jfezkejpe

Bonjour, C'est ok, plus de pubs avec IE et FF Merci Pear Scan en ligne Kapersky KASPERSKY ONLINE SCANNER REPORT Friday, June 06, 2008 7:18:01 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/06/2008 Kaspersky Anti-Virus database records: 834052 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases false Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 148688 Number of viruses found 11 Number of infected objects 68 Number of suspicious objects 0 Duration of the scan process 02:08:30 Infected Object Name Virus Name Last Action C:\Documents and Settings\Administrateur\Bureau\hd.exe/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\Documents and Settings\Administrateur\Bureau\hd.exe 7-Zip: infected - 1 skipped C:\Documents and Settings\Administrateur\Bureau\hd.exe UPX: infected - 1 skipped C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temp\fla16.tmp Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temp\INMEM000.REM Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF263C.tmp Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF8024.tmp Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Mes documents\compte cyber.xlsx Object is locked skipped C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Documents\UltraVNC-102-Setup-Fr.exe/file004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\Documents and Settings\All Users.WINDOWS\Documents\UltraVNC-102-Setup-Fr.exe/file005 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\Documents and Settings\All Users.WINDOWS\Documents\UltraVNC-102-Setup-Fr.exe/file034 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped C:\Documents and Settings\All Users.WINDOWS\Documents\UltraVNC-102-Setup-Fr.exe/file051 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\Documents and Settings\All Users.WINDOWS\Documents\UltraVNC-102-Setup-Fr.exe Inno: infected - 4 skipped C:\Documents and Settings\All Users.WINDOWS\Documents\Windows XP SP2 ARAB\xp.iso/$OEM$/$$/system32/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\Documents and Settings\All Users.WINDOWS\Documents\Windows XP SP2 ARAB\xp.iso ISOimage: infected - 1 skipped C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped C:\PDOXUSRS.NET Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\adisyon.DB Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\adisyon.PX Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\adisyon.XG0 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\adisyon.XG1 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\adisyon.YG0 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\adisyon.YG1 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\angajedb.DB Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\angajedb.PX Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\cariislem.DB Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\cariislem.PX Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\cariislem.XG0 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\cariislem.XG1 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\cariislem.YG0 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\cariislem.YG1 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\CASHIER.db Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\CASHIER.px Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\DATAEX.db Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Dataex.mb Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Dataex.px Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\easylog.DB Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\easylog.PX Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\KUMHRKT.db Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Kumhrkt.px Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\maindbex.DB Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\maindbex.MB Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\maindbex.PX Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\MENU.db Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Menu.px Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\TRANSACTIONS.db Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Transactions.px Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Transactions.xg0 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Transactions.xg1 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Transactions.xg2 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Transactions.yg0 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Transactions.yg1 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\database\Transactions.yg2 Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\_QSQ3.MB Object is locked skipped C:\Program Files\TinaSoft\Easy Cafe Server\_QSQ3197.DB Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7D6A7C09-C0E7-4BC8-9D31-A4DA14DA0C9C}\RP0\A0000110.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP161\A0042048.exe Infected: Trojan.Win32.Obfuscated.aqn skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP174\A0044140.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP178\A0044519.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP178\A0044530.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP178\A0044550.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP180\A0044909.msi/Instal01.cab/PO2_781C97B17C86452FB5700BF7A5D56CA2_DFB6391B30624A2E864685385BB871B1 Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP180\A0044909.msi/Instal01.cab Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP180\A0044909.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP180\A0044911.msi/Instal01.cab/PO2_781C97B17C86452FB5700BF7A5D56CA2_DFB6391B30624A2E864685385BB871B1 Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP180\A0044911.msi/Instal01.cab Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP180\A0044911.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP181\A0044966.exe/CZ Print Job Tracker/CZ Print Job Tracker.msi/Instal01.cab/PO2_781C97B17C86452FB5700BF7A5D56CA2_DFB6391B30624A2E864685385BB871B1 Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP181\A0044966.exe/CZ Print Job Tracker/CZ Print Job Tracker.msi/Instal01.cab Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP181\A0044966.exe/CZ Print Job Tracker/CZ Print Job Tracker.msi Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP181\A0044966.exe ZIP: infected - 3 skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP181\A0044967.msi/Instal01.cab/PO2_781C97B17C86452FB5700BF7A5D56CA2_DFB6391B30624A2E864685385BB871B1 Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP181\A0044967.msi/Instal01.cab Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP181\A0044967.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP183\A0045132.exe Infected: Trojan.Win32.Obfuscated.aqn skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP190\A0046675.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP190\A0046687.exe/file11 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP190\A0046687.exe Inno: infected - 1 skipped C:\System Volume Information\_restore{C0226ADD-FD1A-4606-A1A6-0DD358D40892}\RP190\change.log Object is locked skipped C:\UCD\BartPE\I386\SYSTEM32\WM_HOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\BartPE\PROGRAMS\IPScan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\UCD\BartPE\PROGRAMS\Keyfinder\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped C:\UCD\BartPE\PROGRAMS\Keyfinder\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\UCD\BartPE\PROGRAMS\Keyfinder\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\UCD\BartPE\PROGRAMS\Keyfinder\keyfinder.exe RarSFX: infected - 3 skipped C:\UCD\BartPE\PROGRAMS\ultravnc\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UCD\BartPE\PROGRAMS\ultravnc\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UCD\BartPE\PROGRAMS\vncserver\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\BartPE\PROGRAMS\vncserver\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\plugin\Network\ipscan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\UCD\plugin\Network\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UCD\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UCD\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\plugin\Network\VNCServer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\plugin\Network\VNCServer\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped C:\UCD\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\UCD\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\UCD\plugin\System-Info\Information\keyfinderpe\keyfinder.exe RarSFX: infected - 3 skipped C:\UCD\UBCD4WinV313.exe/file4206 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\UCD\UBCD4WinV313.exe/file4427 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UCD\UBCD4WinV313.exe/file4432 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UCD\UBCD4WinV313.exe/file4485 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\UBCD4WinV313.exe/file4488 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\UBCD4WinV313.exe/file4489 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\UBCD4WinV313.exe/file4490 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UCD\UBCD4WinV313.exe/file4734/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped C:\UCD\UBCD4WinV313.exe/file4734/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\UCD\UBCD4WinV313.exe/file4734/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\UCD\UBCD4WinV313.exe/file4734 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\UCD\UBCD4WinV313.exe Inno: infected - 11 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\ossmtp.dll Infected: not-a-virus:PSWTool.Win32.Messen.c skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Nettoyage avec Navilog1 Clean Navipromo version 3.5.7 commencé le 06/06/2008 à 16:26:16,84 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Administrateur" Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Catchme *** ** 2ème passage avec résultats Catchme ** * Dans "C:\WINDOWS\system32" * C:\WINDOWS\prefetch\clblclqfzr*.pf trouvé ! Copie C:\WINDOWS\prefetch\clblclqfzr*.pf réalisée avec succès ! C:\WINDOWS\prefetch\clblclqfzr*.pf supprimé ! * Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" * *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1.0\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1.0\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Administrateur\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Administrateur\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" * msmsac.dat trouvé ! Copie msmsac.dat réalisée avec succès ! msmsac.dat supprimé ! msmsac_nav.dat trouvé ! Copie msmsac_nav.dat réalisée avec succès ! msmsac_nav.dat supprimé ! msmsac_navps.dat trouvé ! Copie msmsac_navps.dat réalisée avec succès ! msmsac_navps.dat supprimé ! msmsac.exe trouvé ! Copie msmsac.exe réalisée avec succès ! msmsac.exe supprimé ! C:\WINDOWS\prefetch\msmsac*.pf trouvé ! Copie C:\WINDOWS\prefetch\msmsac*.pf réalisée avec succès ! C:\WINDOWS\prefetch\msmsac*.pf supprimé ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 06/06/2008 à 16:29:23,89 ***

Bonjour, J'ai toujours les pubs. Merci pour votre aide.

Voici le log Navilog1 Search Navipromo version 3.5.7 commencé le 05/06/2008 à 10:51:00,65 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Administrateur" Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1.0\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1.0\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\Documents and Settings\Administrateur.ORKAS\Local Settings\Application Data\clblclqfzr.dat C:\Documents and Settings\Administrateur.ORKAS\Local Settings\Application Data\clblclqfzr.exe C:\Documents and Settings\Administrateur.ORKAS\Local Settings\Application Data\clblclqfzr_nav.dat C:\Documents and Settings\Administrateur.ORKAS\Local Settings\Application Data\clblclqfzr_navps.dat *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 05/06/2008 à 11:07:10,18 *** Voici le log hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:12, on 05/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS.0\system32\DHTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Karen's Power Tools\Print Logger\PrnLog.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE C:\Program Files\PRIMUSTAXE\PRIMUSTAXE.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\ScanSoft\PaperPort\PaprPort.exe C:\Program Files\ScanSoft\PaperPort\PPLINKS.EXE C:\Program Files\ScanSoft\PaperPort\ppscanmg.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: quranradio toolbar - {3bc418d7-ec15-4914-a9c8-5cbec3194dbd} - C:\Program Files\quranradio\tbqura.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: quranradio toolbar - {3bc418d7-ec15-4914-a9c8-5cbec3194dbd} - C:\Program Files\quranradio\tbqura.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: quranradio toolbar - {3bc418d7-ec15-4914-a9c8-5cbec3194dbd} - C:\Program Files\quranradio\tbqura.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DHTray] C:\WINDOWS.0\system32\DHTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS.0\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\winvnc.exe" -servicehelper O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: PrnLog.lnk = C:\Program Files\Karen's Power Tools\Print Logger\PrnLog.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.org/downloads/FontDown.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196963090125 O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.32.162.downloads.estara.com...796187OneCC.cab O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FCB0455F-7F4D-4CEC-9B4A-C6C7F7B6FD02}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe (file missing) -- End of file - 12971 bytes

Oui encore des pubs même sous FF

Bonjour, Voici le log SDfix --- " Une pube fenêtre, à l'instant, viens de s'afficher sur FF" SDFix: Version 1.187 Run by Administrateur on 05/06/2008 at 09:02 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\ADMINI~1\Bureau\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS.EXE - Deleted C:\WINDOWS.EXE - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 09:15:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"="C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe:*:Enabled:EasyServer" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"="C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount" "C:\\WINDOWS.0\\system32\\javaw.exe"="C:\\WINDOWS.0\\system32\\javaw.exe:*:Enabled:Java Platform SE binary" "C:\\Program Files\\PrnLogServer\\psquirrel.exe"="C:\\Program Files\\PrnLogServer\\psquirrel.exe:*:Enabled:Printer Squirrel 2.0" "C:\\Program Files\\Cyberprinter\\Cyberp.exe"="C:\\Program Files\\Cyberprinter\\Cyberp.exe:*:Enabled:Cyberprinter" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Wol\\wol.exe"="C:\\Program Files\\Wol\\wol.exe:*:Enabled:WOL 1.0.3" "C:\\Documents and Settings\\Administrateur.ORKAS\\Local Settings\\Temp\\occ.exe"="C:\\Documents and Settings\\Administrateur.ORKAS\\Local Settings\\Temp\\occ.exe:*:Enabled:OneCC Module" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\M6Video\\M6video.exe"="C:\\Program Files\\M6Video\\M6video.exe:*:Enabled:OneClick" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:Serveur VNC pour Win32" "C:\\Program Files\\PRIMUSTAXE\\PRIMUSTAXE.exe"="C:\\Program Files\\PRIMUSTAXE\\PRIMUSTAXE.exe:*:Enabled: " "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\WOL Magic Packet Sender\\WakeOnLan.exe"="C:\\Program Files\\WOL Magic Packet Sender\\WakeOnLan.exe:*:Enabled:WOL - Magic Packet Sender" "C:\\Program Files\\FileZilla Client\\filezilla.exe"="C:\\Program Files\\FileZilla Client\\filezilla.exe:*:Enabled:FileZilla FTP Client" "C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo" "C:\\Program Files\\EasyPHP 2.0b1\\apache\\bin\\Apache.exe"="C:\\Program Files\\EasyPHP 2.0b1\\apache\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyChat.exe"="C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyChat.exe:*:Enabled:EasyChat" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\ADMINI~1.ORK\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 8 Sep 2004 33,280 A..H. --- "C:\Program Files\Clock\tcplayer.exe" Wed 8 Sep 2004 83,968 A..H. --- "C:\Program Files\Clock\tcprop.exe" Wed 8 Sep 2004 37,888 A..H. --- "C:\Program Files\Clock\tcsntp.exe" Wed 8 Sep 2004 37,888 A..H. --- "C:\Program Files\Clock\tctimer.exe" Tue 19 Feb 2008 249,856 ...H. --- "C:\Program Files\FLIP Flash Album Free\~LiveUpdate.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 13 Nov 2006 1,249,280 A..H. --- "C:\Program Files\Windows Sidebar\sidebar_clear.exe" Thu 9 Nov 2006 40,960 A..H. --- "C:\Program Files\Windows Sidebar\vadvapi32.dll" Thu 9 Nov 2006 40,960 A..H. --- "C:\Program Files\Windows Sidebar\vadvapi32.dll001" Thu 9 Nov 2006 137,216 A..H. --- "C:\Program Files\Windows Sidebar\vcomctl32.dll" Thu 9 Nov 2006 137,216 A..H. --- "C:\Program Files\Windows Sidebar\vcomctl32.dll001" Thu 9 Nov 2006 8,704 A..H. --- "C:\Program Files\Windows Sidebar\vduser.dll" Thu 9 Nov 2006 8,704 A..H. --- "C:\Program Files\Windows Sidebar\vduser.dll001" Thu 9 Nov 2006 3,072 A..H. --- "C:\Program Files\Windows Sidebar\vdwmapi.dll" Thu 9 Nov 2006 3,072 A..H. --- "C:\Program Files\Windows Sidebar\vdwmapi.dll001" Thu 9 Nov 2006 9,216 A..H. --- "C:\Program Files\Windows Sidebar\viphlpapi.dll" Thu 9 Nov 2006 9,216 A..H. --- "C:\Program Files\Windows Sidebar\viphlpapi.dll001" Thu 9 Nov 2006 51,200 A..H. --- "C:\Program Files\Windows Sidebar\vkernel32.dll" Thu 9 Nov 2006 51,200 A..H. --- "C:\Program Files\Windows Sidebar\vkernel32.dll001" Thu 9 Nov 2006 10,752 A..H. --- "C:\Program Files\Windows Sidebar\vmsvcrt.dll" Thu 9 Nov 2006 10,752 A..H. --- "C:\Program Files\Windows Sidebar\vmsvcrt.dll001" Thu 9 Nov 2006 2,560 A..H. --- "C:\Program Files\Windows Sidebar\vnetapi32.dll" Thu 9 Nov 2006 2,560 A..H. --- "C:\Program Files\Windows Sidebar\vnetapi32.dll001" Thu 9 Nov 2006 77,312 A..H. --- "C:\Program Files\Windows Sidebar\vntdll.dll" Thu 9 Nov 2006 77,312 A..H. --- "C:\Program Files\Windows Sidebar\vntdll.dll001" Thu 9 Nov 2006 3,584 A..H. --- "C:\Program Files\Windows Sidebar\vpropsys.dll" Thu 9 Nov 2006 3,584 A..H. --- "C:\Program Files\Windows Sidebar\vpropsys.dll001" Thu 9 Nov 2006 21,504 A..H. --- "C:\Program Files\Windows Sidebar\vshell32.dll" Thu 9 Nov 2006 21,504 A..H. --- "C:\Program Files\Windows Sidebar\vshell32.dll001" Wed 8 Nov 2006 38,912 A..H. --- "C:\Program Files\Windows Sidebar\vshellext.dll" Thu 9 Nov 2006 147,968 A..H. --- "C:\Program Files\Windows Sidebar\vslc.dll" Thu 9 Nov 2006 147,968 A..H. --- "C:\Program Files\Windows Sidebar\vslc.dll001" Thu 9 Nov 2006 35,328 A..H. --- "C:\Program Files\Windows Sidebar\vuser32.dll" Thu 9 Nov 2006 35,328 A..H. --- "C:\Program Files\Windows Sidebar\vuser32.dll001" Thu 9 Nov 2006 6,144 A..H. --- "C:\Program Files\Windows Sidebar\vuxtheme.dll" Thu 9 Nov 2006 6,144 A..H. --- "C:\Program Files\Windows Sidebar\vuxtheme.dll001" Thu 9 Nov 2006 3,072 A..H. --- "C:\Program Files\Windows Sidebar\vwlanapi.dll" Thu 9 Nov 2006 3,072 A..H. --- "C:\Program Files\Windows Sidebar\vwlanapi.dll001" Thu 9 Nov 2006 3,072 A..H. --- "C:\Program Files\Windows Sidebar\vwlanutil.dll" Thu 9 Nov 2006 3,072 A..H. --- "C:\Program Files\Windows Sidebar\vwlanutil.dll001" Sat 11 Nov 2006 435,200 A..H. --- "C:\WINDOWS\Drive\SIGN.exe" Sat 11 Nov 2006 435,200 A..H. --- "C:\WINDOWS\Drive\SIGN.exe" Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll" Sat 10 May 2008 7,520 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll" Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll" Sat 2 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS.0\DRM\DRMv1.bak" Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll" Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll" Fri 14 Mar 2008 13,824 A.SHR --- "C:\Program Files\eRightSoft\SUPER\DXdump.exe" Sat 29 Mar 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe" Tue 2 Oct 2007 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll" Sat 2 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS.0\DRM\Cache\Indiv01.tmp" Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll" Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll" Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll" Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll" Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll" Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll" Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll" Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll" Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll" Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll" Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll" Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll" Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll" Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll" Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll" Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll" Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll" Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll" Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll" Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll" Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll" Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll" Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp" Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp" Finished!

voici le log DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le 04/06/2008 à 18:23:48,78 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-16F8021E.pf -->04/06/2008 18:23:15 C:\WINDOWS\prefetch\CMD.EXE-115AA09F.pf -->04/06/2008 18:23:12 C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->04/06/2008 18:20:19 C:\WINDOWS\prefetch\NMINDEXSTORESVR.EXE-22A7DEEF.pf -->04/06/2008 18:17:24 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->04/06/2008 18:11:36 C:\WINDOWS\prefetch\VERCLSID.EXE-168106D2.pf -->04/06/2008 18:04:32 C:\WINDOWS\prefetch\POWERPNT.EXE-364EC56A.pf -->04/06/2008 18:00:35 C:\WINDOWS\prefetch\GOOGLEUPDATER.EXE-2CAF5929.pf -->04/06/2008 17:58:01 C:\WINDOWS\prefetch\FIREFOX.EXE-17EE503B.pf -->04/06/2008 17:05:47 C:\WINDOWS\prefetch\RUNDLL32.EXE-1603C497.pf -->04/06/2008 17:00:50 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->30/05/2008 01:06:40 C:\WINDOWS\System32\drivers\mbam.sys -->30/05/2008 01:06:36 C:\WINDOWS\System32\drivers\sptd.sys -->29/04/2008 18:07:35 C:\WINDOWS\System32\drivers\avipbb.sys -->04/03/2008 13:28:53 C:\WINDOWS\System32\drivers\Usbkey.sys -->21/02/2008 16:40:59 C:\WINDOWS\System32\drivers\avgntdd.sys -->21/01/2008 18:12:56 C:\WINDOWS\System32\drivers\avgntmgr.sys -->21/01/2008 18:11:28 C:\WINDOWS\System32\nvapps.xml -->04/06/2008 11:49:32 C:\WINDOWS\System32\wpa.dbl -->04/06/2008 09:01:36 C:\WINDOWS\System32\compactdb.txt -->26/05/2008 11:04:28 C:\WINDOWS\System32\KGyGaAvL.sys -->10/05/2008 14:39:04 C:\WINDOWS\System32\FNTCACHE.DAT -->10/04/2008 00:07:48 C:\WINDOWS\System32\MRT.exe -->06/04/2008 07:56:20 C:\WINDOWS\System32\perfh00C.dat -->30/03/2008 10:50:38 C:\WINDOWS\System32\perfh009.dat -->30/03/2008 10:50:38 C:\WINDOWS\System32\perfc00C.dat -->30/03/2008 10:50:38 C:\WINDOWS\System32\perfc009.dat -->30/03/2008 10:50:38 C:\WINDOWS\System32\PerfStringBackup.INI -->30/03/2008 10:50:34 C:\WINDOWS\System32\win32k.sys -->20/03/2008 09:56:50 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->10/03/2008 10:54:27 C:\WINDOWS\System32\mshtml.dll -->01/03/2008 18:28:10 C:\WINDOWS\System32\wininet.dll -->01/03/2008 14:58:11 C:\WINDOWS\System32\webcheck.dll -->01/03/2008 14:58:11 C:\WINDOWS\System32\urlmon.dll -->01/03/2008 14:58:10 C:\WINDOWS\System32\url.dll -->01/03/2008 14:58:10 C:\WINDOWS\System32\pngfilt.dll -->01/03/2008 14:58:10 C:\WINDOWS\System32\occache.dll -->01/03/2008 14:58:10 C:\WINDOWS\System32\mstime.dll -->01/03/2008 14:58:10 C:\WINDOWS\System32\msrating.dll -->01/03/2008 14:58:10 C:\WINDOWS\System32\mshtmled.dll -->01/03/2008 14:58:09 C:\WINDOWS\System32\msfeedsbs.dll -->01/03/2008 14:58:08 C:\WINDOWS\System32\msfeeds.dll -->01/03/2008 14:58:08 C:\WINDOWS\wiadebug.log -->04/06/2008 11:51:07 C:\WINDOWS\0.log -->04/06/2008 11:49:41 C:\WINDOWS\WindowsUpdate.log -->04/06/2008 11:49:39 C:\WINDOWS\wiaservc.log -->04/06/2008 11:49:39 C:\WINDOWS\QTFont.qfn -->04/06/2008 11:49:34 C:\WINDOWS\bootstat.dat -->04/06/2008 11:49:26 C:\WINDOWS\SchedLgU.Txt -->04/06/2008 11:48:29 C:\WINDOWS\NeroDigital.ini -->03/06/2008 21:30:41 C:\WINDOWS\cdplayer.ini -->31/05/2008 21:22:17 C:\WINDOWS\wmsetup.log -->28/05/2008 22:42:52 C:\WINDOWS\setupapi.log -->28/05/2008 22:32:13 C:\WINDOWS\wintemp.001 -->26/05/2008 11:03:47 C:\WINDOWS\setupact.log -->24/04/2008 19:05:35 C:\WINDOWS\DPINST.LOG -->14/04/2008 11:02:15 C:\WINDOWS\tsoc.log -->09/04/2008 23:21:33 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1916 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x67080000 0x1c000 3.00.0006.0000 C:\Program Files\FileZilla Client\fzshellext.dll 0x023d0000 0x9a000 6.86.0101.0002 C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll 0x028f0000 0xc8000 6.86.0134.0006 C:\Program Files\Nokia\Nokia PC Suite 6\NGSCM.DLL 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x00d20000 0xa000 6.86.0063.0000 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr 0x02ac0000 0x8e000 6.86.0020.0000 C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x16080000 0x19000 1.00.0003.0001 C:\Program Files\Bonjour\mdnsNSP.dll 0x10000000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x02e40000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x02ec0000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x03c50000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS.0\system32\MFC71FRA.DLL 0x03730000 0x31000 C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL 0x04900000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x02140000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x046c0000 0x144000 4.05.0146.0000 C:\Program Files\quranradio\tbqura.dll 0x61310000 0x54000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll 0x60e20000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll 0x03d50000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 736 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 00B1-7C45 Répertoire de C:\WINDOWS\temp 04/12/2006 06:45 100 087 boot.exe 05/12/2006 10:19 23 510 720 Dotnetfx.exe 05/12/2006 16:57 16 924 156 kbs4.exe 14/12/2006 04:45 9 953 245 kbs5.exe 13/12/2006 22:29 133 465 953 kbs6.exe 05/12/2006 10:17 302 905 kbusers.exe 05/12/2006 10:17 772 984 ndp22.exe 05/12/2006 10:17 2 280 312 ndp23.exe 05/12/2006 10:17 428 578 vaio.exe 14/12/2006 15:22 1 491 801 wmdvode.exe 10 fichier(s) 189 230 741 octets 0 Rép(s) 74 197 602 304 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 00B1-7C45 Répertoire de C:\WINDOWS\system32 04/08/2004 01:54 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 74 197 602 304 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 00B1-7C45 Répertoire de C:\WINDOWS\Downloaded Program Files 07/05/2008 10:32 <REP> . 07/05/2008 10:32 <REP> .. 20/01/2005 15:53 171 ampx.inf 05/12/2007 10:08 65 desktop.ini 17/05/2006 01:58 24 576 dwusplay.dll 17/05/2006 01:58 196 608 dwusplay.exe 11/04/2007 14:55 1 292 erma.inf 03/04/2006 14:23 502 FontDownATL.inf 18/07/2006 16:21 249 856 FontSmooth.dll 19/07/2006 08:13 543 FontSmooth.inf 20/11/2007 17:04 1 523 536 FP_AX_CAB_INSTALLER.exe 16/05/2007 09:22 399 gp.inf 17/05/2006 01:58 484 272 isusweb.dll 20/06/2006 16:44 379 704 MsnPUpld.dll 19/06/2006 15:40 393 MsnPUpld.inf 22/02/2002 22:03 29 696 OneCC.dll 22/02/2002 22:03 427 OneCC.inf 20/06/2006 16:44 117 560 PURen-us.dll 09/01/2007 09:30 110 592 PURfr-fr.dll 20/11/2007 16:50 247 swflash.inf 30/07/2007 20:24 293 wuweb.inf 19 fichier(s) 3 120 732 octets Total des fichiers listés : 19 fichier(s) 3 120 732 octets 2 Rép(s) 74 197 602 304 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"="C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe:*:Enabled:EasyServer" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus" "C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"="C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount" "C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java Platform SE binary" "C:\\Program Files\\PrnLogServer\\psquirrel.exe"="C:\\Program Files\\PrnLogServer\\psquirrel.exe:*:Enabled:Printer Squirrel 2.0" "C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus" "C:\\Program Files\\Cyberprinter\\Cyberp.exe"="C:\\Program Files\\Cyberprinter\\Cyberp.exe:*:Enabled:Cyberprinter" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Wol\\wol.exe"="C:\\Program Files\\Wol\\wol.exe:*:Enabled:WOL 1.0.3" "C:\\Documents and Settings\\Administrateur.ORKAS\\Local Settings\\Temp\\occ.exe"="C:\\Documents and Settings\\Administrateur.ORKAS\\Local Settings\\Temp\\occ.exe:*:Enabled:OneCC Module" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\M6Video\\M6video.exe"="C:\\Program Files\\M6Video\\M6video.exe:*:Enabled:OneClick" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:Serveur VNC pour Win32" "C:\\Program Files\\PRIMUSTAXE\\PRIMUSTAXE.exe"="C:\\Program Files\\PRIMUSTAXE\\PRIMUSTAXE.exe:*:Enabled: " "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\WOL Magic Packet Sender\\WakeOnLan.exe"="C:\\Program Files\\WOL Magic Packet Sender\\WakeOnLan.exe:*:Enabled:WOL - Magic Packet Sender" "C:\\Program Files\\FileZilla Client\\filezilla.exe"="C:\\Program Files\\FileZilla Client\\filezilla.exe:*:Enabled:FileZilla FTP Client" "C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo" "C:\\Program Files\\EasyPHP 2.0b1\\apache\\bin\\Apache.exe"="C:\\Program Files\\EasyPHP 2.0b1\\apache\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyChat.exe"="C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyChat.exe:*:Enabled:EasyChat" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 18:24:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "clblclqfzr"="c:\documents and settings\administrateur.orkas\local settings\application data\clblclqfzr.exe clblclqfzr" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 252 - cmd.exe 256 - RTHDCPL.exe 552 - GoogleUpdaterSe 564 - iTunesHelper.ex 592 - NSLauncher.exe 712 - csrss.exe 736 - winlogon.exe 780 - services.exe 792 - lsass.exe 944 - EasyServer.exe 956 - svchost.exe 1032 - svchost.exe 1120 - svchost.exe 1160 - svchost.exe 1208 - svchost.exe 1224 - NMBgMonitor.exe 1232 - nvsvc32.exe 1240 - avgnt.exe 1248 - ctfmon.exe 1324 - svchost.exe 1336 - GoogleToolbarNo 1420 - PCSuite.exe 1492 - PcSync2.exe 1540 - spoolsv.exe 1568 - mDNSResponder.e 1576 - clblclqfzr.exe 1756 - PrnLog.exe 1916 - explorer.exe 1924 - VoipDiscount.ex 1984 - avguard.exe 2040 - AppleMobileDevi 2180 - EXCEL.EXE 2416 - ServiceLayer.ex 2596 - thunderbird.exe 2804 - PaprPort.exe 2888 - pplinks.exe 2944 - NclRSSrv.exe 2964 - iPodService.exe 3184 - ppscanmg.exe 3384 - alg.exe 3616 - wmiapsrv.exe 3804 - firefox.exe 3864 - PRIMUSTAXE.exe 3972 - svchost.exe Total number of processes = 45 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F7ADB000 - \WINDOWS\system32\KDCOM.DLL F79EB000 - \WINDOWS\system32\BOOTVID.dll F73DA000 - spri.sys F7ADD000 - \WINDOWS\System32\Drivers\WMILIB.SYS F73C2000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F7393000 - ACPI.sys F7382000 - pci.sys F75DB000 - isapnp.sys F7BA3000 - pciide.sys F785B000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F75EB000 - MountMgr.sys F7363000 - ftdisk.sys F7ADF000 - dmload.sys F733D000 - dmio.sys F7863000 - PartMgr.sys F75FB000 - VolSnap.sys F7325000 - atapi.sys F760B000 - disk.sys F761B000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7305000 - fltMgr.sys F72F3000 - sr.sys F72DC000 - KSecDD.sys F72C9000 - WudfPf.sys F723C000 - Ntfs.sys F720F000 - NDIS.sys F71F4000 - Mup.sys F773B000 - \SystemRoot\system32\DRIVERS\intelppm.sys F6283000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F626F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F624A000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F6231000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys F795B000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F620E000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7963000 - \SystemRoot\system32\DRIVERS\usbehci.sys F796B000 - \SystemRoot\system32\DRIVERS\fdc.sys F61FD000 - \SystemRoot\system32\DRIVERS\serial.sys F7AC7000 - \SystemRoot\system32\DRIVERS\serenum.sys F61E9000 - \SystemRoot\system32\DRIVERS\parport.sys F774B000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7973000 - \SystemRoot\system32\DRIVERS\mouclass.sys F797B000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F775B000 - \SystemRoot\system32\DRIVERS\imapi.sys F7983000 - \SystemRoot\system32\drivers\ASAPIW2k.sys F7ACB000 - \SystemRoot\System32\Drivers\cdrbsdrv.SYS F776B000 - \SystemRoot\system32\DRIVERS\cdrom.sys F777B000 - \SystemRoot\system32\DRIVERS\redbook.sys F61C6000 - \SystemRoot\system32\DRIVERS\ks.sys F798B000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F7B21000 - \SystemRoot\system32\DRIVERS\vncdrv.sys F7C0A000 - \SystemRoot\system32\DRIVERS\audstub.sys F66DA000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7AD7000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F61AF000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F66CA000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F66BA000 - \SystemRoot\system32\DRIVERS\raspptp.sys F7993000 - \SystemRoot\system32\DRIVERS\TDI.SYS F619E000 - \SystemRoot\system32\DRIVERS\psched.sys F66AA000 - \SystemRoot\system32\DRIVERS\msgpc.sys F799B000 - \SystemRoot\system32\DRIVERS\ptilink.sys F79A3000 - \SystemRoot\system32\DRIVERS\raspti.sys F616D000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F669A000 - \SystemRoot\system32\DRIVERS\termdd.sys F7B23000 - \SystemRoot\system32\DRIVERS\swenum.sys F6114000 - \SystemRoot\system32\DRIVERS\update.sys F71B8000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F666A000 - \SystemRoot\System32\Drivers\NDProxy.SYS F365E000 - \SystemRoot\system32\drivers\RtkHDAud.sys F363C000 - \SystemRoot\system32\drivers\portcls.sys F665A000 - \SystemRoot\system32\drivers\drmk.sys F664A000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7B2F000 - \SystemRoot\system32\DRIVERS\USBD.SYS F79CB000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F7B31000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7D08000 - \SystemRoot\System32\Drivers\Null.SYS F7B33000 - \SystemRoot\System32\Drivers\Beep.SYS F79DB000 - \SystemRoot\System32\drivers\vga.sys F7B35000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B37000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F79E3000 - \SystemRoot\System32\Drivers\Msfs.SYS F7873000 - \SystemRoot\System32\Drivers\Npfs.SYS F7AB7000 - \SystemRoot\system32\DRIVERS\rasacd.sys F35B9000 - \SystemRoot\system32\DRIVERS\ipsec.sys F3560000 - \SystemRoot\system32\DRIVERS\tcpip.sys F3538000 - \SystemRoot\system32\DRIVERS\netbt.sys F3517000 - \SystemRoot\system32\DRIVERS\ipnat.sys F34F5000 - \SystemRoot\System32\drivers\afd.sys F779B000 - \SystemRoot\system32\DRIVERS\netbios.sys F787B000 - \SystemRoot\System32\Drivers\StarOpen.SYS F7893000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F77AB000 - \SystemRoot\system32\DRIVERS\wanarp.sys F34CA000 - \SystemRoot\system32\DRIVERS\rdbss.sys F6100000 - \??\C:\WINDOWS.0\system32\drivers\pclepci.sys F3433000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F77BB000 - \SystemRoot\System32\Drivers\Fips.SYS F3420000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7B41000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F305D000 - \SystemRoot\system32\DRIVERS\A0380Vid.sys F77CB000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F78A3000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F60FC000 - \SystemRoot\system32\DRIVERS\usbscan.sys F78AB000 - \SystemRoot\system32\DRIVERS\usbprint.sys F78B3000 - \SystemRoot\system32\DRIVERS\USBKey.sys F77FB000 - \SystemRoot\System32\Drivers\Cdfs.SYS F3045000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7B45000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F3628000 - \SystemRoot\System32\drivers\Dxapi.sys F78C3000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C28000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BAD00000 - \SystemRoot\system32\DRIVERS\ndisuio.sys B89DB000 - \SystemRoot\system32\drivers\wdmaud.sys BAD70000 - \SystemRoot\system32\drivers\sysaudio.sys B8939000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F7B11000 - \SystemRoot\System32\Drivers\ParVdm.SYS BFFA0000 - \SystemRoot\System32\ATMFD.DLL B7861000 - \SystemRoot\system32\DRIVERS\srv.sys B784D000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys B78FF000 - \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS F7B4B000 - \SystemRoot\System32\Drivers\vnccom.SYS B727E000 - \SystemRoot\System32\Drivers\HTTP.sys B597A000 - \SystemRoot\system32\drivers\kmixer.sys F7BCD000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 126 Liste des programmes installes Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe PDF Library Files Adobe Reader 8.1.2 - Français Adobe Setup Adobe Setup Adobe Setup Adobe Type Support Adobe WinSoft Linguistics Plugin Apple Mobile Device Support Apple Software Update Archiveur WinRAR Assistant de connexion Windows Live AutoUpdate Avira AntiVir Personal – Free Antivirus Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB918093) Correctif pour Windows XP (KB935448) DivX DVD Decoder Pak for Windows XP EasyCafe Server 2.2 (Firewall Edition) EasyPHP 2.0b1 FileZilla Client 3.0.6 First Step Guide Free DVD Ripper Version 2.25 getPlus®_dll GIMP 2.4.3 Google Desktop Google Earth Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer GTK+ 2.10.13 runtime environment Hexacolor 3.0 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hollywood FX 5.5 Additional Effects Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Htmledit v2.6.3 ImageMixer VCD2 Inkscape 0.45.1 iTunes Java 2 Runtime Environment, SE v1.4.2 Java 6 Update 3 Java 6 Update 5 Karen's Print Logger KONICA MINOLTA magicolor 2480MF Lecteur Windows Media 11 magicolor 2480MF scan Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB948881) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mozilla Firefox (2.0.0.14) Mozilla Thunderbird (2.0.0.14) MSVC80_x86 MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) MultipleIEs MyDsc2 Nero 7 Essentials Nokia Connectivity Cable Driver Nokia Lifeblog 2.1 Nokia MTP driver Nokia Multimedia Factory Nokia Multimedia Factory Nokia PC Suite Nokia PC Suite Nokia Software Launcher Nokia Video Manager Nokia Video Manager NVIDIA Drivers ooVoo OpenOffice.org 2.4 Outil de mise à jour Google Package de pilotes Windows - Nokia Modem (03/05/2008 3.7) Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1) Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2) Package de pilotes Windows - Nokia Modem (10/12/2007 3.6) Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) PC Connectivity Solution PDF Settings PDFCreator PE Builder 3.1.10a Picture Package Pinnacle Hollywood FX for Studio PowerDVD PRIMUSTAXE PSPad editor QuickTime quranradio Toolbar RealPlayer REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Samsung PC Studio 3 ScanSoft PaperPort 10 Security Update for Excel 2007 (KB946974) Security Update for Office 2007 (KB947801) Security Update for Outlook 2007 (KB946983) Security Update for Publisher 2007 (KB936646) Security Update for the 2007 Microsoft Office System (KB936960) Security Update for Visio 2007 (KB947590) Skype™ 3.6 SmartSound Quicktracks Plugin SmartSound Quicktracks Plugin Sony USB Driver Sothink SWF Decompiler Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy Studio 9 Studio 9 Content CD/DVD SUPER © Version 2008.bld.30 (Mar 22, 2008) UBCD4Win 3.13 Update for Office 2007 (KB932080) Update for Office 2007 (KB934391) Update for Office 2007 (KB934393) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb949037) Update for Word 2007 (KB934173) USB20_PC_Camera_Driver VideoLAN VLC media player 0.8.6b VoipDiscount WD Diagnostics WebFldrs XP Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Yawcam v0.3.0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 00B1-7C45 Répertoire de C:\Program Files 03/06/2008 17:14 <REP> . 03/06/2008 17:14 <REP> .. 12/03/2008 10:12 <REP> Adobe 28/01/2008 13:32 <REP> AdorageI-GfxDatas 28/01/2008 13:30 <REP> AdorageI-SAL 13/11/2007 08:39 <REP> Alwil Software 04/01/2008 12:44 <REP> AML Products 28/01/2008 13:45 <REP> aod 04/01/2008 13:14 <REP> Apple Software Update 05/01/2008 20:09 <REP> AutoWebCam 31/05/2008 10:11 <REP> Avira 02/01/2008 15:01 <REP> AviSynth 2.5 09/11/2007 21:43 <REP> AvRack 12/03/2008 18:02 <REP> BeDesk Express Facturation 4 23/02/2008 15:14 <REP> Bonjour 06/12/2007 19:18 <REP> Borland 09/11/2007 17:14 <REP> Cener Development 09/11/2007 17:14 <REP> Clock 09/11/2007 16:58 <REP> ComPlus Applications 24/05/2008 09:12 <REP> Converter 09/11/2007 17:14 <REP> Cpuz 08/02/2008 16:26 <REP> CyberLink 26/05/2008 11:02 <REP> CZ Solution 12/03/2008 16:07 <REP> Data-Concept 17/03/2008 15:44 <REP> DIFX 28/01/2008 14:04 <REP> DivX 02/01/2008 15:13 <REP> DVD Decrypter 15/01/2008 18:20 <REP> EasyPHP 2.0b1 22/04/2008 11:59 <REP> eRightSoft 09/11/2007 17:14 <REP> Everest 14/04/2008 11:01 <REP> Fichiers communs 04/02/2008 11:33 <REP> FileZilla Client 19/02/2008 16:56 <REP> FLIP Flash Album Free 09/11/2007 17:14 <REP> FoxitReader 03/01/2008 11:19 <REP> Free DVD Ripper 24/12/2007 14:17 <REP> Gimp Pack Mode 26/01/2008 13:11 <REP> GIMP-2.0 05/05/2008 13:44 <REP> Google 19/01/2008 14:57 <REP> Hexacolor 10/04/2008 11:20 <REP> Htmledit 13/11/2007 10:49 <REP> HyperTechnologies 08/02/2008 12:38 <REP> Inkscape 09/11/2007 22:47 <REP> Intel 09/04/2008 23:20 <REP> Internet Explorer 04/01/2008 13:17 <REP> iPod 04/01/2008 13:17 <REP> iTunes 14/04/2008 18:39 <REP> Java 14/01/2008 19:24 <REP> Karen's Power Tools 23/12/2007 17:08 <REP> KONICA MINOLTA 23/02/2008 14:20 <REP> Macromedia 03/06/2008 17:14 <REP> Malwarebytes' Anti-Malware 03/01/2008 10:59 <REP> MediaCoder 09/11/2007 17:04 <REP> microsoft frontpage 09/11/2007 17:14 <REP> Microsoft Games 06/12/2007 18:46 <REP> Microsoft Office 06/12/2007 18:46 <REP> Microsoft Visual Studio 06/12/2007 18:46 <REP> Microsoft Works 22/04/2008 10:48 <REP> Movie Maker 04/06/2008 16:58 <REP> Mozilla Firefox 04/06/2008 11:50 <REP> Mozilla Thunderbird 28/04/2008 15:06 <REP> Mp3 My Mp3 2.0 06/12/2007 18:46 <REP> MSBuild 09/11/2007 16:58 <REP> MSN Gaming Zone 09/11/2007 23:04 <REP> MSN Messenger 09/11/2007 17:02 <REP> MSXML 4.0 06/12/2007 20:23 <REP> MSXML 6.0 28/03/2008 10:15 <REP> MultipleIEs 30/01/2008 19:37 <REP> MyFreeTV 13/05/2008 15:59 <REP> Naevius YouTube Converter 06/12/2007 18:13 <REP> Nero 05/12/2007 10:08 <REP> NetMeeting 14/04/2008 10:59 <REP> Nokia 31/03/2008 17:34 <REP> ooVoo 01/04/2008 10:30 <REP> OpenOffice.org 2.4 09/11/2007 17:14 <REP> Outils Orkas 23/12/2007 01:07 <REP> Outlook Express 14/04/2008 11:00 <REP> PC Connectivity Solution 03/01/2008 19:31 <REP> PDFCreator 05/01/2008 20:34 <REP> PhotoCam 09/11/2007 17:14 <REP> PhotoFiltre Studio 28/01/2008 13:58 <REP> Pinnacle 22/01/2008 16:06 <REP> PIXELA 04/06/2008 18:17 <REP> PRIMUSTAXE 24/05/2008 09:10 <REP> proDAD 15/01/2008 18:33 <REP> PSPad editor 04/01/2008 13:16 <REP> QuickTime 02/02/2008 13:24 <REP> quranradio 28/04/2008 13:28 <REP> Ratajik Software 28/01/2008 13:45 <REP> Real 06/12/2007 18:01 <REP> Realtek 09/11/2007 21:43 <REP> Realtek AC97 09/11/2007 21:43 <REP> Realtek Sound Manager 22/02/2008 11:28 <REP> Samsung 27/12/2007 12:55 <REP> ScanSoft 09/11/2007 17:00 <REP> Services en ligne 13/11/2007 10:24 <REP> Skype 28/01/2008 12:50 <REP> SmartSound Software 22/01/2008 16:03 <REP> Sony Corporation 23/02/2008 19:27 <REP> SourceTec 31/05/2008 13:42 <REP> Spybot - Search & Destroy 06/12/2007 19:18 <REP> TinaSoft 09/11/2007 17:14 <REP> Topdesk 24/05/2008 09:06 <REP> Total Video Converter 09/11/2007 17:14 <REP> UberIcon 24/05/2008 09:04 <REP> UltraVNC 26/07/2002 18:02 153 088 UNWISE.EXE 30/01/2008 18:19 <REP> VideoLAN 23/12/2007 17:28 <REP> VoipDiscount.com 24/12/2007 12:28 <REP> Webcam 28/03/2008 15:49 <REP> Western Digital Technologies 06/12/2007 19:48 <REP> Windows Live 09/11/2007 17:02 <REP> Windows Media Connect 2 05/12/2007 10:28 <REP> Windows Media Player 05/12/2007 10:31 <REP> Windows NT 09/11/2007 17:14 <REP> Windows Photo Gallery 09/11/2007 17:14 <REP> Windows Sidebar 13/11/2007 11:43 <REP> winlock 05/12/2007 10:29 <REP> WinRAR 09/11/2007 17:05 <REP> xerox 25/12/2007 21:14 <REP> Yawcam 1 fichier(s) 153 088 octets 120 Rép(s) 74 183 716 864 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 00B1-7C45 Répertoire de C:\Program Files\fichiers communs 14/04/2008 11:01 <REP> . 14/04/2008 11:01 <REP> .. 23/02/2008 15:14 <REP> Adobe 18/02/2008 12:21 <REP> Adobe Systems Shared 06/12/2007 18:30 <REP> Ahead 04/01/2008 13:12 <REP> Apple 06/12/2007 18:46 <REP> DESIGNER 24/12/2007 14:34 <REP> GTK 22/01/2008 16:04 <REP> InstallShield 13/11/2007 11:10 <REP> Java 23/02/2008 14:22 <REP> Macromedia 23/02/2008 14:23 <REP> Macromedia Shared 23/02/2008 15:02 <REP> Macrovision Shared 04/04/2008 09:11 <REP> Microsoft Shared 09/11/2007 16:59 <REP> MSSoap 22/01/2008 16:03 <REP> muvee Technologies 14/04/2008 11:01 <REP> Nokia 05/02/2008 19:53 <REP> NSV 05/02/2008 19:53 <REP> Nullsoft 09/11/2007 17:42 <REP> ODBC 14/04/2008 11:01 <REP> PCSuite 05/01/2008 18:54 <REP> Real 27/12/2007 12:55 <REP> Scansoft Shared 05/12/2007 10:08 <REP> Services 06/12/2007 19:41 <REP> Skype 23/02/2008 19:20 <REP> SourceTec 09/11/2007 17:42 <REP> SpeechEngines 23/12/2007 01:07 <REP> System 05/01/2008 18:54 <REP> xing shared 0 fichier(s) 0 octets 29 Rép(s) 74 183 725 056 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 00B1-7C45 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 06/12/2007 18:43 <REP> . 06/12/2007 18:43 <REP> .. 06/12/2007 18:43 <REP> 1036 26/10/2006 20:49 970 528 MSONSEXT.DLL 26/10/2006 21:12 40 256 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 4 fichier(s) 1 260 754 octets 3 Rép(s) 74 183 725 056 octets libres c:\Documents and Settings\Administrateur\IXP000.TMP\VCREDI~3.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\GoogleToolbarInstaller_fr.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\jinstaller142.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{072D1F91-44E7-4212-AB9B-6B70CC9BA4EF}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{296E015E-0A2A-4FA9-90F7-9BFD3460A6B7}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{2B367649-81F9-4781-AAB5-CA989B76E7CA}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{53E6A05B-18CF-4AC7-B21A-8CD1769A381B}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{5E4DABB6-B965-402B-879B-9335A0C7DBC4}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{707C55D9-C32E-47E8-A36C-4ABF01135760}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{A3C03373-EA3B-4317-89CD-B7A4C782162F}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{A91BF1EC-AC19-4274-A845-F55DA6E25130}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{ADF6E4E8-6DB7-401E-9662-E5D557FD6703}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{BE9FAB71-D030-4BB8-9F9B-D6DA9314E4E2}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{C060BB87-AEEF-452B-87FD-704E87044791}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{CB6190CA-2E89-4E1D-A9AB-B83FCC7E0DF1}\sign.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{D699059D-4B03-4440-8FE9-281EC3789EAE}\sign.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{CC3BB986-C785-4373-AE86-1F369C6A9B63}\_10366384BFE0F2643D649E.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{CC3BB986-C785-4373-AE86-1F369C6A9B63}\_FF113621F82C2AF9D5DC27.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\3D.exe c:\Documents and Settings\Administrateur\Bureau\algerian news papers.exe c:\Documents and Settings\Administrateur\Bureau\hd.exe c:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\tar.exe c:\Documents and Settings\Administrateur\IXP000.TMP\VCREDI~3.EXE c:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe\Updater5\Install\flash9-fr_FR\flash9-fr_FR_9_0_2_Update.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3512\Setup.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3512\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3512\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3512\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3512\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3512\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3984\Setup.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3984\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3984\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3984\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3984\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\Installer3984\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\_ISDel.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\1tyto4jz.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\40comupd.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\5553rx6p.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\66q6taa5.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\DPInst.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\DPInst64.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\easycafe_server.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\GoogleToolbarInstaller_fr.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\i42ne94e.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\jinstaller142.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Nokia_Multimedia_Factory_2_0.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Nokia_PC_Suite_rel_6_86_9_0_fre.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\NokiaVideoManager1.6.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\occ.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\ose00000.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\PnPutil.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\r49vftbe.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\SkypeSetup.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\uninstall.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\7zS2.tmp\winvnc.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Adobe Reader 8\Setup.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\codecs\x264.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\DRDld\mbam-setup.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\ICD1.tmp\jinstall.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\IPMx2\Setup.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\IPMx2\x64\Difx64.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher2304\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher2464\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3224\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3224\StagingArea\1393.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3224\StagingArea\1423.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3224\StagingArea\1732.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3412\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3504\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3508\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3508\StagingArea\4185.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3524\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3524\StagingArea\1074.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3524\StagingArea\1243.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3524\StagingArea\1342.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3852\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher3852\StagingArea\12801.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\Patcher\Patcher596\RTPatch\patch.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\WD_36.tmp\INSTALL.EXE c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\50ComUpd.Exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\q311542_WXP_SP1_x86_ENU.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ARA.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CHS.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CHT.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CSY.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-DAN.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-DEU.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ELL.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ENU.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ESN.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-FIN.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-FRA.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-HEB.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-HUN.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ITA.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-JPN.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-KOR.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-NLD.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-NOR.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PLK.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PTB.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PTG.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-RUS.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-SVE.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\{9C8412E5-F074-4EA2-B4B0-F88E261FAFB1}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-TRK.exe c:\Documents and Settings\Administrateur\Mes documents\INSTALL.EXE c:\Documents and Settings\Administrateur\Mes documents\ptprnlog-setup.exe c:\Documents and Settings\Administrateur\Mes documents\SUPERsetup.exe c:\Documents and Settings\Administrateur\Mes documents\dvdxp\fo-pdvd4.exe c:\Documents and Settings\Administrateur\Mes documents\dvdxp\French.exe c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\PowerpointImageExtractor.exe c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Reflet.exe c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Micro Application Dessinateur Studio 2003 Fr\Micro Application Dessinateur Studio Fr\AUTORUN.EXE c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Micro Application Dessinateur Studio 2003 Fr\Micro Application Dessinateur Studio Fr\NAVIGMA.EXE c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Micro Application Dessinateur Studio 2003 Fr\Micro Application Dessinateur Studio Fr\mm_ress\DEPANN\_ISDEL.EXE c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Micro Application Dessinateur Studio 2003 Fr\Micro Application Dessinateur Studio Fr\mm_ress\DEPANN\REGOCX32.EXE c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Micro Application Dessinateur Studio 2003 Fr\Micro Application Dessinateur Studio Fr\mm_ress\DEPANN\SETUP.EXE c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Micro Application Dessinateur Studio 2003 Fr\Micro Application Dessinateur Studio Fr\setup\Setup.exe c:\Documents and Settings\Administrateur\Mes documents\usb mars08\20080116114650468_Samsung_PC_Studio_WINXP_313_GK2.exe c:\Documents and Settings\Administrateur\Mes documents\usb mars08\youtube_converter.exe c:\Documents and Settings\Administrateur\Mes documents\usb mars08\Alcohol 120 v.1.9.6 full version+serial\Alcohol120_1.9.6.5429_Retail.exe c:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\3D.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_fre.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Installer\CommonCustomActions\UninstCCD.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Installer\CommonCustomActions\UninstPCS.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Installer\CommonCustomActions\UninstPCSFEMsi.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_fre_web.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe c:\Documents and Settings\All Users.WINDOWS\Documents\20080116114650468_Samsung_PC_Studio_WINXP_313_GK2.exe c:\Documents and Settings\All Users.WINDOWS\Documents\easysetup.exe c:\Documents and Settings\All Users.WINDOWS\Documents\iTunesSetup.exe c:\Documents and Settings\All Users.WINDOWS\Documents\motherboard_monitor_language_pack_francais_francais_9626.exe c:\Documents and Settings\All Users.WINDOWS\Documents\motherboard_monitor_motherboard_monitor_5.3.7.0_francais_9626.exe c:\Documents and Settings\All Users.WINDOWS\Documents\Nokia_PC_Suite_rel_6_85_14_1_fre_web.exe c:\Documents and Settings\All Users.WINDOWS\Documents\OOo_2.4.0_Win32Intel_install_fr.exe c:\Documents and Settings\All Users.WINDOWS\Documents\PDFCreator-0_9_5_setup.exe c:\Documents and Settings\All Users.WINDOWS\Documents\pebuilder3110a.exe c:\Documents and Settings\All Users.WINDOWS\Documents\Setup_FreeVideoConverter.exe c:\Documents and Settings\All Users.WINDOWS\Documents\setupvoipdiscount.exe c:\Documents and Settings\All Users.WINDOWS\Documents\UltraVNC-102-Setup-Fr.exe c:\Documents and Settings\All Users.WINDOWS\Documents\VideoGetInstaller_trial.exe c:\Documents and Settings\All Users.WINDOWS\Documents\WebCam3GDrvsV2_0505.EXE c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\alcchkid.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\alcrmv.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\alcrmv64.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\alcrmv9x.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\alcupd.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\AlcUpd64.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\ALCXDEV.EXE c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\ChCfg.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\GETDXVER.EXE c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\SetCDfmt.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\setup.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\Ap\AvRack2.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\Ap\MPIE4STD.EXE c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\Ap\Mpstd.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\Ap\RtlRack.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\WDM\alcrmv.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\WDM\alcrmv64.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\WDM\ChCfg.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\WDM\CPLUtl64.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\WDM\RTLCPL.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\WDM\SoundMan.exe c:\Documents and Settings\All Users.WINDOWS\Documents\realtek\WinNT4\SoundMan.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\3D.exe c:\Documents and Settings\Default User\IXP000.TMP\VCREDI~3.EXE c:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\Quick Launch\3D.exe c:\Documents and Settings\Default User.WINDOWS\IXP000.TMP\VCREDI~3.EXE c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\hglwy98u.default\extensions\{3bc418d7-ec15-4914-a9c8-5cbec3194dbd}\components\FFAlert.dll c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\hglwy98u.default\extensions\{3bc418d7-ec15-4914-a9c8-5cbec3194dbd}\components\npmozax.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Macromedia\Flash MX 2004\en\Configuration\authplay.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Macromedia\Flash MX 2004\en\Configuration\Importers\AI_EPS_PDF_Import.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Macromedia\Flash MX 2004\en\Configuration\Importers\AIImport.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Macromedia\Flash MX 2004\en\Configuration\Importers\FhDbRdr.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Macromedia\Flash MX 2004\en\Configuration\Importers\Fireworks Library.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Seven Zip\Codecs\7zAes.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Seven Zip\Codecs\Aes.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Seven Zip\Codecs\Branch.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Seven Zip\Codecs\Copy.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Seven Zip\Codecs\LZMA.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Seven Zip\Codecs\Swap.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Seven Zip\Formats\7z.dll c:\Documents and Settings\Administrateur\Mes documents\Haci Karim\productions\Micro Application Dessinateur Studio 2003 Fr\Micro Application Dessinateur Studio Fr\mm_ress\DEPANN\_SETUP.DLL c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_LACYBERTOUR.tar.gz a l'adresse http://upload.malekal.com

Dans le répertoire diaghelp, quel est le fichier que je dois exécuter ? ---- Pardon, je viens de voir le lien vers le tuto.

J'ai mis adblock sur FF et configuré les options internet pour ie. Les pubs sont toujours là. Mais je suis sure que ce n'est pas du script sur les sites qui fait apparaitre les pubs mais bien un malware.

Je me sers principalement de firefox. Pouvez vous m'aider à nettoyer pour ie ? --------- Finalement j'ai la pub encore sous firefox

PRIMUSTAXE.exe c'est ok. Logiciel de taxation Je fais un hijack avec suppression A0380monitor ------- J'ai supprimé A0380mon.exe avec hijack, j'ai encore la pub (sous ie), aparament c'est réglé avec firefox.

Je ne connais pas A0380monitor. A quoi sert-il et faut-il le supprimer ? J'ai fais ce que vous m'avez indiqué puis j'ai redémarré le pc. Les pubs sont encore présentes.

Bonjour pear, J'ai effectué le scan avec Malwarebytes, voici le log Malwarebytes' Anti-Malware 1.14 Version de la base de données: 817 11:18:02 04/06/2008 mbam-log-6-4-2008 (11-18-02).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 208462 Temps écoulé: 49 minute(s), 49 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Merci pour cette aide rapide. J'effectue ses opérations et je vous informe.

Bonjour, Je me suis inscrit aujourd'hui à cause d'un problème de fenêtres surgissantes. J'ai déjà essayé avec spybot et un scan avira sans succès. J'ai installé hijackthis et ai procédé au scan. Je vous demande de bien vouloir m'aider à me débarrasser de l'intrus qui me dérange autant sous ie7 que firefox 2.0 Voici le log hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:06:15, on 03/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\RTHDCPL.EXE C:\WINDOWS.0\system32\RUNDLL32.EXE C:\WINDOWS.0\system32\DHTray.exe C:\WINDOWS.0\system32\A0380mon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS.0\system32\nvsvc32.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Karen's Power Tools\Print Logger\PrnLog.exe C:\WINDOWS.0\system32\svchost.exe C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\PRIMUSTAXE\PRIMUSTAXE.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\ScanSoft\PaperPort\PaprPort.exe C:\Program Files\ScanSoft\PaperPort\PPLINKS.EXE C:\Program Files\ScanSoft\PaperPort\ppscanmg.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Documents and Settings\Administrateur.ORKAS\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: quranradio toolbar - {3bc418d7-ec15-4914-a9c8-5cbec3194dbd} - C:\Program Files\quranradio\tbqura.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: quranradio toolbar - {3bc418d7-ec15-4914-a9c8-5cbec3194dbd} - C:\Program Files\quranradio\tbqura.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: quranradio toolbar - {3bc418d7-ec15-4914-a9c8-5cbec3194dbd} - C:\Program Files\quranradio\tbqura.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DHTray] C:\WINDOWS.0\system32\DHTray.exe O4 - HKLM\..\Run: [A0380monitor] C:\WINDOWS.0\system32\A0380mon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS.0\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\winvnc.exe" -servicehelper O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: PrnLog.lnk = C:\Program Files\Karen's Power Tools\Print Logger\PrnLog.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.org/downloads/FontDown.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196963090125 O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.32.162.downloads.estara.com...796187OneCC.cab O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FCB0455F-7F4D-4CEC-9B4A-C6C7F7B6FD02}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe (file missing) -- End of file - 13631 bytes