Zonega

Cela semble bon.... merci ! Pas de nouveau message pour l'instant !

Il me semble qu'on avait désactivé la restauration, redémarré et ensuite réactivé la restauration pourtant. Bon je suis tes conseils de suite ! Merci

Bonjour, A peine sorti d'une désinfection menée de main de maître par Thanos (merci à lui), me voilà avec un message de ANTIVIR sur un cheval de troie : C:\System Volume Information\...\A0000026.exe Si quelqu'un sait faire quelque-chose... J'ai toujours fait "Deny accesss" mais le message revient de temps à autre et je présume qu'une action est nécessaire ! A+ Zon'

Re, En réponse à la question sur le logiciel : non, je n'ai jamais installé ce type de logiciel (mes enfants sont encore trop jeunes pour être livrés à eux même sur le net et le seul à part moi qui touche au clavier est mon chat qui parfois s'allonge dessus... le vilain ! et franchement je me fiche de ce qu'il pourrait taper ! ) Je modifie avec grand plaisir le titre du post en RESOLU, et dès que je serai rentré du boulot je posterai sur Malware complaints. Merci encore pour ta disponibilité et ton efficacité. Je recommanderai ce forum à ceux qui en ont besoin ! A+ Zonega

â ê î ô û !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Génial ! Pour ce qui est de crackweppack, je ne sais plus où j'ai trouvé ça... possible que ce soit en P2P... (après avoir lu un post sur la sécurité des clés wep). Merci merci merci ! Tes explications ont été claires et très précises ! Je ne saurais que recommander ce forum à mes proches en cas de soucis ! Est-ce qu'il existe un tuto quelque-part qui permet de faire un entretien régulier pour éviter ce genre d'infection ? En tout cas, je poste comme demandé les 2 rapports ci-dessous ! A+ Rapport Malwarebytes : Malwarebytes' Anti-Malware 1.15 Version de la base de données: 839 10:22:21 08/06/2008 mbam-log-6-8-2008 (10-22-21).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 259567 Temps écoulé: 49 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\WService.exe (BackDoor.ProRat) -> Quarantined and deleted successfully. Rapport Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:24:22, on 08/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\VM305_STI.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Eovia\Hexagon 2\Hexagon.exe C:\Documents and Settings\Bureau\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\Bureau\LOCALS~1\Temp\E_S7.tmp" /EF "HKCU" O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/crazytalk4.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://zonegafrance.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - http://www.reallusion.com/plug-in/rltts.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B8419552-B03F-4A89-88A5-1803C5624C2C}: NameServer = 194.117.200.10,194.117.200.15 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 12253 bytes

Re, Mon Pc a l'air de fonctionner correctement, je trouve meme qu'il a gagné en rapidité ! Question peut-etre idiote.... avec Hijackthis, une fois que j'ai fais le scan, faut-il que je coche les cases et que je fix checked ? Je n'ai malheureusement pas récupéré mon accent circonflexe ou alors il faut que j'appuie longtemps dessus pour me retrouver avec 2 accents circonflexes : ^^ pour mettre un accent sur un A... impossible en tapant (circonflexe+a) Je sens bien cependant une amélioration dans le fonctionnement, toute cette procédure n'a pas été vaine ! Merci et si suite il y a, je l'attends avec impatience ! A+ Logfile of HijackThis v1.99.1 Scan saved at 20:44:07, on 07/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\VM305_STI.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\WsStat.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe C:\WINDOWS\system32\WService.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\WINDOWS\twain_32\A4CIS600\WATCH.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [WService] WService.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [WsStat] C:\WINDOWS\system32\WsStat.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WsStat] C:\WINDOWS\system32\WsStat.exe O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\Bureau\LOCALS~1\Temp\E_S7.tmp" /EF "HKCU" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/crazytalk4.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://zonegafrance.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - http://www.reallusion.com/plug-in/rltts.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B8419552-B03F-4A89-88A5-1803C5624C2C}: NameServer = 194.117.200.10,194.117.200.15 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

Mais ce fameux Crack Wep Pack n'est pas un crack logiciel, c'est un logiciel qui permet de vérifier la solidité des clés wep des réseaux wifi et il est (sauf erreur de ma part : free). Il va de soit aussi qu'on ne peut utiliser ce logiciel légalement que sur son propre réseau ou avec accord du propriétaire. J'ai d'ailleurs tenté de vérifier ma clé sans résultat... Les infections par messenger sont je crois très fréquentes par contre. Quelques un de mes contacts envoient des messages sans être en ligne.... avec des liens à cliquer (DANGER). Pour ce qui est du P2P, après lecture de ton lien, effectivement.... ça fait peur ! Je reconnais quelques "déconnades" de mon XP ! Comme pour le tabac... va falloir arrêter ! Merci des conseils ! Pour la suite des opérations, je m'y colle à mon retour dans mon Home Sweet Home ! Merci encore à+

Re, Pour ce qui est des deux exams de fichiers SYS... fichiers introuvables... Suite ce soir vers 20h car je "travaille plus" pour travailler plus.... Rapport de Kaspersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, June 07, 2008 12:10:25 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 7/06/2008 Kaspersky Anti-Virus database records: 836369 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 219348 Number of viruses found: 9 Number of infected objects: 20 Number of suspicious objects: 1 Duration of the scan process: 02:18:13 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Bureau\Application Data\$_hpcst$.hpc Object is locked skipped C:\Documents and Settings\Bureau\Bureau\Navilog1.exe/file11 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Bureau\Bureau\Navilog1.exe Inno: infected - 1 skipped C:\Documents and Settings\Bureau\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Temp\WCESLog.log Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Temp\~DF78.tmp Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Temp\~DF9099.tmp Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Bureau\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Bureau\ntuser.dat Object is locked skipped C:\Documents and Settings\Bureau\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\starwind.2008-06-06.23-35-58.log Object is locked skipped C:\Program Files\DivX\DivX Pro Codec\Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP468\A0095475.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP468\A0095475.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP468\A0095475.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP468\A0095475.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP468\A0095475.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP469\A0095665.exe Infected: Trojan.Win32.Agent.ixf skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP479\A0100084.exe Infected: Trojan.Win32.Obfuscated.aqn skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP499\A0102433.exe Infected: Trojan.Win32.Obfuscated.aqn skipped C:\System Volume Information\_restore{C5D84AB2-7670-47FA-858C-5C6120864935}\RP515\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\S9AF3F20B.tmp Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\WindowsPowerShell.evt Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\WsStat.exe Suspicious: not-a-virus:RemoteAdmin.Win32.eSurveiller.120 skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Cocci pour portable\$OEM$\$$\System32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped D:\Mes Documents\LOGICIELS\CrackWepPack_v0.1_11-11-2005.exe/file11 Infected: not-a-virus:PSWTool.Win32.AirCrack.a skipped D:\Mes Documents\LOGICIELS\CrackWepPack_v0.1_11-11-2005.exe/file20 Infected: Trojan-Spy.Win32.Banker.nlh skipped D:\Mes Documents\LOGICIELS\CrackWepPack_v0.1_11-11-2005.exe Inno: infected - 2 skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\WinLite.iso/$OEM$/$$/System32/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped D:\WinLite.iso ISOimage: infected - 1 skipped Scan process completed.

Salut, Flute (je sais y a un accent normalement) a mon réveil, je suis allé voir le rapport de scan et il était revenu au début... je relance un scan ! Pour ce fichier (aj7b6p67.SYS) et pour l'autre, j'ai cherché mais je ne trouve pas sur mon pc.

Re, Voici déjà le rapport de Navilog. Le scan de l'antivirus en ligne est en court, il y en a pour un bon moment me semble-t-il... donc je le laisse bosser comme un grand et m'en vais fermer les noeils.... suite demain matin ! Clean Navipromo version 3.5.7 commencé le 06/06/2008 à 23:33:36,70 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Bureau" Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Bureau\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1.CO~\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Bureau\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.000\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Bureau\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.CO~\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Bureau\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.000\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Bureau\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Bureau\locals~1\applic~1" * kymaquo.dat trouvé ! Copie kymaquo.dat réalisée avec succès ! kymaquo.dat supprimé ! kymaquo_nav.dat trouvé ! Copie kymaquo_nav.dat réalisée avec succès ! kymaquo_nav.dat supprimé ! kymaquo_navps.dat trouvé ! Copie kymaquo_navps.dat réalisée avec succès ! kymaquo_navps.dat supprimé ! kymaquo.exe trouvé ! Copie kymaquo.exe réalisée avec succès ! kymaquo.exe supprimé ! * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Dans "C:\DOCUME~1\ADMINI~1.CO~\locals~1\applic~1" * * Dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 06/06/2008 à 23:36:57,07 ***

Salut, Pas de mal pour l'attente, je my mets dès mon retour du boulot ce soir et je poste tout ça ! Merci encore ! (Je suis admiratif du détail dans les explications et de votre disponibilité ! Chapeau !)

Quelle est la démarche à suivre maintenant SVP ?

J'ai oublié de mettre quelque chose ?

Alors premier rapport : Search Navipromo version 3.5.7 commencé le 05/06/2008 à 17:27:16,99 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Bureau" Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Bureau\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.000\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Bureau\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.CO~\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Bureau\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.000\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Bureau\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1.CO~\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Bureau\locals~1\applic~1" : kymaquo.dat trouvé ! kymaquo_nav.dat trouvé ! kymaquo_navps.dat trouvé ! * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1.CO~\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 05/06/2008 à 17:37:54,17 *** 2ème rapport : DiagHelp version v1.4 - http://www.malekal.com excute le 05/06/2008 à 17:32:59,65 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->05/06/2008 17:32:31 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->05/06/2008 17:32:29 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->05/06/2008 17:31:24 C:\WINDOWS\prefetch\AGENT.EXE-16E8EE4C.pf -->05/06/2008 17:28:09 C:\WINDOWS\prefetch\CATCHME.EXE-11AC9F51.pf -->05/06/2008 17:27:29 C:\WINDOWS\prefetch\OEM2ANSI.EXE-1252CA57.pf -->05/06/2008 17:27:19 C:\WINDOWS\prefetch\FIND.EXE-0EC32F1E.pf -->05/06/2008 17:27:19 C:\WINDOWS\prefetch\SORT.EXE-194AE83C.pf -->05/06/2008 17:27:17 C:\WINDOWS\prefetch\FINDSTR.EXE-0CA6274B.pf -->05/06/2008 17:27:17 C:\WINDOWS\prefetch\REG.EXE-0D2A95F7.pf -->05/06/2008 17:27:09 C:\WINDOWS\System32\drivers\PnkBstrK.sys -->20/05/2008 17:53:53 C:\WINDOWS\System32\drivers\nocashio.sys -->30/04/2008 09:03:59 C:\WINDOWS\System32\drivers\avipbb.sys -->14/04/2008 16:57:44 C:\WINDOWS\System32\drivers\npf.sys -->11/03/2008 12:09:28 C:\WINDOWS\System32\drivers\merlinC.rom -->08/08/2007 08:03:52 C:\WINDOWS\System32\drivers\ElbyCDIO.sys -->07/08/2007 21:48:33 C:\WINDOWS\System32\drivers\usbsermptxp.sys -->15/07/2007 09:56:48 C:\WINDOWS\System32\CONFIG.NT -->05/06/2008 17:22:00 C:\WINDOWS\System32\tool_en[1].log -->04/06/2008 16:36:24 C:\WINDOWS\System32\perfh00C.dat -->03/06/2008 17:19:06 C:\WINDOWS\System32\perfh009.dat -->03/06/2008 17:19:06 C:\WINDOWS\System32\perfc00C.dat -->03/06/2008 17:19:06 C:\WINDOWS\System32\perfc009.dat -->03/06/2008 17:19:06 C:\WINDOWS\System32\PerfStringBackup.INI -->03/06/2008 17:19:05 C:\WINDOWS\System32\wpa.dbl -->31/05/2008 10:48:38 C:\WINDOWS\System32\PnkBstrB.exe -->20/05/2008 17:53:46 C:\WINDOWS\System32\ulfconfig0103.ulf -->19/05/2008 12:58:27 C:\WINDOWS\System32\initdebug.nfo -->06/05/2008 08:04:27 C:\WINDOWS\System32\CmdLineExt03.dll -->01/05/2008 20:42:15 C:\WINDOWS\System32\Dvbpws.dll -->29/04/2008 09:55:33 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->18/04/2008 13:33:05 C:\WINDOWS\System32\wsstat.tmp -->14/04/2008 14:16:38 C:\WINDOWS\System32\zlib.dll -->14/04/2008 14:16:37 C:\WINDOWS\System32\PnkBstrA.exe -->08/04/2008 12:36:44 C:\WINDOWS\System32\myodbc3.dll -->11/03/2008 12:09:36 C:\WINDOWS\System32\FNTCACHE.DAT -->26/02/2008 14:15:49 C:\WINDOWS\System32\javaws.exe -->22/02/2008 02:33:32 C:\WINDOWS\System32\javacpl.cpl -->22/02/2008 02:33:31 C:\WINDOWS\System32\javaw.exe -->22/02/2008 01:23:39 C:\WINDOWS\System32\java.exe -->22/02/2008 01:23:35 C:\WINDOWS\System32\divxg400.htm -->20/02/2008 19:16:41 C:\WINDOWS\System32\DivXG400.ax -->20/02/2008 19:16:41 C:\WINDOWS\SchedLgU.Txt -->05/06/2008 17:25:00 C:\WINDOWS\ntbtlog.txt -->05/06/2008 17:23:13 C:\WINDOWS\WindowsUpdate.log -->05/06/2008 17:22:43 C:\WINDOWS\wiadebug.log -->05/06/2008 15:49:42 C:\WINDOWS\0.log -->05/06/2008 15:47:11 C:\WINDOWS\wiaservc.log -->05/06/2008 15:46:52 C:\WINDOWS\bootstat.dat -->05/06/2008 15:45:43 C:\WINDOWS\setupapi.log -->04/06/2008 18:00:38 C:\WINDOWS\TSC.INI -->04/06/2008 17:58:32 C:\WINDOWS\TMUPDATE.DLL -->04/06/2008 17:55:18 C:\WINDOWS\UNZIP.DLL -->04/06/2008 17:55:17 C:\WINDOWS\PATCH.EXE -->04/06/2008 17:55:17 C:\WINDOWS\NeroDigital.ini -->04/06/2008 17:01:46 C:\WINDOWS\msnfix.txt -->04/06/2008 16:36:04 C:\WINDOWS\MEMORY.DMP -->04/06/2008 14:55:20 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Unsigned ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 308 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x771b0000 0xce000 7.00.5730.0011 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x74b30000 0x3b000 7.00.5730.0011 C:\WINDOWS\system32\webcheck.dll 0x65780000 0x23000 4.07.0997.0000 C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x00e40000 0xe000 C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x01940000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x61410000 0x124000 7.00.5730.0011 C:\WINDOWS\system32\urlmon.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x02750000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x032d0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02910000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x034b0000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x65af0000 0xa000 7.00.5730.0011 C:\WINDOWS\system32\jsproxy.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x03f40000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x60510000 0x18000 2.00.50727.0042 C:\WINDOWS\system32\dfshim.dll 0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll 0x10000000 0x14000 2.07.0003.0002 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll 0x03b20000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL 0x01e50000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x02010000 0x13000 4.55.0000.0000 C:\Program Files\7-Zip\7-zip.dll 0x012d0000 0xf000 C:\DOCUME~1\Bureau\LOCALS~1\Temp\catchme.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 996 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x17000 6.14.0010.4100 C:\WINDOWS\system32\Ati2evxx.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\WINDOWS\temp 27/02/2004 18:14 208 896 alcupd.exe 17/09/2003 18:20 221 184 RegModule.exe 19/03/2004 19:28 6 964 736 RTLCPL.exe 26/02/2004 16:53 65 024 soundman.exe 4 fichier(s) 7 459 840 octets 0 Rép(s) 22 558 035 968 octets libres Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\WINDOWS\system 17/07/2002 16:22 4 672 wowpost.exe 1 fichier(s) 4 672 octets 0 Rép(s) 22 558 035 968 octets libres Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\WINDOWS\system32 19/08/2004 19:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 22 558 035 968 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\WINDOWS\Downloaded Program Files 04/06/2008 18:00 <REP> . 04/06/2008 18:00 <REP> .. 02/02/2008 10:16 <REP> CONFLICT.1 23/06/2006 14:23 508 crazytalk.inf 23/05/2007 16:14 65 desktop.ini 16/05/2006 12:58 24 576 dwusplay.dll 16/05/2006 12:58 196 608 dwusplay.exe 11/04/2007 15:55 1 292 erma.inf 21/09/2007 15:15 727 hcImpl.inf 02/05/2008 14:22 385 536 Housecall_ActiveX.dll 16/05/2006 12:58 484 272 isusweb.dll 22/02/2007 23:41 304 544 MessengerStatsPAClient.dll 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 20/06/2006 16:44 379 704 MsnPUpld.dll 19/06/2006 15:40 393 MsnPUpld.inf 12/04/2005 14:58 77 824 PhtPkMSN.dll 08/04/2005 11:28 1 367 PhtPkMSN.inf 22/09/2004 15:59 110 592 PURen-us.dll 09/01/2007 08:30 110 592 PURfr-fr.dll 15/10/2004 07:59 110 592 PURfr-xx.dll 10/02/2006 18:29 512 rltts.inf 27/03/2007 16:00 5 021 swflash.inf 02/11/2005 18:01 1 777 xscan.inf 02/11/2005 18:07 435 712 xscan53.ocx 19/02/2007 11:26 159 128 ZIntro.ocx 22 fichier(s) 2 792 504 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 02/02/2008 10:16 <REP> . 02/02/2008 10:16 <REP> .. 02/08/2007 12:31 360 320 MsnPUpld.dll 02/08/2007 12:31 67 456 PURen-us.dll 06/08/2007 13:10 68 992 PURfr-fr.dll 3 fichier(s) 496 768 octets Total des fichiers listés : 25 fichier(s) 3 289 272 octets 5 Rép(s) 22 558 035 968 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"="C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe:*:Enabled:Logiciel pour Téléphone Mobile" "C:\\Documents and Settings\\Bureau\\Bureau\\utorrent.exe"="C:\\Documents and Settings\\Bureau\\Bureau\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"="C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror" "C:\\XTREM\\emule.exe"="C:\\XTREM\\emule.exe:*:Enabled:eMule" "C:\\X-Plane 8.64\\X-Plane 864.exe"="C:\\X-Plane 8.64\\X-Plane 864.exe:*:Enabled:X-Plane 864" "C:\\Program Files\\TribalWeb\\tribalweb.exe"="C:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb" "C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv" "C:\\Program Files\\Wings Over Europe\\WOE.exe"="C:\\Program Files\\Wings Over Europe\\WOE.exe:*:Disabled:Wings Over Europe" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe:*:Enabled:Java Platform SE binary" "C:\\Documents and Settings\\Bureau\\Local Settings\\Temp\\Rar$EX00.437\\Server.exe"="C:\\Documents and Settings\\Bureau\\Local Settings\\Temp\\Rar$EX00.437\\Server.exe:*:Enabled:Server" "C:\\Program Files\\THQ\\Frontlines-Fuel of War Beta\\Binaries\\FFOW-Beta.exe"="C:\\Program Files\\THQ\\Frontlines-Fuel of War Beta\\Binaries\\FFOW-Beta.exe:*:Enabled:Frontlines Game" "C:\\Program Files\\Qtracker\\qtracker.exe"="C:\\Program Files\\Qtracker\\qtracker.exe:*:Enabled:Qtracker" "C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Enabled:CrazyTalk" "C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"="C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon:*:Enabled:Vue 6 xStream" "C:\\Program Files\\GigaTribe\\gigatribe.exe"="C:\\Program Files\\GigaTribe\\gigatribe.exe:*:Enabled:gigatribe" "C:\\Program Files\\Metin2_France\\metin2.bin"="C:\\Program Files\\Metin2_France\\metin2.bin:*:Enabled:metin2" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET" "C:\\WINDOWS\\system32\\WsStat.exe"="C:\\WINDOWS\\system32\\WsStat.exe:*:Disabled:WsStat" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner" "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod" "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\\Program Files\\rFactor MP Test\\rFactor MP Test.exe"="C:\\Program Files\\rFactor MP Test\\rFactor MP Test.exe:*:Enabled:rFactor" "C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " "C:\\Program Files\\32nd America's Cup - Demo\\VskAC32_Demo.exe"="C:\\Program Files\\32nd America's Cup - Demo\\VskAC32_Demo.exe:*:Enabled:VskAC32_Demo" "C:\\Program Files\\Octoshape Streaming Services\\Bureau\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Bureau\\OctoshapeClient.exe:*:Enabled:OctoshapeClient" "C:\\Program Files\\GtkRadiant 1.5.0\\GtkRadiant.exe"="C:\\Program Files\\GtkRadiant 1.5.0\\GtkRadiant.exe:*:Enabled:GtkRadiant" "C:\\Program Files\\Mumble\\murmur.exe"="C:\\Program Files\\Mumble\\murmur.exe:*:Enabled:murmur" "C:\\AdventNet\\ME\\EventLog\\jre\\bin\\java.exe"="C:\\AdventNet\\ME\\EventLog\\jre\\bin\\java.exe:*:Enabled:Java 2 Platform Standard Edition binary" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" REGEDIT4 [taskmgr.exe] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000001 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "SynchronousMachineGroupPolicy"=dword:00000000 "SynchronousUserGroupPolicy"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 17:33:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000000 "ujdew"=hex:e6,df,54,86,05,86,60,33,3b,40,6d,f3,ed,56,c2,49,a2,8d,9d,58,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000001 "khjeh"=hex:15,95,c4,9b,4e,d4,35,f2,1b,2a,66,3c,6d,8c,43,45,b3,02,8d,5b,d6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,d0,93,9d,05,c1,a3,27,04,48,bb,7d,24,84,b9,53,0a,06,.. "khjeh"=hex:ab,71,c5,89,0c,ca,3c,93,40,70,11,d8,92,4a,b6,45,54,f9,25,c9,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:d0,4f,fd,55,0f,39,6a,29,40,7a,43,43,fe,c6,04,66,8b,b0,2f,1a,8e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000000 "ujdew"=hex:6d,96,ae,4e,1a,82,ad,69,43,32,ea,b1,2d,44,75,a3,7c,7b,9a,60,78,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000001 "khjeh"=hex:15,95,c4,9b,4e,d4,35,f2,1b,2a,66,3c,6d,8c,43,45,b3,02,8d,5b,d6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,d0,93,9d,05,c1,a3,27,04,48,bb,7d,24,84,b9,53,0a,06,.. "khjeh"=hex:ab,71,c5,89,0c,ca,3c,93,40,70,11,d8,92,4a,b6,45,54,f9,25,c9,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:d0,4f,fd,55,0f,39,6a,29,40,7a,43,43,fe,c6,04,66,8b,b0,2f,1a,8e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000000 "ujdew"=hex:6d,96,ae,4e,1a,82,ad,69,43,32,ea,b1,2d,44,75,a3,7c,7b,9a,60,78,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000001 "khjeh"=hex:15,95,c4,9b,4e,d4,35,f2,1b,2a,66,3c,6d,8c,43,45,b3,02,8d,5b,d6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,d0,93,9d,05,c1,a3,27,04,48,bb,7d,24,84,b9,53,0a,06,.. "khjeh"=hex:ab,71,c5,89,0c,ca,3c,93,40,70,11,d8,92,4a,b6,45,54,f9,25,c9,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:d0,4f,fd,55,0f,39,6a,29,40,7a,43,43,fe,c6,04,66,8b,b0,2f,1a,8e,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:723aff5a "s2"=dword:116f719b "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000000 "ujdew"=hex:65,22,26,2f,a5,29,e1,16,e1,e9,6a,28,6c,2c,c1,24,ed,14,9c,16,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000001 "khjeh"=hex:15,95,c4,9b,4e,d4,35,f2,1b,2a,66,3c,6d,8c,43,45,b3,02,8d,5b,d6,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,d0,93,9d,05,c1,a3,27,04,48,bb,7d,24,84,b9,53,0a,06,.. "khjeh"=hex:ab,71,c5,89,0c,ca,3c,93,40,70,11,d8,92,4a,b6,45,54,f9,25,c9,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:d0,4f,fd,55,0f,39,6a,29,40,7a,43,43,fe,c6,04,66,8b,b0,2f,1a,8e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000000 "ujdew"=hex:65,22,26,2f,a5,29,e1,16,e1,e9,6a,28,6c,2c,c1,24,ed,14,9c,16,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000001 "khjeh"=hex:15,95,c4,9b,4e,d4,35,f2,1b,2a,66,3c,6d,8c,43,45,b3,02,8d,5b,d6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,d0,93,9d,05,c1,a3,27,04,48,bb,7d,24,84,b9,53,0a,06,.. "khjeh"=hex:ab,71,c5,89,0c,ca,3c,93,40,70,11,d8,92,4a,b6,45,54,f9,25,c9,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:d0,4f,fd,55,0f,39,6a,29,40,7a,43,43,fe,c6,04,66,8b,b0,2f,1a,8e,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD2EA2D4-C12B-3611-AB77-6E2EDBF2D4A1}] "iakhgdknpdkmkiigmh"=hex:63,61,6a,64,66,62,00,01 "haghjbgnjmjfjiih"=hex:67,61,70,64,63,64,67,6d,6d,65,6f,6c,61,6e,00,00 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 308 - explorer.exe 524 - VM305_STI.exe 532 - avgnt.exe 640 - WsStat.exe 652 - CFD.exe 728 - atiptaxx.exe 900 - AnyDVD.exe 956 - csrss.exe 996 - winlogon.exe 1072 - mixer.exe 1108 - avguard.exe 1132 - services.exe 1152 - lsass.exe 1324 - svchost.exe 1360 - msnmsgr.exe 1420 - svchost.exe 1464 - ISUSPM.exe 1504 - svchost.exe 1556 - svchost.exe 1740 - svchost.exe 1800 - wcescomm.exe 1820 - ctfmon.exe 1968 - ashServ.exe 2044 - sched.exe 2100 - alg.exe 2148 - kymaquo.exe 2316 - BitComet.exe 2492 - PnkBstrA.exe 2692 - svchost.exe 2816 - cmd.exe 3472 - lanceur.exe 3612 - IEXPLORE.EXE 3644 - WATCH.exe Total number of processes = 34 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7A5C000 - \WINDOWS\system32\KDCOM.DLL F796C000 - \WINDOWS\system32\BOOTVID.dll F7373000 - sptd.sys F7A5E000 - \WINDOWS\System32\Drivers\WMILIB.SYS F735B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F732C000 - ACPI.sys F731B000 - pci.sys F755C000 - ohci1394.sys F756C000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F757C000 - isapnp.sys F7A60000 - viaide.sys F77DC000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F758C000 - MountMgr.sys F72FC000 - ftdisk.sys F7A62000 - dmload.sys F72D6000 - dmio.sys F77E4000 - PartMgr.sys F759C000 - VolSnap.sys F72BE000 - atapi.sys F72A7000 - viamraid.sys F7280000 - fasttx2k.sys F7259000 - aftx2k.sys F75AC000 - disk.sys F75BC000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7239000 - fltMgr.sys F7227000 - sr.sys F75CC000 - PxHelp20.sys F7210000 - KSecDD.sys F7183000 - Ntfs.sys F7156000 - NDIS.sys F7A64000 - speedfan.sys F713B000 - Mup.sys F7B24000 - giveio.sys F75DC000 - gagp30kx.sys F6A34000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F6A20000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F779C000 - \SystemRoot\system32\DRIVERS\nic1394.sys F69F5000 - \SystemRoot\system32\DRIVERS\yukonwxp.sys F6998000 - \SystemRoot\system32\drivers\cmaudio.sys F6974000 - \SystemRoot\system32\drivers\portcls.sys F77AC000 - \SystemRoot\system32\drivers\drmk.sys F6951000 - \SystemRoot\system32\drivers\ks.sys F786C000 - \SystemRoot\System32\Drivers\ULCDRHlp.sys F7A92000 - \SystemRoot\System32\Drivers\ElbyDelay.sys F693B000 - \SystemRoot\System32\Drivers\AnyDVD.sys F7874000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys F77BC000 - \SystemRoot\system32\DRIVERS\cdrom.sys F77CC000 - \SystemRoot\system32\DRIVERS\redbook.sys F787C000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F760C000 - \SystemRoot\system32\DRIVERS\imapi.sys F7884000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F6918000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F788C000 - \SystemRoot\system32\DRIVERS\usbehci.sys F761C000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7894000 - \SystemRoot\system32\DRIVERS\mouclass.sys F789C000 - \SystemRoot\system32\DRIVERS\fdc.sys F6904000 - \SystemRoot\system32\DRIVERS\parport.sys F68F3000 - \SystemRoot\system32\DRIVERS\serial.sys F6D0C000 - \SystemRoot\system32\DRIVERS\serenum.sys F68A9000 - \SystemRoot\System32\Drivers\aj7b6p67.SYS F6843000 - \SystemRoot\System32\Drivers\aytmxpqj.SYS F762C000 - \SystemRoot\system32\DRIVERS\processr.sys F7B40000 - \SystemRoot\system32\DRIVERS\audstub.sys F763C000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F70F7000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F682C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F764C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F765C000 - \SystemRoot\system32\DRIVERS\raspptp.sys F795C000 - \SystemRoot\system32\DRIVERS\TDI.SYS F681B000 - \SystemRoot\system32\DRIVERS\psched.sys F766C000 - \SystemRoot\system32\DRIVERS\msgpc.sys F780C000 - \SystemRoot\system32\DRIVERS\ptilink.sys F781C000 - \SystemRoot\system32\DRIVERS\raspti.sys F67EA000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F767C000 - \SystemRoot\system32\DRIVERS\termdd.sys F7814000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7AA2000 - \SystemRoot\system32\DRIVERS\swenum.sys F67B6000 - \SystemRoot\system32\DRIVERS\update.sys F70DB000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F774C000 - \SystemRoot\System32\Drivers\NDProxy.SYS F7A3C000 - \SystemRoot\system32\DRIVERS\gameenum.sys A473C000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7AFA000 - \SystemRoot\system32\DRIVERS\USBD.SYS F78AC000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F7A7A000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C75000 - \SystemRoot\System32\Drivers\Null.SYS F7A7C000 - \SystemRoot\System32\Drivers\Beep.SYS F7C6F000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F78EC000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F790C000 - \SystemRoot\System32\drivers\vga.sys F7A80000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7A82000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7924000 - \SystemRoot\System32\Drivers\Msfs.SYS F78F4000 - \SystemRoot\System32\Drivers\Npfs.SYS F710F000 - \SystemRoot\system32\DRIVERS\rasacd.sys 9F950000 - \SystemRoot\system32\DRIVERS\ipsec.sys 9F8F8000 - \SystemRoot\system32\DRIVERS\tcpip.sys F76DC000 - \SystemRoot\System32\Drivers\aswTdi.SYS 9F8D0000 - \SystemRoot\system32\DRIVERS\netbt.sys 9F86D000 - \SystemRoot\System32\drivers\afd.sys F76FC000 - \SystemRoot\system32\DRIVERS\netbios.sys F793C000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys 9F842000 - \SystemRoot\system32\DRIVERS\rdbss.sys F7C7B000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS 9F7D3000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F76EC000 - \SystemRoot\System32\Drivers\Fips.SYS 9F711000 - \SystemRoot\system32\DRIVERS\ipnat.sys F777C000 - \SystemRoot\system32\DRIVERS\wanarp.sys F770C000 - \SystemRoot\system32\DRIVERS\arp1394.sys F785C000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys 9F338000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7ABA000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys F7C8A000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F7844000 - \SystemRoot\System32\Drivers\Aavmker4.SYS 9F6E9000 - \SystemRoot\system32\DRIVERS\hidusb.sys F769C000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS A478C000 - \SystemRoot\System32\Drivers\Cdfs.SYS 9FE80000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F70CF000 - \SystemRoot\system32\DRIVERS\UCTblHid.sys F78A4000 - \SystemRoot\system32\DRIVERS\TClass2k.sys F6D04000 - \SystemRoot\system32\DRIVERS\mouhid.sys 9FE78000 - \SystemRoot\System32\Drivers\dump_diskdump.sys 9F321000 - \SystemRoot\System32\Drivers\dump_viamraid.sys BF800000 - \SystemRoot\System32\win32k.sys A0FCA000 - \SystemRoot\System32\drivers\Dxapi.sys A4A3E000 - \SystemRoot\System32\watchdog.sys BF9C2000 - \SystemRoot\System32\drivers\dxg.sys F7B69000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D4000 - \SystemRoot\System32\ati2dvag.dll BFA0A000 - \SystemRoot\System32\ati2cqag.dll BFA42000 - \SystemRoot\System32\ati3duag.dll BFC10000 - \SystemRoot\System32\ativvaxx.dll 9F709000 - \SystemRoot\system32\DRIVERS\ndisuio.sys 9F243000 - \SystemRoot\System32\Drivers\aswMon2.SYS 9EFD6000 - \SystemRoot\system32\drivers\wdmaud.sys A1456000 - \SystemRoot\system32\drivers\sysaudio.sys 9EF9F000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys 9ED41000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F7A78000 - \SystemRoot\System32\Drivers\ParVdm.SYS 9ECDD000 - \SystemRoot\System32\drivers\aspi32.sys 9E9AA000 - \SystemRoot\system32\DRIVERS\secdrv.sys 9E930000 - \SystemRoot\system32\DRIVERS\srv.sys 9E880000 - \SystemRoot\System32\drivers\SFC4.sys 9F281000 - \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS 9E8E0000 - \SystemRoot\System32\Drivers\aswRdr.SYS 9E62F000 - \SystemRoot\System32\Drivers\HTTP.sys 9DB11000 - \SystemRoot\system32\drivers\kmixer.sys F7B5A000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 150 Liste des programmes installes 3D Object Converter for Windows 4.0 3DRT - Dark forest mansion - High Screen Saver 3DRT - Fighters Flight screen saver 3DRT - Virtual City screen saver 7-Zip 4.55 beta ABBYY FineReader 6.0 Sprint AccuTrans 3D Ad-Aware SE Professional Adobe Common File Installer Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Photoshop CS2 Adobe Reader 8.1.2 - Français Adobe Shockwave Player Adobe Shockwave Player adsl TV AGEIA PhysX v7.09.13 AKVIS Retoucher Plugin AmazingMIDI AnyDVD Apple Software Update Applian FLV Player Archiveur WinRAR ArcSoft PhotoImpression 5 ArtRage 2 Starter Edition Assistant de connexion Windows Live ATI - Utilitaire de désinstallation du logiciel ATI Control Panel ATI Display Driver ATI HydraVision Audacity 1.2.6 Avanquest update Avira AntiVir Personal – Free Antivirus AviSynth 2.5 Azureus Vuze BitComet 0.87 BroadJump Client Foundation Call of Duty® 2 Call of Duty® 2 Call of Duty® 2 Patch 1.3 Camera RAW Plug-In for EPSON Creativity Suite CamStudio CamStudio Carrara 5 Pro Client Windows Rights Management avec Service Pack 2 CloneCD CloneDVD2 Coloriage Configurateur Modem CrazyTalk for Skype CrazyTalk Media Studio v4.5 Retail Cult3D Designer 5.3 Cult3D Exporter for 3D Studio Max Diaporama version 3.0.0.1 DiRT Demo DivX DivX 5.0.2 Pro Bundle DivX Content Uploader DivX Converter DivX Web Player DivXG400 Docteur Club Internet DRIV3R Drivers Démotride 2.1 Désinstallation du Lecteur Neuf VOD DVD Decrypter (Remove Only) eDrawings 2008 eMule EPSON Attach To Email EPSON Attach To Email EPSON Copy Utility 3 EPSON Easy Photo Print EPSON File Manager EPSON Logiciel imprimante EPSON Scan EPSON Scan Assistant EPSON Web-To-Page ESDX6000_CX5900 Guide util. Favorit Firefox Windows Media Player XPI Flatbed Scanner v1.40 Freecorder Toolbar 3.0 Application Galerie de photos Windows Live GigaTribe 2.44 Google Earth Google SketchUp Google SketchUp 6 Google SketchUp 6 Google Video Uploader Guitar Pro 5.0 HERCULES® MediaStation II Hexagon Hexagon Hexagon HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB909394) iTunes iViVo IVIVO media player 1.6.0e Java 6 Update 5 Java SE Runtime Environment 6 Lame ACM MP3 Codec Lanceur Club Internet v6 Language pack for Ad-Aware SE Les départements français LMSOFT Web Creator Pro 4 Marvell Miniport Driver Messenger Plus! Live MeuhMeuhTV Alpha 3.0.0.32 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft ActiveSync Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Windows Media Video 9 VCM MIKSOFT Mobile 3GP converter mIRC Mise à jour de logiciel pour les Dossiers Web Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour pour Windows XP (KB930916) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Moment of Inspiration 1.0 trial Morgan Stream Switcher Motorola Driver Installation Motorola Phone Tools Motorola Software Update Mozilla Firefox (2.0.0.14) Mozilla Sunbird (0.7) Mozilla Thunderbird (2.0.0.14) MSXML 4.0 SP2 (KB927978) MSXML 6.0 Parser (KB927977) Mumble and Murmur Navilog1 3.5.7 NDS GBM GBA Movie Player Converter Crystal Ver1.22 Nero 7 Ultra Edition nLite 1.4 RC2 OCCT Perestroika 2.0.0a Omni-Bot ET 0.66 STABLE OpenAL PartitionMagic PCI Audio Driver Pcsx2 0.9.4 Watermoose Photomatix Pro version 2.5.4 Polaroid Digital Cam PowerDVD PowerQuest PartitionMagic 8.0 ProgDVB ProgDVB Elecard edition Python 2.5.1 Qtracker QuickTime Real Alternative 1.52 Realtek AC'97 Audio Replay Media Catcher Ri4m v5.0.1d SC Ver 2.65 Service Photos Club Internet SimCity 4 Skype™ 3.6 SpeedFan (remove only) Spybot - Search & Destroy SWAT 4 SWAT 4 Texture Maker 3.1 The Font Thing TmNationsForever Trials 2 TuneUp Utilities 2006 UDPixel_fr.exe Ulead GIF Animator 5 Evaluation UltraISO V7.25 ME Unlocker 1.8.5 Urban Terror 4.1 USB Storage Driver VD Codec Pack 3.4 VeohTV BETA VeohTV BETA ViaMichelin Navigation X-930 ViaMichelin Navigation X-930 VideoLAN VLC media player 0.8.6b VIMICRO USB PC Camera V Virtools 3D Life Player Virtua Tennis 3 Virtual DJ - Atomix Productions VirtualDub 1.6.9 Fr Vue 6 xStream 32bit WebFldrs XP Windows Imaging Component Windows Live installer Windows Live Messenger Windows Live Writer WinFast DTV Wings 3D 0.98.34 Wings Over Europe WinPcap 4.0 WM Recorder 12.0 Wolfenstein - Enemy Territory XML Paper Specification Shared Components Pack 1.0 Xvid 1.1.3 final uninstall ZBrush3 Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\Program Files 05/06/2008 17:24 <REP> . 05/06/2008 17:24 <REP> .. 12/09/2007 12:08 <REP> 3D Object Converter 4.0 26/09/2007 12:44 <REP> 7-Zip 14/04/2008 20:17 <REP> ABBYY FineReader 6.0 Sprint 04/01/2008 21:31 <REP> Activision 19/02/2008 20:12 <REP> Adobe 09/05/2008 11:36 <REP> adslTV 10/01/2008 18:12 <REP> AGEIA Technologies 27/04/2008 08:34 <REP> AKVIS 29/05/2007 08:08 <REP> Alcohol Soft 23/05/2007 16:57 <REP> Alwil Software 31/05/2008 11:23 <REP> AmazingMIDI 29/03/2008 16:35 <REP> Ambient Design 24/10/2007 10:39 <REP> AngelCode 05/06/2008 15:48 <REP> AntiVir PersonalEdition Classic 10/11/2007 19:20 <REP> Apple Software Update 24/05/2007 18:09 <REP> ArcSoft 04/07/2007 10:42 <REP> Artefacts Studio 09/06/2007 17:13 <REP> ASUS 01/05/2008 20:31 <REP> Atari 15/06/2007 10:01 <REP> ATI Technologies 14/12/2007 15:06 <REP> Audacity 18/01/2008 13:37 <REP> Avanquest update 20/02/2008 19:27 <REP> AviSynth 2.5 16/04/2008 09:05 <REP> Azureus 05/06/2007 20:42 <REP> BitComet 23/07/2007 00:36 <REP> BitComet Acceleration Patch 01/06/2007 20:18 <REP> bobyte 04/09/2007 17:55 <REP> BroadJump 18/01/2008 13:37 <REP> CamStudio 21/12/2007 14:30 <REP> Cedelia 04/09/2007 17:55 <REP> Club-Internet 23/04/2008 18:35 <REP> CNRC 09/06/2007 19:25 <REP> Codemasters 19/09/2007 08:54 <REP> Common Files 09/06/2007 19:22 <REP> ComPlus Applications 12/09/2007 12:06 <REP> Crossroads 25/04/2008 13:05 1 306 Cult3DExporterUninstall.log 23/05/2007 17:01 <REP> CyberLink 25/04/2008 12:54 <REP> Cycore 09/06/2007 20:13 <REP> DAEMON Tools 04/03/2008 20:27 <REP> devnz 20/02/2008 19:16 <REP> DivX 22/05/2008 09:54 <REP> DVD Decrypter 18/01/2008 13:37 <REP> DVDx 05/06/2007 20:41 <REP> Elaborate Bytes 30/03/2008 14:09 <REP> Elecard 03/06/2008 19:46 <REP> eMule 12/06/2007 11:00 <REP> e-on software 19/07/2007 09:15 <REP> eoRezo 26/06/2007 12:18 <REP> Eovia 17/04/2008 08:56 <REP> epson 24/01/2008 09:04 <REP> Far Cry 18/04/2008 11:06 <REP> Fichiers communs 23/11/2007 14:25 <REP> Fisher 20/07/2007 11:48 <REP> Flatbed Scanner 14/12/2007 14:41 <REP> FLV Player 14/12/2007 14:42 2 293 848 FLV PlayerFCSetup.exe 14/12/2007 14:42 3 928 264 FLV PlayerRCATSetup.exe 14/12/2007 14:41 411 248 FLV PlayerRCSetup.exe 14/12/2007 14:43 <REP> Freecorder Toolbar 24/04/2008 12:10 <REP> Gaia Dream Creation 03/06/2008 17:09 <REP> GENIUS TABLET 14/03/2008 13:23 <REP> GEOGRAPHIE 10/02/2008 17:57 <REP> GigaTribe 13/04/2008 21:56 <REP> Google 12/07/2007 12:03 <REP> Google Video 05/08/2007 09:47 <REP> Grisoft 10/01/2008 21:45 <REP> Guitar Pro 5 09/06/2007 19:21 <REP> HashCalc 11/01/2008 18:44 <REP> Hercules 24/04/2008 19:03 <REP> Holomatix 23/05/2007 16:39 <REP> Internet Explorer 24/06/2007 01:57 <REP> iPod 24/06/2007 01:57 <REP> iTunes 09/08/2007 11:14 <REP> IVCsoft 10/07/2007 13:58 <REP> iViVo 09/06/2007 19:21 <REP> IZArc 18/04/2008 13:33 <REP> Java 23/05/2007 16:37 <REP> JEUX 28/06/2007 23:49 <REP> KONAMI 03/06/2008 19:32 <REP> Lavasoft 03/06/2008 17:09 <REP> MagicISO 07/05/2008 16:17 <REP> MakeHuman 07/05/2008 08:21 <REP> MakeHuman 0.9.1 RC1 08/08/2007 18:06 <REP> Map24 24/05/2007 14:45 <REP> Marvell 15/09/2007 17:17 <REP> Maxis 30/05/2007 11:27 <REP> MAXON 31/07/2007 08:21 <REP> Media Player Classic 28/03/2008 08:35 <REP> Messenger Plus! Live 21/03/2008 11:07 <REP> Metin2_France 27/04/2008 08:40 <REP> MeuhMeuhTV Alpha 06/11/2007 11:21 <REP> Micro Application 12/09/2007 12:19 <REP> MicroMouse Productions 29/05/2007 12:31 <REP> Microsoft ActiveSync 09/06/2007 19:22 <REP> microsoft frontpage 24/05/2007 17:59 <REP> Microsoft Office 16/03/2008 11:37 <REP> Microsoft SQL Server Compact Edition 24/05/2007 17:59 <REP> Microsoft Visual Studio 09/06/2007 19:22 <REP> Microsoft Visual Studio 8 24/05/2007 17:59 <REP> Microsoft Works 24/05/2007 17:58 <REP> Microsoft.NET 22/09/2007 12:09 <REP> MIKSOFT 14/04/2008 10:41 <REP> Mindscape 17/04/2008 10:42 <REP> mIRC 30/03/2008 15:26 <REP> MoI 1.0 trial 20/02/2008 19:16 <REP> Morgan 07/09/2007 12:46 <REP> Motive 27/05/2007 22:30 <REP> Motorola 24/01/2008 09:04 <REP> Motorola Phone Tools 23/05/2007 16:14 <REP> Movie Maker 03/06/2008 17:09 <REP> Movie Player 05/06/2008 17:09 <REP> Mozilla Firefox 03/06/2008 17:09 <REP> Mozilla Sunbird 05/06/2008 16:00 <REP> Mozilla Thunderbird 24/05/2007 17:59 <REP> MSBuild 23/05/2007 16:13 <REP> MSN Gaming Zone 28/03/2008 08:35 <REP> MSN Messenger 09/06/2007 19:22 <REP> MSXML 4.0 03/06/2008 09:36 <REP> Mumble 22/11/2007 16:49 <REP> Napoleon's Campaigns Demo 05/06/2008 17:27 <REP> Navilog1 23/05/2007 17:18 <REP> Nero 23/05/2007 16:14 <REP> NetMeeting 23/08/2007 10:12 <REP> neuf_VOD 09/06/2007 19:24 <REP> NimoCodec Pack 24/10/2007 14:05 <REP> nLite 06/05/2008 16:57 <REP> OCCT 28/05/2008 07:40 <REP> Octoshape Streaming Services 11/11/2007 21:44 <REP> OGUTeam 12/04/2008 12:11 <REP> Omni-Bot 02/01/2008 22:07 <REP> OpenAL 23/05/2007 16:14 <REP> Outlook Express 22/05/2008 12:53 <REP> Pcsx2_0.9.4 14/03/2008 17:00 <REP> Photomatix 28/08/2007 21:01 <REP> Pinnacle 19/05/2008 12:56 <REP> Pixologic 25/04/2008 13:04 <REP> Plugins 12/07/2007 09:55 <REP> PokerStars 24/05/2007 14:38 <REP> PowerQuest 04/03/2008 20:12 <REP> ProgDVB 31/01/2008 14:07 <REP> Qtracker 22/06/2007 16:19 <REP> QuickTime 14/12/2007 14:45 <REP> RadioXpi 31/07/2007 08:21 <REP> Real Alternative 31/01/2008 12:11 <REP> Reallusion 04/01/2008 17:44 <REP> ReminderCube2 14/12/2007 14:42 <REP> Replay Media Catcher 24/04/2008 18:41 <REP> rFactor MP Test 20/02/2008 20:33 <REP> Ripp-it_AM 24/10/2007 10:41 <REP> Sausage 30/04/2008 09:29 <REP> SC 30/04/2008 10:08 <REP> SC2.65 15/07/2007 16:31 <REP> Sega 27/03/2008 16:37 <REP> Sierra 07/03/2008 13:02 <REP> Skype 14/06/2007 08:11 <REP> SlySoft 03/01/2008 20:46 <REP> Smart Organizer 18/08/2007 17:27 <REP> SoftChris 19/04/2008 10:43 <REP> SopCast 23/05/2008 09:54 <REP> SpeedFan 04/06/2008 15:15 <REP> Spybot - Search & Destroy 09/06/2007 19:20 <REP> Steam 03/06/2008 13:40 <REP> Texture Maker 24/10/2007 10:37 <REP> Texture Processor 10/01/2008 18:07 <REP> THQ 24/04/2008 19:13 <REP> TmNationsForever 18/01/2008 13:37 <REP> Trials 2 10/02/2008 17:57 <REP> TribalWeb 19/06/2007 14:19 <REP> TuneUp Utilities 2006 09/06/2007 15:53 <REP> Ubisoft 21/12/2007 09:05 <REP> UDPixel 21/12/2007 17:51 <REP> Ulead Systems 09/06/2007 19:25 <REP> UltraISO 04/03/2008 17:17 1 377 uninstall.dat 05/03/2008 12:51 <REP> Unlocker 31/03/2008 12:47 <REP> UrbanTerror 23/05/2007 16:37 <REP> UTILS 23/05/2007 17:01 <REP> VDCodecPack3.4 06/03/2008 15:23 <REP> Veoh Networks 27/08/2007 16:42 <REP> ViaMichelin 23/05/2007 17:00 <REP> VideoLAN 29/02/2008 17:50 <REP> Vimicro 18/04/2008 10:42 <REP> Virtools 11/01/2008 19:59 <REP> VirtualDJ 26/09/2007 11:30 <REP> VirtualDub 27/05/2008 07:37 <REP> Vstep 09/06/2007 19:22 <REP> Winamp 18/07/2007 14:13 <REP> WinAVI MP4 Converter 16/03/2008 11:39 <REP> Windows Live 23/05/2007 16:46 <REP> Windows Media Connect 2 12/07/2007 09:56 <REP> Windows Media Player 23/05/2007 16:13 <REP> Windows NT 29/08/2007 13:36 <REP> WinFast 20/12/2007 20:18 <REP> Wings Over Europe 12/09/2007 12:59 <REP> wings3d_0.98.34 09/06/2007 19:21 <REP> WinISO 08/11/2007 20:30 <REP> WinPcap 09/06/2007 19:21 <REP> WinRAR 08/11/2007 20:30 <REP> WMR11 23/05/2007 16:47 <REP> WMV9_VCM 03/06/2008 17:09 <REP> Wolfenstein - Enemy Territory 23/05/2007 16:37 <REP> WSTARTUP 09/06/2007 19:22 <REP> xerox 24/01/2008 10:17 <REP> XviD 5 fichier(s) 6 636 043 octets 202 Rép(s) 22 556 954 624 octets libres Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\Program Files\fichiers communs 18/04/2008 11:06 <REP> . 18/04/2008 11:06 <REP> .. 19/02/2008 20:13 <REP> Adobe 19/06/2007 14:36 <REP> Ahead 24/05/2007 17:59 <REP> DESIGNER 18/04/2008 11:06 <REP> eDrawings2008 30/03/2008 14:09 <REP> Elecard 31/01/2008 12:11 <REP> InstallShield 23/05/2007 16:48 <REP> Java 16/03/2008 11:36 <REP> Microsoft Shared 09/06/2007 19:22 <REP> Motive 27/05/2007 22:30 <REP> Motorola Shared 23/05/2007 16:14 <REP> MSSoap 09/06/2007 19:22 <REP> ODBC 10/07/2007 19:50 <REP> Reallusion 23/05/2007 16:14 <REP> Services 31/01/2008 12:02 <REP> Skype 18/04/2008 11:06 <REP> SolidWorks Shared 23/05/2007 17:50 <REP> SpeechEngines 23/05/2007 17:06 <REP> System 28/08/2007 19:56 <REP> Ulead Systems 04/06/2008 15:16 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 22 Rép(s) 22 556 958 720 octets libres Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24/05/2007 18:03 <REP> . 24/05/2007 18:03 <REP> .. 23/05/2007 17:06 <REP> 1033 24/05/2007 18:03 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 17/09/2004 14:43 80 448 pkmws.dll 5 fichier(s) 1 341 202 octets 4 Rép(s) 22 556 950 528 octets libres Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\Program Files\common files 19/09/2007 08:54 <REP> . 19/09/2007 08:54 <REP> .. 04/09/2007 17:55 <REP> Motive 19/09/2007 08:54 <REP> Motorola Shared 0 fichier(s) 0 octets 4 Rép(s) 22 556 950 528 octets libres Le volume dans le lecteur C s'appelle Windows Le numéro de série du volume est 1002-A9CD Répertoire de C:\ c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.2.0.35\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\RLLauncher.exe c:\Documents and Settings\Bureau\.housecall6.6\patch.exe c:\Documents and Settings\Bureau\.housecall6.6\TSC.exe c:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{398FC5ED-BE8F-41C5-8E52-CD3DEAB4F78A}\_6FEFF9B68218417F98F549.exe c:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ARPPRODUCTICON.exe c:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\UNINST_Uninstall_Z_6084D03834014C9DA21686E6EEA25AFB.exe c:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\UNINST_Uninstall_Z_9FB06B5081B842C4B398D85CD33F7F86.exe c:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe_6084D03834014C9DA21686E6EEA25AFB.exe c:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe1_6084D03834014C9DA21686E6EEA25AFB.exe c:\Documents and Settings\Bureau\Application Data\Thinstall\[sANDBOX]Boujou.v4.0.1\400000182700002i\boujou.exe c:\Documents and Settings\Bureau\Bureau\antibadtrans.exe c:\Documents and Settings\Bureau\Bureau\Antibugbear-en.exe c:\Documents and Settings\Bureau\Bureau\AntiBugbear-fr.exe c:\Documents and Settings\Bureau\Bureau\Azureus_3.0.3.4_windows.exe c:\Documents and Settings\Bureau\Bureau\Boujou.v4.0.1.exe c:\Documents and Settings\Bureau\Bureau\HiJackThis.exe c:\Documents and Settings\Bureau\Bureau\HJTsetup.exe c:\Documents and Settings\Bureau\Bureau\InstallMMTV_32.exe c:\Documents and Settings\Bureau\Bureau\lanceur_telechargeable_xp.exe c:\Documents and Settings\Bureau\Bureau\Lavasoft_Adaware_multi.exe c:\Documents and Settings\Bureau\Bureau\ManageEngine_EventLogAnalyzer.exe c:\Documents and Settings\Bureau\Bureau\moi_v1_trial_setup.exe c:\Documents and Settings\Bureau\Bureau\Navilog1.exe c:\Documents and Settings\Bureau\Bureau\Pcsx2_0.9.4_Setup.exe c:\Documents and Settings\Bureau\Bureau\PinnacleTVCenterProSetup4.9.2.exe c:\Documents and Settings\Bureau\Bureau\q3map2toolz_setup.exe c:\Documents and Settings\Bureau\Bureau\sdsetup.exe c:\Documents and Settings\Bureau\Bureau\spybotsd152.exe c:\Documents and Settings\Bureau\Bureau\trials2.exe c:\Documents and Settings\Bureau\Bureau\vlc.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Bureau\Bureau\DiagHelp\tar.exe c:\Documents and Settings\Bureau\Bureau\Metin 2 install\Metin2_20080206.exe c:\Documents and Settings\Bureau\Bureau\PIlotes Portables\f6flpy32.exe c:\Documents and Settings\Bureau\Bureau\PIlotes Portables\Disk1\setup.exe c:\Documents and Settings\Bureau\Bureau\Q3UT4BUILD\ListenServer.exe c:\Documents and Settings\Bureau\Bureau\Q3UT4BUILD\q3map2.exe c:\Documents and Settings\Bureau\Bureau\Q3UT4BUILD\q3map2build.exe c:\Documents and Settings\Bureau\Bureau\STATS UT4\SOTbeta09.exe c:\Documents and Settings\Bureau\Local Settings\Application Data\kymaquo.exe c:\Documents and Settings\Bureau\Local Settings\Temp\~nsu.tmp\Au_.exe c:\Documents and Settings\Bureau\Local Settings\Temporary Internet Files\Content.IE5\PEEBQ1MF\Navilog1[1].exe c:\Documents and Settings\Bureau\Mes documents\Downloads\RCSetup.exe c:\Documents and Settings\Bureau\Mes documents\Mes réceptions TribalWeb\Zonega\Guitar Pro full 5.0 with RMS.exe c:\Documents and Settings\Bureau\Mes documents\Mes vidéos\Veo\VeohSetup-3.9.1.1165.exe c:\Documents and Settings\Bureau\Mes documents\Mes vidéos\Veo\AppBackup\BsSndRpt.exe c:\Documents and Settings\Bureau\Mes documents\Mes vidéos\Veo\AppBackup\VeohClient.exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NHPNZ70E\iTunesSetupAdmin[1].exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\Bureau\Application Data\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\_setup.dll c:\Documents and Settings\Bureau\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\t3q7ud5d.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll c:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\t3q7ud5d.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\npmozax.dll c:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\t3q7ud5d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\t3q7ud5d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_COCCI.tar.gz a l'adresse http://upload.malekal.com

Très interessant !!! Je lance la procédure ! (en attendant bonne pause !)