C:\Utilitaires\Symantec\DelFax\Donnees\StatusS.WFX Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\Internet Logs\Z6PO.ldb Object is locked skipped C:\WINDOWS\MEMORY.DMP Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\ZLT018bd.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\X4\Telemaintenance\VNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped Scan process completed.
  10. AR1971
    Ok cette fois ça a marché, vous voyez autre chose à faire?
  11. AR1971
    Coriace le ficher!! Ca marche pas; le log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ldsvmpif ******************* Script file located at: \??\C:\WINDOWS\System32\klrxqqce.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Could not open file C:\WINDOWS\SYSTEM32\coinstm.dll for deletion Deletion of file C:\WINDOWS\SYSTEM32\coinstm.dll failed! Could not process line: C:\WINDOWS\SYSTEM32\coinstm.dll Status: 0xc0000022 Completed script processing. ******************* Finished! Terminate.
  12. AR1971
    Bonjour, La killbox ne fonctionne pas comme vous l'indiquez: je répond oui au delete on reboot mais après j'ai un message "verifying registry entries" puis boite de dialogue alerte "Pending filenameoperatios registry data has been removed by external process!" Je met ok, je ferme et je redémarre la dll est tjs là. Merci pour votre aide
  13. AR1971
    Bonsoir, Voici le log antivir: AntiVir PersonalEdition Classic Report file date: dimanche 17 février 2008 20:21 Scanning for 1036370 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: Alain Computer name: Z6PO Version information: BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46 ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02 ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36 AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: quarantine Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 17 février 2008 20:21 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 10 processes with 10 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '49' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Alain.Z6PO\Application Data\Thunderbird\Profiles\v478hxlo.default\Mail\Local Folders\Inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "Citibank" <[email protected]>][subject: Citibank - confirm your online account access! ][Message-ID: <[email protected]]2260.mim [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/CitiBkfraud.2 --> Mailbox_[Message-ID: <[email protected]>][From: Reginald Koch <[email protected]>][subject: True Love]2834.mim [1] Archive type: MIME --> flashpostcard.zl9 [DETECTION] Is the Trojan horse TR/Small.DBY.K [WARNING] The file was ignored! C:\Documents and Settings\Alain.Z6PO\Application Data\Thunderbird\Profiles\v478hxlo.default\Mail\Local Folders\Junk [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "Citibank" <[email protected]>][subject: Citibank - confirm your online account access! ][Message-ID: <[email protected]]1558.mim [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/CitiBkfraud.2 [WARNING] The file was ignored! End of the scan: dimanche 17 février 2008 22:12 Used time: 1:51:06 min The scan has been done completely. 8035 Scanning directories 326202 Files were scanned 3 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 326199 Files not concerned 8471 Archives were scanned 3 Warnings 338 Notes et le hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 21:51:22, on 18/02/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\UTILIT~1\ZONEAL~1\zlclient.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\System32\wfxsnt40.exe C:\Utilitaires\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Utilitaires\NOD32\nod32\nod32kui.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Utilitaires\creative nano\media source\Detector\CTDetect.exe C:\Utilitaires\SuperCopier\SuperCopier.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\Utilitaires\NOD32\nod32\nod32krn.exe C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Utilitaires\palmone\Hotsync.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Utilitaires\Symantec\DelFax\WFXMOD32.EXE C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Utilitaires\firefox105\firefox.exe C:\Utilitaires\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Utilitaires\Xi\NetXfer\NXIEHelper.dll O2 - BHO: (no name) - {C2FA9B8C-068A-4948-ADE2-D191BF273B2F} - C:\WINDOWS\System32\coinstm.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\UTILIT~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Utilitaires\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Zone Labs Client] C:\UTILIT~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Utilitaires\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nod32kui] "C:\Utilitaires\NOD32\nod32\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe" O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKCU\..\Run: [Creative Detector] "C:\Utilitaires\creative nano\media source\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [superCopier.exe] C:\Utilitaires\SuperCopier\SuperCopier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: HotSync Manager.lnk = C:\Utilitaires\palmone\Hotsync.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Utilitaires\PSNLite\PsnLite.exe O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Utilitaires\Copernic Agent\Web\SearchExt.htm O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Utilitaires\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Télécharger avec NetXfer - C:\Utilitaires\Xi\NetXfer\NXAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.9online.fr O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB18902-A3AB-4898-B2D8-5B69D5E085C1}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Utilitaires\NOD32\nod32\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  14. AR1971
    voici le resultat de otmove mais au premier coup il s'est figé donc je n'ai pas sauvegardé le résultat; à la deuxieme tentative ça donne ça: C:\WINDOWS\system32\coinstm.dll unregistered successfully. File move failed. C:\WINDOWS\system32\coinstm.dll scheduled to be moved on reboot. File/Folder not found. File/Folder [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2FA9B8C-068A-4948-ADE2-D191BF273B2F}] not found. File/Folder [HKEY_CuRRENT_USER\Software\Classes\CLSID\{C2FA9B8C-068A-4948-ADE2-D191BF273B2F}] not found. OTMoveIt2 v1.0.20 log created on 02162008_201931
  15. AR1971
    Merci de votre aide, voici le log: DiagHelp version v1.4 - http://www.malekal.com excute le 16/02/2008 à 13:39:10,59 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->16/02/2008 13:38:57 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->16/02/2008 13:38:52 C:\WINDOWS\prefetch\WINRAR.EXE-01B43BF9.pf -->16/02/2008 13:37:18 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->16/02/2008 11:02:53 C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->16/02/2008 11:01:36 C:\WINDOWS\prefetch\REGEDT32.EXE-11878ACD.pf -->16/02/2008 11:01:34 C:\WINDOWS\prefetch\MSNMSGR.EXE-366A1A81.pf -->16/02/2008 11:01:21 C:\WINDOWS\prefetch\FIREFOX.EXE-12792F4F.pf -->16/02/2008 10:35:44 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->16/02/2008 10:23:04 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-0809EB98.pf -->16/02/2008 10:22:33 C:\WINDOWS\System32\drivers\cxqedulq.dat -->01/01/2008 12:41:27 C:\WINDOWS\System32\drivers\atksgt.sys -->14/10/2006 18:14:27 C:\WINDOWS\System32\drivers\lirsgt.sys -->14/10/2006 18:14:25 C:\WINDOWS\System32\drivers\cdralw2k.sys -->05/10/2006 03:42:42 C:\WINDOWS\System32\drivers\cdr4_xp.sys -->05/10/2006 03:42:42 C:\WINDOWS\System32\drivers\pxhelp20.sys -->27/09/2006 22:53:22 C:\WINDOWS\System32\drivers\amon.sys -->18/09/2006 09:05:35 C:\WINDOWS\System32\vsconfig.xml -->16/02/2008 10:01:30 C:\WINDOWS\System32\wpa.dbl -->16/02/2008 04:28:19 C:\WINDOWS\System32\imon1.dat -->01/01/2008 21:52:52 C:\WINDOWS\System32\FNTCACHE.DAT -->25/12/2007 11:44:52 C:\WINDOWS\System32\mlfcache.dat -->12/12/2007 11:17:52 C:\WINDOWS\System32\gafilter.sti -->01/12/2007 18:36:52 C:\WINDOWS\System32\gaeffect.sti -->01/12/2007 18:36:51 C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 14:54:06 C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 14:54:06 C:\WINDOWS\System32\perfh009.dat -->28/10/2007 14:54:06 C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 14:54:06 C:\WINDOWS\System32\perfc009.dat -->28/10/2007 14:54:06 C:\WINDOWS\System32\ssldivx.dll -->27/07/2007 00:06:12 C:\WINDOWS\System32\libdivx.dll -->27/07/2007 00:06:12 C:\WINDOWS\System32\sirenacm.dll -->19/01/2007 12:53:04 C:\WINDOWS\System32\Adiboud'chou.lnk -->15/12/2006 20:50:54 C:\WINDOWS\System32\fgbs81.sys -->13/12/2006 10:54:03 C:\WINDOWS\System32\REX Shared Library.dll -->04/10/2006 13:13:16 C:\WINDOWS\System32\NI_IRC_1_2.dll -->04/10/2006 13:13:16 C:\WINDOWS\System32\NI_DFD_1_5.dll -->04/10/2006 13:13:16 C:\WINDOWS\System32\bconvert.dll -->04/10/2006 13:13:16 C:\WINDOWS\System32\vxblock.dll -->27/09/2006 22:53:23 C:\WINDOWS\System32\pxwave.dll -->27/09/2006 22:53:23 C:\WINDOWS\System32\pxmas.dll -->27/09/2006 22:53:22 C:\WINDOWS\System32\pxhpinst.exe -->27/09/2006 22:53:22 C:\WINDOWS\setupact.log -->16/02/2008 10:05:40 C:\WINDOWS.log -->16/02/2008 10:00:59 C:\WINDOWS\win.ini -->16/02/2008 10:00:07 C:\WINDOWS\wiadebug.log -->16/02/2008 09:59:35 C:\WINDOWS\wiaservc.log -->16/02/2008 09:59:29 C:\WINDOWS\bootstat.dat -->16/02/2008 09:59:02 C:\WINDOWS\ntbtlog.txt -->16/02/2008 09:57:56 C:\WINDOWS\SchedLgU.Txt -->16/02/2008 05:00:38 C:\WINDOWS\DYNAZIP.LOG -->13/02/2008 08:45:39 C:\WINDOWS\QTFont.qfn -->11/02/2008 14:15:27 C:\WINDOWS\QTFont.for -->11/02/2008 14:15:27 C:\WINDOWS\NeroDigital.ini -->22/01/2008 18:48:03 C:\WINDOWS\wmsetup.log -->22/01/2008 18:23:54 C:\WINDOWS\DPINST.LOG -->14/01/2008 15:44:33 C:\WINDOWS\Setup.log -->13/01/2008 15:01:23 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1952 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0xf9000 6.00.2800.1106 C:\WINDOWS\Explorer.EXE 0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll 0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll 0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll 0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll 0x75f10000 0xfc000 6.00.2800.1106 C:\WINDOWS\System32\BROWSEUI.dll 0x76960000 0x14a000 6.00.2800.1106 C:\WINDOWS\System32\SHDOCVW.dll 0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\UxTheme.dll 0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll 0x5b950000 0x72000 6.00.2800.1106 C:\WINDOWS\System32\themeui.dll 0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\ACTXPRXY.DLL 0x76ac0000 0x15000 3.00.9435.0000 C:\WINDOWS\System32\ATL.DLL 0x76080000 0x7a000 6.00.2800.1106 C:\WINDOWS\System32\urlmon.dll 0x74aa0000 0x43000 6.00.2800.1106 C:\WINDOWS\System32\webcheck.dll 0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll 0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll 0x01820000 0x201000 2.00.2600.1106 C:\WINDOWS\System32\msi.dll 0x56780000 0xc000 C:\Utilitaires\SuperCopier\SCHook.DLL 0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll 0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll 0x76190000 0x99000 6.00.2800.1106 C:\WINDOWS\system32\WININET.dll 0x10100000 0x16000 C:\Program Files\Logitech\SetPoint\lgscroll.dll 0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll 0x723a0000 0x13000 6.00.2800.1106 C:\WINDOWS\System32\browselc.dll 0x10000000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\System32\MSVCR71.dll 0x02910000 0xbb000 1.03.0000.0012 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 0x5f140000 0x1a000 5.00.5014.0000 C:\WINDOWS\System32\olepro32.dll 0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll 0x20b00000 0x45000 2.51.0020.0000 C:\WINDOWS\System32\imon.dll 0x20c00000 0xd000 C:\Utilitaires\NOD32\nod32\pr_imon.dll 0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll 0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll 0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll 0x72380000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll 0x21670000 0xd000 9.00.0098.0727 C:\Utilitaires\Symantec\DelFax\WfxSeh32.Dll 0x20000000 0x57000 1.01.0000.0500 C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll 0x00d10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x02180000 0x99000 10.00.0000.0168 C:\Program Files\Graphisoft\ArchiCAD 10\GSShellX.dll 0x00920000 0x29000 C:\Utilitaires\Winrar3.11\rarext.dll 0x00d50000 0x10000 1.07.0001.0000 C:\Utilitaires\QuickSFV\QSFVShll.dll 0x00da0000 0x10000 C:\Utilitaires\NOD32\nod32\nodshex.dll 0x02320000 0x68000 C:\UTILIT~1\AQUARE~1\A2CONT~1.DLL 0x016a0000 0x3a000 C:\WINDOWS\System32\coinstm.dll 0x74780000 0x2b7000 6.00.2800.1106 C:\WINDOWS\System32\mshtml.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 592 Command line: winlogon.exe Base Size Version Path 0x01000000 0x84000 \??\C:\WINDOWS\system32\winlogon.exe 0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll 0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll 0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll 0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll 0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\COMCTL32.dll 0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll 0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll 0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll 0x76b70000 0x20000 6.00.2800.1106 C:\WINDOWS\System32\SHSVCS.dll 0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll 0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\uxtheme.dll 0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll 0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll 0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2899-7B24 Répertoire de C:\WINDOWS\temp 31/05/2005 18:02 65 536 CTPBSEQ.EXE 07/10/2002 12:00 385 024 HXFSETUP.EXE 2 fichier(s) 450 560 octets 0 Rép(s) 10 032 844 800 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2899-7B24 Répertoire de C:\WINDOWS\system32 28/08/2001 13:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 10 032 844 800 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2899-7B24 Répertoire de C:\WINDOWS\Downloaded Program Files 17/09/2007 11:05 <REP> . 17/09/2007 11:05 <REP> .. 07/08/2003 09:02 110 592 asinst.dll 07/08/2003 09:06 525 asinst.inf 07/10/2004 22:16 815 bitdefender.inf 07/10/2004 23:05 327 680 bitdefender.ocx 26/10/2004 18:11 241 CabSA.inf 18/10/2003 14:45 65 desktop.ini 09/02/2005 15:54 1 271 erma.inf 12/07/2000 03:02 36 864 fxfileop.dll 25/06/2003 09:56 467 launchie.inf 20/01/2000 14:25 1 162 Microsoft XML Parser for Java.osd 26/10/2004 18:14 160 928 rufsi.dll 27/08/2005 13:30 5 065 swflash.inf 31/10/2001 11:37 118 uninst.bat 30/06/2003 22:41 1 689 WMV9VCM.inf 09/06/2004 16:51 1 777 xscan.inf 09/06/2004 16:56 435 712 xscan53.ocx 16 fichier(s) 1 084 971 octets Total des fichiers listés : 16 fichier(s) 1 084 971 octets 2 Rép(s) 10 032 844 800 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-16 13:41:44 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden services & system hive ... IPC error: 2 Le fichier spécifié est introuvable. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40] "ujdew"=hex:20,02,00,00,49,83,88,08,bd,f6,eb,9b,59,15,a9,51,a2,72,d4,86,57,.. "ljej40"=hex:fa,b5,57,9b,f6,48,bf,25,cc,3f,c3,f2,c5,7a,45,aa,cb,7a,31,04,2f,.. "ljej41"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,.. "ljej42"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,.. "ljej43"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,.. "ljej44"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 388 - firefox.exe 476 - atiptaxx.exe 500 - zlclient.exe 564 - nod32kui.exe 568 - csrss.exe 592 - winlogon.exe 780 - CDAC11BA.EXE 900 - nod32krn.exe 952 - WFXMOD32.EXE 1052 - svchost.exe 1144 - services.exe 1156 - lsass.exe 1324 - svchost.exe 1404 - Hotsync.exe 1424 - svchost.exe 1544 - vsmon.exe 1620 - KEM.exe 1952 - explorer.exe 2376 - iPodService.exe 2956 - msnmsgr.exe 3228 - usnsvc.exe 4040 - cmd.exe Total number of processes = 23 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D4000 - \WINDOWS\system32\ntoskrnl.exe 806C8000 - \WINDOWS\system32\hal.dll F8A36000 - \WINDOWS\system32\KDCOM.DLL F8946000 - \WINDOWS\system32\BOOTVID.dll F84EE000 - Vax347b.sys F84C2000 - ACPI.sys F8A38000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F8536000 - pci.sys F8546000 - isapnp.sys F87B6000 - cxqedulq.dat F8AFE000 - pciide.sys F87BE000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F8556000 - MountMgr.sys F84A3000 - ftdisk.sys F8A3A000 - dmload.sys F847F000 - dmio.sys F87C6000 - PartMgr.sys F8566000 - VolSnap.sys F8469000 - F8A3C000 - Vax347s.sys F8452000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F8576000 - disk.sys F8586000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F8596000 - PxHelp20.sys F843E000 - KSecDD.sys F83B4000 - Ntfs.sys F838B000 - NDIS.sys F894A000 - RecAgent.sys F85A6000 - ohci1394.sys F85B6000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F894E000 - nv_agp.sys F8371000 - Mup.sys F8776000 - \SystemRoot\System32\DRIVERS\processr.sys F802E000 - \SystemRoot\System32\DRIVERS\usbohci.sys F70F5000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F891E000 - \SystemRoot\System32\DRIVERS\usbehci.sys F70E1000 - \SystemRoot\System32\DRIVERS\NVENET.sys F8926000 - \SystemRoot\system32\drivers\nvax.sys F8786000 - \SystemRoot\System32\DRIVERS\imapi.sys F8936000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys F893E000 - \SystemRoot\system32\drivers\ASAPIW2k.sys F8796000 - \SystemRoot\System32\Drivers\AFS2K.SYS F87A6000 - \SystemRoot\System32\DRIVERS\cdrom.sys F85E6000 - \SystemRoot\System32\DRIVERS\redbook.sys F70C1000 - \SystemRoot\System32\DRIVERS\ks.sys F702C000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys F701A000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F87EE000 - \SystemRoot\System32\DRIVERS\fdc.sys F85F6000 - \SystemRoot\System32\DRIVERS\serial.sys F7CA0000 - \SystemRoot\System32\DRIVERS\serenum.sys F7007000 - \SystemRoot\System32\DRIVERS\parport.sys F71A7000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7197000 - \SystemRoot\System32\DRIVERS\L8042mou.Sys F7187000 - \SystemRoot\System32\DRIVERS\LMouKE.Sys F87F6000 - \SystemRoot\System32\DRIVERS\mouclass.sys F7C9C000 - \SystemRoot\System32\DRIVERS\L8042Kbd.sys F87FE000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F8C68000 - \SystemRoot\System32\DRIVERS\audstub.sys F8A9E000 - \SystemRoot\System32\Drivers\RootMdm.sys F8806000 - \SystemRoot\System32\Drivers\Modem.SYS F7177000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F7C98000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F6FF1000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F7167000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F7157000 - \SystemRoot\System32\DRIVERS\raspptp.sys F7C94000 - \SystemRoot\System32\DRIVERS\TDI.SYS F6FA7000 - \SystemRoot\System32\DRIVERS\psched.sys F7147000 - \SystemRoot\System32\DRIVERS\msgpc.sys F881E000 - \SystemRoot\System32\DRIVERS\ptilink.sys F8826000 - \SystemRoot\System32\DRIVERS\raspti.sys F6F7A000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F8606000 - \SystemRoot\System32\DRIVERS\termdd.sys F8B91000 - \SystemRoot\System32\DRIVERS\swenum.sys F8616000 - \SystemRoot\System32\Drivers\NDProxy.SYS F8626000 - \SystemRoot\System32\DRIVERS\usbhub.sys F8AAC000 - \SystemRoot\System32\DRIVERS\USBD.SYS F6F34000 - \SystemRoot\system32\drivers\nvapu.sys F6F13000 - \SystemRoot\system32\drivers\portcls.sys F8656000 - \SystemRoot\system32\drivers\drmk.sys F6E42000 - \SystemRoot\system32\drivers\nvmcp.sys F6E31000 - \SystemRoot\system32\drivers\nvarm.sys F8ABC000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8BC8000 - \SystemRoot\System32\Drivers\Null.SYS F8ABE000 - \SystemRoot\System32\Drivers\Beep.SYS F883E000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F8846000 - \SystemRoot\System32\drivers\vga.sys F8AC0000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8AC2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F884E000 - \SystemRoot\System32\Drivers\Msfs.SYS F8856000 - \SystemRoot\System32\Drivers\Npfs.SYS F8A26000 - \SystemRoot\System32\DRIVERS\rasacd.sys F86A6000 - \SystemRoot\System32\DRIVERS\ipsec.sys A6F66000 - \SystemRoot\System32\DRIVERS\tcpip.sys A6F26000 - \SystemRoot\System32\Drivers\SYMTDI.SYS A6F13000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS A6EEC000 - \SystemRoot\System32\DRIVERS\netbt.sys F86B6000 - \SystemRoot\System32\DRIVERS\netbios.sys A6EC4000 - \SystemRoot\System32\DRIVERS\rdbss.sys F8BFA000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS A6E60000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F86C6000 - \SystemRoot\System32\Drivers\Fips.SYS F86D6000 - \SystemRoot\System32\Drivers\Cdfs.SYS A6E22000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8AD2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F89F6000 - \SystemRoot\System32\watchdog.sys F8A0A000 - \SystemRoot\System32\drivers\Dxapi.sys BFF80000 - \SystemRoot\System32\drivers\dxg.sys F8B3D000 - \SystemRoot\System32\drivers\dxgthk.sys BF9BB000 - \SystemRoot\System32\ati2dvag.dll BFA09000 - \SystemRoot\System32\ati3duag.dll F8766000 - \SystemRoot\System32\DRIVERS\wanarp.sys A6CC1000 - \SystemRoot\System32\drivers\afd.sys A6D6E000 - \SystemRoot\System32\drivers\ws2ifsl.sys A6CAC000 - \SystemRoot\System32\DRIVERS\nwlnkipx.sys F86F6000 - \SystemRoot\System32\DRIVERS\nwlnknb.sys A6D4E000 - \SystemRoot\System32\DRIVERS\ndisuio.sys A6B85000 - \??\C:\WINDOWS\System32\vsdatant.sys A6DD2000 - \SystemRoot\System32\DRIVERS\nwlnkspx.sys A6992000 - \SystemRoot\system32\drivers\wdmaud.sys A6B2D000 - \SystemRoot\system32\drivers\sysaudio.sys A670D000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F8ABA000 - \SystemRoot\System32\Drivers\ParVdm.SYS A6643000 - \??\C:\WINDOWS\System32\drivers\amon.sys F8816000 - \SystemRoot\System32\drivers\aspi32.sys A661A000 - \SystemRoot\System32\DRIVERS\atksgt.sys A6AAD000 - \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS F88BE000 - \??\C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS A66C5000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys F8B70000 - \??\C:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\IcProg\icprog.sys F88D6000 - \SystemRoot\System32\DRIVERS\lirsgt.sys A6502000 - \SystemRoot\System32\DRIVERS\secdrv.sys A6489000 - \SystemRoot\System32\DRIVERS\srv.sys A617F000 - \SystemRoot\SYSTEM32\DRIVERS\WibuKey.sys F8BD3000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 135 Liste des programmes installes 6.1 a-squared Free 1.6 ACDSee Pro 2 Ad-Aware SE Personal Adibou et Les Voleurs d'Energie Adobe Reader 7.0.5 - Français AGEIA PhysX v2.5.1 ArchiCAD 10 R1 FRA ArchiCAD 9 FRA Archiveur WinRAR ATI Control Panel ATI Display Driver Audacity 1.2.4 AutoUpdate Azureus BSPlayer BSPlayer Camera Window Canon Internet Library for ZoomBrowser EX Canon PhotoRecord Canon Utilities File Viewer Utility 1.2 Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.7 Canon Utilities ZoomBrowser EX CartoExploreur 3 CartoExploreur 3 CD-reef version S129 (édition 2002.3) CDex 1.40 Fr [Extraction Audio] CIG CloneCD Commande ECHO désactivée. Company of Heroes Copernic Agent Professional Correctif Windows XP - KB824146 COSMOPOLITAN Virtual Look 3 Creative Mass Storage Drivers Creative Mass Storage Drivers Creative MediaSource Creative System Information Creative WebCam Center Creative WebCam Live! Driver (1.02.03.0606) Creative Zen Nano Plus dBpowerAMP Musepack Codec dBpowerAMP Music Converter DENIBE Deutz Engine Diagnostic Sésam Vitale Direct Show Ogg Vorbis Filter (remove only) Disney Dessinez, c'est Disney 2 DivX DivX Content Uploader DivX Converter DivX Player DivX Web Player Documents To Go Dora Sakado E.G.S. EAX Unified Emidal Enregistrement du produit WebCam Live! Fenêtre d'appareil photo Canon pour ZoomBrowser EX File Viewer Utility 1.2.2 FunProm v2.49.11 GAEA 1.4 Guitar Pro 5.2 HijackThis 1.99.1 hp psc 2100 series Indeo® software Installer Yahoo! Messenger iTunes iTunes J2SE Runtime Environment 5.0 Update 1 Jasc Paint Shop Pro 8 Lapin Malin Maternelle 1 & Mon 1er Lapin Malin Lecteur Windows Media 10 Lemmings Revolution LiveAdvisor (Symantec Corporation) LiveUpdate Living 3D Dinosaurs Full Screen Saver Logitech SetPoint Macromedia Flash Player 8 Macromedia Shockwave Player MasterCook 5 : LGLC Max et Claire - Logique Microsoft .NET Framework 1.1 Microsoft Office 2000 Professional Microsoft PowerPoint Viewer 97 Microsoft Speech API 3.0 Microsoft Word Viewer 97 mIRC Mozilla Firefox (0.8.) Mozilla Firefox (1.0.4) Mozilla Firefox (1.5.0.12) Mozilla Thunderbird (1.5.0.14) MSXML 4.0 SP2 Parser and SDK Native Instruments Battery 3 Nero 6 Ultra Edition NetXfer 2.52.386 NOD32 Antivirus System NOD32 FiX v2.1 NVIDIA Audio Driver Office Animation Runtime OgcDrv OgcDrv palmOne PartitionMagic Photo et imagerie HP 1.0 - PSC 2000 Series Photo et imagerie HP 1.0 - PSC 2000 Series Photo et imagerie HP 1.0 - PSC 2000 Series Pilote PhotoStitch Picasa 2 Pilotes NVIDIA nForce pour Windows 2000/XP PinnacleHollywood FX 5 Post-it® Software Notes Lite PowerQuest PartitionMagic 8.0 PrintMaster QuickSFV (Remove only) QuickTime QuickTime Readiris 7.5 RealFlight G2 Simulator RealPlayer RemoteCapture 2.7.2 Réseau France Bayo Réseau France Bayo Réseau France BdAlti Réseau France BdAlti Réseau France BdNyme Réseau France BdNyme SafeCast Shared Components SdLL - Superélèves maternelle GS SERIE+4000 SightSpeed (remove only) Solar System 3D Screensaver 1.1 SolidWorks 2004 SP0 Sproink Spybot - Search & Destroy 1.3 Studio 9 SuperCopier Switchball Symantec DelrinaFax PRO 10.0 Symantec Network Driver Update Tomb Raider: Legend 1.0 Total Commander (Remove or Repair) Tumble Bugs Ulead GIF Animator 5 Evaluation Viewpoint Media Player (Remove Only) Visualisateur 1.0 WebFldrs XP WIBU-KEY Setup (WIBU-KEY Remove) Winamp 5 FR Windows Live Messenger Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 WinISO 5.3 XviD MPEG-4 Video Codec ZoneAlarm ZoneAlarm Pro Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2899-7B24 Répertoire de C:\Program Files 16/02/2008 09:58 <REP> . 16/02/2008 09:58 <REP> .. 13/01/2008 18:13 <REP> ACD Systems 14/12/2005 23:07 <REP> Adobe 16/12/2007 15:10 <REP> AGEIA Technologies 29/04/2005 08:39 <REP> Ahead 03/01/2006 22:23 <REP> ArchiCAD 8.1 19/12/2006 14:59 <REP> Atari 03/01/2006 12:18 <REP> Atelier créatif 15/10/2003 14:09 <REP> ATI Technologies 22/06/2004 08:57 <REP> Bayo 05/10/2005 20:53 <REP> Bluebeam Software 25/10/2003 11:20 <REP> Canon 15/10/2003 12:21 <REP> ComPlus Applications 13/01/2008 15:01 <REP> Creative 19/08/2006 19:15 <REP> Disney Interactive 20/10/2007 20:49 <REP> DivX 17/06/2005 13:30 <REP> Documents To Go 18/09/2006 09:00 <REP> ESET 15/07/2005 16:33 <REP> fdjeux 13/08/2007 21:34 <REP> Fichiers communs 03/01/2006 22:31 <REP> GameSpy Arcade 21/11/2005 16:27 <REP> gcompris 28/12/2005 18:01 <REP> generation5 11/12/2007 11:10 <REP> Google 20/09/2006 06:26 <REP> Graphisoft 19/10/2003 17:12 <REP> Hewlett-Packard 31/01/2005 21:12 <REP> Intel 12/04/2006 21:39 <REP> Internet Explorer 12/04/2006 11:48 <REP> iPod 03/03/2004 06:16 <REP> Jasc Software Inc 28/04/2005 14:48 <REP> Java 03/01/2006 12:19 <REP> Lapin Malin Maternelle 1 & Mon 1er Lapin Malin 24/01/2005 22:20 <REP> Lavasoft 25/12/2004 18:11 <REP> Logitech 19/10/2003 14:37 <REP> Messenger 20/10/2003 10:52 <REP> microsoft frontpage 20/10/2003 17:43 <REP> Microsoft Games 20/10/2003 10:52 <REP> Microsoft Office 19/10/2003 14:34 <REP> Movie Maker 05/11/2005 11:13 <REP> Mozilla Firefox 15/10/2003 12:21 <REP> MSN Gaming Zone 14/01/2008 15:44 <REP> MSN Messenger 20/10/2003 17:49 <REP> MSXML 4.0 19/10/2003 14:34 <REP> NetMeeting 08/12/2007 23:31 <REP> NetXfer 19/10/2003 14:34 <REP> Outlook Express 14/03/2004 22:38 <REP> Pinnacle 12/04/2006 11:49 <REP> QuickTime 21/09/2006 21:49 <REP> ReflexiveArcade 21/11/2004 14:37 <REP> savegame 19/10/2003 15:47 <REP> Services en ligne 30/05/2005 15:13 <REP> Sierra On-Line 13/01/2008 14:59 <REP> SightSpeed 30/09/2006 17:47 <REP> SolidWorks (2) 11/12/2005 02:51 2 334 SolidWorks (2)swxJRNL.BAK 05/12/2004 14:33 <REP> Spybot - Search & Destroy 25/08/2004 07:39 <REP> Symantec 27/10/2006 19:50 <REP> THQ 07/11/2004 16:21 <REP> Trend Micro 20/09/2006 06:29 <REP> WIBUKEY 16/09/2005 14:46 <REP> WIBU-SYSTEMS 13/01/2006 19:24 <REP> Windows Media Player 15/10/2003 12:21 <REP> Windows NT 15/10/2003 12:24 <REP> xerox 1 fichier(s) 2 334 octets 64 Rép(s) 10 031 579 136 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2899-7B24 Répertoire de C:\Program Files\fichiers communs 13/08/2007 21:34 <REP> . 13/08/2007 21:34 <REP> .. 13/01/2008 18:14 <REP> ACD Systems 22/09/2004 10:14 <REP> Adobe 19/02/2005 13:48 <REP> Agnitum Shared 29/04/2005 08:39 <REP> Ahead 03/05/2005 21:05 <REP> Bcgsoft 05/10/2005 20:53 <REP> Bluebeam Software 06/02/2004 10:55 <REP> Copernic 17/06/2005 13:30 <REP> DataViz 05/10/2005 20:55 <REP> Designer 05/09/2004 21:31 <REP> G DATA 19/10/2003 17:14 <REP> Hewlett-Packard 19/12/2003 23:41 <REP> InstallShield 28/04/2005 14:46 <REP> Java 25/12/2004 18:11 <REP> Logitech 07/06/2005 21:08 <REP> Macrovision Shared 14/01/2008 15:44 <REP> Microsoft Shared 15/10/2003 12:22 <REP> MSSoap 13/08/2007 21:34 <REP> Native Instruments 21/09/2005 23:47 <REP> Novell Shared 15/10/2003 13:07 <REP> ODBC 07/01/2007 22:47 <REP> PC Soft 15/05/2005 23:33 <REP> Real 15/10/2003 12:22 <REP> Services 13/10/2005 15:32 <REP> Solidworks Data 05/10/2005 20:55 <REP> SolidWorks Shared 15/10/2003 13:07 <REP> SpeechEngines 03/03/2004 06:10 <REP> SWF Studio 21/09/2005 23:47 <REP> Symantec Shared 19/10/2003 14:34 <REP> System 15/05/2005 23:33 <REP> xing shared 0 fichier(s) 0 octets 32 Rép(s) 10 031 575 040 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2899-7B24 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 20/10/2003 10:54 <REP> . 20/10/2003 10:54 <REP> .. 18/05/2001 16:57 561 209 MSONSEXT.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 18/03/1999 06:37 593 977 RAGENT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 10 031 575 040 octets libres c:\Documents and Settings\Alain.Z6PO\.housecall6.6\getMac.exe c:\Documents and Settings\Alain.Z6PO\.housecall6.6\patch.exe c:\Documents and Settings\Alain.Z6PO\.housecall6.6\TSC.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\ARPPRODUCTICON.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\NewShortcut1_067CE95149174C909CE58D6D8492480F.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\PalmDesktopShortcut.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\palmOneFileTransfer_067CE95149174C909CE58D6D8492480F.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{AEEB3643-71DE-414d-9E3F-1159177FE211}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\ARPPRODUCTICON.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\NewShortcut1.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\NewShortcut1_1.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupB.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupE.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupF.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupG.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupI.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupS.exe c:\Documents and Settings\Alain.Z6PO\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Alain.Z6PO\Bureau\bigjig80.exe c:\Documents and Settings\Alain.Z6PO\Bureau\INSTALL_MSN_MESSENGER_NT.EXE c:\Documents and Settings\Alain.Z6PO\Bureau\switchball_demo_jouable_1_anglais_39231.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Xtremsplit.exe c:\Documents and Settings\Alain.Z6PO\Bureau\ACD2P.b.239\acdseepro-2-0-239-fr.exe c:\Documents and Settings\Alain.Z6PO\Bureau\ACD2P.b.239\BS-ACP20.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\calendrierMAIF2006.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\install.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\orthophonet.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\pendu-argot.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\Conjugaison\Conjugaison.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\Conjugaison\Frencon.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\hw32v31.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\licence.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\SoftIce401W95.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\cCrackMeCrack\Release\cCrackMeCrack.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\cCrackMeCrack\Release\CrackMe.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\crackMe\CrackMe.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ouvre exe dll\ResHacker.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\wdasm893\W32DSM89 - VB.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\avwinsfx.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\BRLX_DBF.EXE c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\charades.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\eg2v1.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\leta_ins.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\memdoc_install.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\a graver\imprégnation syllabique\wd97vwr32.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\logique\setup.exe c:\Documents and Settings\Alain.Z6PO\Bureau\CutKiller\cutkiller.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Guitar.Pro.5.2.forumwz.org\Guitar.Pro.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Guitar.Pro.5.2.forumwz.org\Guitar.Pro.5.2.keygen.ZWT.Forumwz.org\Keygen.exe c:\Documents and Settings\Alain.Z6PO\Bureau\Native instruments - Battery 2.15\setup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\_uninstop.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\msetup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\rasesnet.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\snapsnet.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\swsetup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\Twaxdist.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\wavvsnet.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\winvsnet.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\WooHook.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\WooHooka.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\DIFxSetup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\rescanDevNode.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\x64\DIFxSetup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\x64\rescanDevNode.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\ImInstaller\IncrediMail\IncrediMailSetup_d_fr.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImApp.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImLc.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImLpp.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImNotfy.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImPackr.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImpCnt.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\imsetup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\IncMail.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\Nero.50\setup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\WebshotsTemp\wssetup.exe c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\~MDAC270\mdac_typ.exe c:\Documents and Settings\Alain.Z6PO\Menu Démarrer\Programmes\COKTEL\Désinstalleur Coktel.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\2.5.11_PlayerWanadoo v2.5.11.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\advisor.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\alcohol-120-_alcohol_120_1.9.5_build_3105_francais_11016.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Azureus_2.3.0.4_Win32.setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BlindWrite5_setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BobDown073.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\bsplay86501.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\cdex_fr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Codec_mpc_0.99d_pour_winamp5.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\daemon329.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\db powerAmp MusicConverter-r10.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\dBpowerAMP-codec-musepack.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Deutz_Engine(ecran veille).exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\eMule0.27c-Installer.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Firefox Setup 1.0.4.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Firefox Setup 1.0.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Firefox Setup 1.5.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ftpexpert3.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Installer_Aim.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\jv16power tools_setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Microsoft_power_point_viewer97.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NormanVirusControl57_R2FRA.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\postitnotes31.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\PTC-std-v0.8.2.2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\setup_havast_antivirus_fr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\spybot_search_destroy_spybot_-_search_destroy_1.3_francais_10965.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\SuperCopier_1.35.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\winamp504_full-2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\XviD-1.0.2-29082004.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\ACDSee v5.0 PowerPack.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\gs621w32.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\trad fr acdsee5 powerpack.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\ACDSee_v5.0_PowerPack_Keygen\keygen.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Alcohol_120%_v1.9.5.3105_Multilanguage_Full_Version\patch_3105.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Alcohol_120%_v1.9.5.3105_Multilanguage_Full_Version\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BSplayer.Pro.v1.36.825\BSPlayer_Pro_1.36_Build_825.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BSplayer.Pro.v1.36.825\CR-BS136.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Cdrwin5\cdr50-f.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Cdrwin5\CDRWIN_v5.0.5.1_(french).exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DelrinaFax PRO pour Win9x NT2k 10.0 fr\_ISDel.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DelrinaFax PRO pour Win9x NT2k 10.0 fr\Setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DelrinaFax PRO pour Win9x NT2k 10.0 fr\Crack DelrinaFax\Crack.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX6.2.5\keygen.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX6.2.5\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX_Create_Bundle_6.03\DivXCreate.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX_Create_Bundle_6.03\keygen.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\FlashFXP.v3.3.4.1108.Beta.Cracked.rar\flashfxp.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Incredimail\IncrediMail Patch 1.34.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Incredimail\IncrediMailSetup_fr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Kaspersky_Anti_Virus_Personnel\kav5.0.388_personalfr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Living_3D_Dinosaurs\Living 3D Dinosaurs.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Natve Instruments - Battery 3.02\Setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Natve Instruments - Battery 3.02\Instruments.Battery.3.Artist.Kits\Battery 3 Artist Kits Setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NT_v2.52.0.386_Final_32\NXSetup_multi.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NT_v2.52.0.386_Final_32\Cerise\FTPTransport.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NT_v2.52.0.386_Final_32\Cerise\NetTransport.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\Setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\CHKDSK.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\EMM386.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\FLOPPY9x.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\FLOPPYME.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\NWCDEX.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\PQBOOT.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\restrmbr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\WRPROG.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Setup\instmsia.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Setup\instmsiw.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Setup\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\DKeeper\instmsia.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\DKeeper\instmsiw.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\DKeeper\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\Setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\CHKDSK.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\EMM386.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\FLOPPY.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\FLOPPY9x.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\FLOPPYME.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\NWCDEX.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\PTEDIT32.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Setup\instmsia.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Setup\instmsiw.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Setup\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\QuickTime.PRO.v7.0.3.25.incl.iTunes.Multilanguage-DOOM\iTunesSetup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\architecture_bonus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\film_and_stage_bonus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\interior_design_bonus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\landscape_architecture_bonus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\mechanical_design_bonus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\SketchUp_4_0_170\install\InstallSketchUp.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\SketchUp_4_0_170\install\InstallSketchUp-4.0.170.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\SketchUp_4_0_170\install\sketch_keygen.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Solar System 3D Screensaver v1.1 kg\solarsystem3d.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Solar System 3D Screensaver v1.1 kg\Solar System 3D Screensaver v1.1 kg\Solar_System_3D_key\Keygen\Solar System 3D Keygen.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Total.Commander.v6.50\Total.Commander.v6.50.FINAL.WinALL.MultiLanguage.Regged\tcmdr650.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\TumbleBugs_setup\eclsnm10.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\TumbleBugs_setup\TumbleBugs.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Ulead_GIF_Animator_5.0\UGA50t_F.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Ulead_GIF_Animator_5.0\Ulead GIF Animator 5.0 patch Fr\Ulead GIF Animator 5.0 Trial French - Bidjan.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Utils DVD\dvdshrink317setup_fr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Winamp\Winamp_5_FR.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Winamp\WPro\Winamp.Pro.v5.09-DVT\winamp509_pro.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Winrar3.11\wrar311fr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Graphisoft.ArchiCAD.v11.RETAiL.FRENCH.iSO-ENGiNE\addarcad\Objective.v2.02.For.ArchiCAD.v11-ENGiNE\Crack\Objective.2.02_Crk.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\Bilan thermique\DENIBE\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Bitzer_select_softsetupe.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Convertisseur Unités.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Copeland_select_software_4_2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Copeland_selection_soft-database-select_db_2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Copeland_selection_soft-programme v5.00-select_core_2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\depannagev4.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Installer_logiciel_FORANE.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\module7.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\regletteconversion pression-temp.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\rosee_calc.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\SimComp.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\solkane.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Test du frigoriste v5 install.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Convert\calculette.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\fluide\Fluide.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Logiciel Thermoptim\ThDeFr14.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\Plancher chauffant\emidal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\Puit Canadien\GAEA_Setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Modem us robotics\ControlCenterFra.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Petits log cathy pour pas gêner alain\Audiotest.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Petits log cathy pour pas gêner alain\egs.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\firmwareflash_v307.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\funprom249_11.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\Firmware_Flash_3.08\Firmware_Flash308+.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\Firm_flash_307\Firmware_Flash.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\FunProm.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\unins000.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\IcProg\icprog.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\kxsat25\KxSat25.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Fichiers\Firmwares\VM Toto XSAT 310 4_6_38 TPSCrypt1n2c v5.0\Firmware_Flash210.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Fichiers\Firmwares\VM Toto XSAT 310 4_6_38 TPSCrypt1n2d v6-1.0RC\Firmware_Flash308+.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Documents papier\Dossier technique\Assem Train éclaté.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Présentation HTML\Theme\Representations\Demi Train avant\Assem Train éclaté.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Flash Player 6.0\Install Flash Player 6 AX.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Flash Player 6.0\Install Flash Player 6.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Flash Player 6.0\SAFlashPlayer.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Machine virtuelle Java\msjavwu_.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Machine virtuelle Java\msjavwu_correctif.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Wiewletbuilder2 (Leelou)\viewletbuilder2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\AutoPlay.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Adobe Reader 6.0\AdbeRdr60_fra_full.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\DirectX9\dxsetup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\WMF\wmfdist.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Produits tiers\2d3 SteadyMove\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\CloneCD 5.0.2.2__Caa-D_\SetupCloneCD5022.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Emidal\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\BayoZie 3.00 pour winXP--- LE FREEWARE ULTIME--- Pour PATCHER CONVERTIR ORGANISER VOIR vos cartes ign bayo cartoexploreur.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Install.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Maj_Exp_200.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Code Postal\CodePostal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Cracks\Crack CartoNav-CartoNavPlus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Cracks\GeoTools.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\GeoTools - Securom original\GeoTools.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires byo vers bmp - merci à Eric S\Calibrage - traduit les fichiers de calibrage pbyo et visualisat\perl.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires byo vers bmp - merci à Eric S\pBYOsetup - Transforme les fichiers BYO en BMP\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires byo vers bmp - merci à Eric S\Visualisateur - Visualisation des fichiers BYO\Visualisateur_setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires pour (dés)activer les fichiers Byo\Active\active.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires pour (dés)activer les fichiers Byo\Bi_Patch_byo\Bi_Patch_byo.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\lct32bfr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\lct32boc.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\IPSEN\TBKNET.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\IPSEN\TBOOK.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\livre\livre.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\livre\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu2\pendu2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu2\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu3\pendu3.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu3\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\penduI\pendu.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\penduI\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\tangram2\tangram2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\tangram2\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\texte\texte.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\texte\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Lectra 32 fr\Lectra32.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Lectra 32 fr\unins000.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Lectra 32 fr\Utilect.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\corpus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\dico.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\listes.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\minilec.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\miniscr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\unins000.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\livre\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\memofacile2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\memory.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\memoryplusdur.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\SETUP.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\TB40NET.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\TB40RUN.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\TBLOAD.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\story203\INSTALL.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\story203\storyw.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\tamgram\tangram2\setup.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\APP.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\ASS.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\DES.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\M_SCRIPT.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\MAJ_WEXR.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\QCM.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\REC.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\REL.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\SETUP.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\TRO.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\charades\Charade.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\charades\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\EDUC\EDUC.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\embarquement immédiat\avion.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\embarquement immédiat\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\encyclop etourdis(livre)\livre.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\encyclop etourdis(livre)\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\astromaths\ASTROSW.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\astromaths\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\bonne phrase\lbprz1s.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\bonne phrase\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\confusion pt\confupts.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\confusion pt\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\crache mots\city2sw.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\crache mots\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\logolo\logolosh.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\logolo\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\Lectra 32 fr\Lectra32.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\Lectra 32 fr\unins000.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\Lectra 32 fr\Utilect.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\corpus.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\dico.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\listes.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\minilec.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\miniscr.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\unins000.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\memopong\memopon.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\memopong\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\MEMORY\TB40NET.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\MEMORY\TB40RUN.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\MEMORY\TBLOAD.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\STORY203\STORYW.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\tangram2\tangram2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\tangram2\uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\APP.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\ASS.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\DES.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\M_SCRIPT.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\MAJ_WEXR.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\QCM.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\REC.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\REL.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\SETUP.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\TRO.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\bonnephrase.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\charades.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\iastrom.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\iconfutp.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\icrach2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\iembark.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ihomoph1.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ilbphrz2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ilettrop.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insalice.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insanag.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insepar.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insfs1.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\inskg.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\inslogol.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insouon.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\instmp.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\irebo.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ivadmot1.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\laby.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\lexipronom.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\motjuste.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\motjuste2.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\mottrop.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ornicar.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\educ\SETUP.EXE c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insstroop\stroops.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insstroop\Uninstal.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\Rar.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\Uninstall.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\UnRAR.exe c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\WinRAR.exe c:\Documents and Settings\ALAIN~1~Z6P\LOCALS~1\Temp\pft5~tmp\_ISDel.exe c:\Documents and Settings\ALAIN~1~Z6P\LOCALS~1\Temp\pft5~tmp\Setup.exe c:\Documents and Settings\ALAIN~1~Z6P\LOCALS~1\Temp\pft5~tmp\Reader\AcroRd32.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\Patches\patch_pers_5.0.388_390_to_5.0.391.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\Patches\patch_pers_5.0.388_to_5.0.390.exe c:\Program Files\Documents To Go\DocsToGo.exe c:\Program Files\Documents To Go\HandheldInstall.exe c:\Program Files\Documents To Go\OfficeAddinInstaller.exe c:\Program Files\Documents To Go\OfficeAddinUninstaller.exe c:\Program Files\Documents To Go\ptgxlat.exe c:\Program Files\Documents To Go\ZipUtil.exe c:\WINDOWS\Installer\{D6FFC3B5-0CE1-4566-801D-3F9D8F000652}\DocumentsToGo.exe c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll c:\Documents and Settings\Alain.Z6PO\Application Data\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\DLPORTIO.dll c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\FunImp1.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_Z6PO.tar.gz a l'adresse http://upload.malekal.com
×
×
  • Créer...