bapor

Bonjour. Problème réglé, c'était winamp qui faisait ça.

--- 23 avril 2015 à 02h02 --- Bonjour, à chaque démarrage de mon ordinateur j'entends des clics à une fréquence irrégulière qui sortent de mes haut parleurs (le même bruit que celui qu'on entend lorsqu'on voyage dans les disques durs). Rien ne charge à part ça, je n'ai à priori pas de ralentissement mais c'est suspect. Comment régler ce problème ? Merci. --- 23 avril 2015 à 16h11 --- up --- 23 avril 2015 à 23h39 --- up -édit- Dans cette section, il ne faut pas insérer de « up » dans ton sujet : au vu de la présence d'une « réponse », les helpers ne s'y intéresseront pas, croyant le problème pris en mains par l'un des leurs. Tu peux en revanche poster un petit rappel dans le sujet « On m'a oublié ! », épinglé en tête de la section et prévu à cet effet…

Hi. Pas d'internet pendant cette période. Non rien à changé. je n'ai aucun son sauf ceux de msn et windows. J'ai fait comme tu avais demandé mais je n'ai jamais eu de message de combofix me demande d'installer la console. Oui mais en bootant sur le cd je n'ai pas de console. Good night.

Hi. Je passe en coup de vent également. Je ne peux plus lire les wave non plus comme si je n'avais plus de carte son en fait. Winamp, wmp, vlc etc... La procedure CHKDSK ne fonctionne pas car je n'ai pas de console de récupération au demarrage.

Hi. Tous les sons : musique, video, jeux etc... sauf les sons windows dont msn donc. J'ai a peine eu le temps de le faire mais j'ai rien vu. Je reessayerais. Non je n'ai pas eu le temps, je le ferais quand je pourrais. Surement demain (taf). Monte par moi meme. Alors je pense avoir ete suffisamment poli pour ne pas avoir ce genre de phrase dans la tronche. On est sur un topic, je vais pas dire bonjour a tous les messages sur un forum puisqu'on suit un fil de discussion malgre que je l'ai fait pas mal de fois. Si tu veux dans le meme genre on peut se vouvoyer. Ce qui ete mon cas le jour ou j'ai poste en plus d'avoir eu beaucoup de travail mais j'ai pris quand meme la peine de laisser un message en mettant ce que je pouvais sur le moment.

--> Est-ce à cette heure-là exactement que tu as perdu le son ? Non --> Est-ce à cette heure-là exactement que tu as perdu le son ? Site de creative --> Quelle est précisément la version du pilote et le modèle exact de ta carte / de ton controleur "son" ? Pilote 5.12.6.1187, Sound blaster X-fI Xtreme Gamer Fatal1ty Pro, Version 2.20.65 --> Depuis quelle manipulation / quelle installation rencontres-tu ce souci ? Aucune idee --> Donc, après 5 minutes, sans utiliser le PC, le son disparait ? As-tu essayé d'autres lecteurs ? Est-ce en jouant ? J'ai essayé d'autres lecteurs, seul les sons windows et msn restent present. Ce n'est pas en jouant. --> As-tu pu tester le matériel ? Est-il stable ? L'intérieur de la tour est-il propre ? Oui --> As-tu regardé quel processus se lançait ou s'arrêtait après 5 minutes dans le Gestionnaire des tâches ? Non

Hi. --> Que fais-tu pendant ces 5 minutes ? Quels programmes utilises-tu ? Rien du tout, je viens de redemarrer l'ordi et j'ai rien touche. La derniere erreur est a 00h15 : Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 8001010D à partir de la ligne 62 de f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services du Support Technique Microsoft pour signaler cette erreur. Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft.com/fwlink/events.asp.

Hi. C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\content-prefs.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cookies.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\downloads.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\flashgot.log L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\formhistory.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\permissions.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite-journal L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\MSHist012008120520081206\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\etilqs_J9RQsTVvZK3R4VBkdPEh L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\tic20.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\ticE.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\hsperfdata_BaPoR\2932 L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\~DFA819.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP2\A0003048.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP2\A0003056.sys Infecté : Trojan.Win32.Agent.arzd ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003135.sys Infecté : Trojan.Win32.Agent.asao ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré C:\WINDOWS.0\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS.0\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS.0\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\Temp\Perflib_Perfdata_b64.dat L'objet est verrouillé ignoré C:\WINDOWS.0\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS.0\wiaservc.log L'objet est verrouillé ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\emulateur\Amstrad\Update.exe Infecté : Trojan-Downloader.Win32.Delf.kek ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Jeux\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\mIRC\mirc.exe Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\RealVNC\WinVNC\othread2.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\RealVNC\WinVNC\winvnc.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\UZC\UZC.EXE Infecté : not-a-virus:PSWTool.Win32.ZipCrack.c ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003136.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003137.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003379.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003383.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003386.sys Infecté : Trojan.Win32.Agent.asao ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003622.exe Infecté : Trojan-Dropper.Win32.KGen.di ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005883.exe Infecté : HackTool.Win32.Sniffer.Agent.b ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0012986.exe Infecté : Trojan.Win32.Slefdel.bwx ignoré G:\Logiciel\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\Logiciel\mIRC\logs\status.QuakeNet.log L'objet est verrouillé ignoré G:\Logiciel\Mozilla Firefox\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005884.exe Infecté : not-a-virus:PSWTool.Win32.PassView.bj ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005885.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.dp ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005887.exe Infecté : not-a-virus:PSWTool.Win32.NetPass.q ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005890.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.an ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005891.exe Infecté : not-a-virus:PSWTool.Win32.Asterisk.a ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014910.exe Infecté : Trojan-Downloader.Win32.Delf.kek ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014911.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014912.exe Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014913.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014915.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014916.EXE Infecté : not-a-virus:PSWTool.Win32.ZipCrack.c ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014958.exe/data0004 Infecté : not-a-virus:RiskTool.Win32.FWDisabler.a ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014958.exe NSIS: infecté - 1 ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe/file10 Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe Inno: infecté - 1 ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe Inno: infecté - 2 ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar RAR: infecté - 3 ignoré Analyse terminée. il me reste ca apres un scan fait hier. Pour le son j'ai deja fait tout reinstalle. Le son est present au debut, mais comme j'ai dit au bout de 5 mns quelque chose charge et ma barre en bas se "deskin" et se "reskin". Suite a ca je perds le son (que je dois remettre dans les services en faisant arreter/demarrer.

========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== G:\emulateur\Amstrad\Update.exe moved successfully. G:\Jeux\DAEMON Tools\SetupDTSB.exe moved successfully. G:\Logiciel\mIRC\mirc.exe moved successfully. DllUnregisterServer procedure not found in G:\Logiciel\RealVNC\WinVNC\othread2.dll G:\Logiciel\RealVNC\WinVNC\othread2.dll NOT unregistered. G:\Logiciel\RealVNC\WinVNC\othread2.dll moved successfully. G:\Logiciel\RealVNC\WinVNC moved successfully. G:\Logiciel\UZC moved successfully. G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003622.exe moved successfully. G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005883.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003136.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003137.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003379.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003383.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003386.sys moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0012986.exe moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\etilqs_FOLLFoJSaRffcRusp7iQ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mpl45.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DF27D7.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS.0\temp\Perflib_Perfdata_bcc.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12042008_234319 Files moved on Reboot... File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\etilqs_FOLLFoJSaRffcRusp7iQ not found! File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mpl45.tmp not found! C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DF27D7.tmp moved successfully. File C:\WINDOWS.0\temp\Perflib_Perfdata_bcc.dat not found! C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\XUL.mfl moved successfully. Je vais faire un autre scan. Oui mon ra3 est officiel, je ne joue que online. Bonne nuit.

Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\content-prefs.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cookies.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\downloads.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\flashgot.log L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\formhistory.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\permissions.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite-journal L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\MSHist012008120420081205\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\etilqs_H1hbMg4JUFPUSLbrz7mq L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\tic1C.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\tic1D.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\mpl9.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\mplA.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\~DFB3B6.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP2\A0003056.sys L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003135.sys L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003136.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003137.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003379.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003383.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003386.sys Infecté : Trojan.Win32.Agent.asao ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0012986.exe Infecté : Trojan.Win32.Slefdel.bwx ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré C:\WINDOWS.0\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS.0\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS.0\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\Temp\Perflib_Perfdata_8a8.dat L'objet est verrouillé ignoré C:\WINDOWS.0\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS.0\wiaservc.log L'objet est verrouillé ignoré G:\emulateur\Amstrad\Update.exe Infecté : Trojan-Downloader.Win32.Delf.kek ignoré G:\Jeux\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\Logiciel\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\Logiciel\mIRC\mirc.exe Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré G:\Logiciel\Mozilla Firefox\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré G:\Logiciel\RealVNC\WinVNC\othread2.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\Logiciel\RealVNC\WinVNC\winvnc.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\Logiciel\UZC\UZC.EXE Infecté : not-a-virus:PSWTool.Win32.ZipCrack.c ignoré G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003622.exe Infecté : Trojan-Dropper.Win32.KGen.di ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005883.exe Infecté : HackTool.Win32.Sniffer.Agent.b ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005884.exe Infecté : not-a-virus:PSWTool.Win32.PassView.bj ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005885.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.dp ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005887.exe Infecté : not-a-virus:PSWTool.Win32.NetPass.q ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005890.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.an ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005891.exe Infecté : not-a-virus:PSWTool.Win32.Asterisk.a ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe/file10 Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe Inno: infecté - 1 ignoré H:\TLC\mirc612.exe/data0001.bin Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré H:\TLC\mirc612.exe mIRC: infecté - 1 ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe Inno: infecté - 2 ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar RAR: infecté - 3 ignoré Analyse terminée. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:18:03, on 04/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\csrss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS.0\CTHELPER.EXE C:\WINDOWS.0\system32\CTXFIHLP.EXE G:\logiciel\Creative\Volume Panel\VolPanlu.exe C:\WINDOWS.0\system32\ctfmon.exe C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE G:\logiciel\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe G:\logiciel\Free Download Manager\fdm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe G:\Logiciel\Logitech\SetPoint\SetPoint.exe G:\Logiciel\WinBar\WinBar.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS.0\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wscntfy.exe C:\WINDOWS.0\System32\alg.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS.0\System32\svchost.exe g:\Logiciel\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS.0\Explorer.EXE G:\Logiciel\HijackThis.exe C:\WINDOWS.0\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\logiciel\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [VolPanel] "g:\logiciel\Creative\Volume Panel\VolPanlu.exe" /r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] g:\logiciel\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] "G:\logiciel\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\logiciel\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\logiciel\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe -- End of file - 9100 bytes

J'ai desinstalle spybot. J'ai rien change mais a un moment, au bout de 5 mns ma barre en bas change car un truc charge, ce qui me coupe le son d'ailleurs, que je suis oblige de relancer dans les services. (peut etre un rapport. Le seul truc que j'ai fait c'est que j'ai lance alerte rouge 3 lol.

Logfile of random's system information tool 1.04 (written by random/random) Run by BaPoR at 2008-12-03 23:50:27 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 51 GB (72%) free of 71 GB Total RAM: 2047 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:33, on 03/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\csrss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS.0\CTHELPER.EXE C:\WINDOWS.0\system32\CTXFIHLP.EXE C:\WINDOWS.0\system32\ctfmon.exe C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE G:\logiciel\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe G:\logiciel\Free Download Manager\fdm.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe G:\Logiciel\Logitech\SetPoint\SetPoint.exe G:\Logiciel\WinBar\WinBar.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\MSN Messenger\msnmsgr.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS.0\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wscntfy.exe C:\WINDOWS.0\System32\alg.exe g:\Logiciel\Mozilla Firefox\firefox.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\BaPoR\Bureau\RSIT.exe C:\WINDOWS.0\system32\wbem\wmiprvse.exe G:\Logiciel\BaPoR.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\logiciel\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] g:\logiciel\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] "G:\logiciel\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\logiciel\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\logiciel\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe -- End of file - 8859 bytes ======Scheduled tasks folder====== C:\WINDOWS.0\tasks\1-Click Maintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-25 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - G:\logiciel\Free Download Manager\iefdm2.dll [2008-06-18 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-25 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-25 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-25 136600] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS.0\KHALMNPR.EXE [2008-02-29 76304] "AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -1 AudioDrvEmulator C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll [] "Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584] "Adobe Reader Speed Launcher"=G:\logiciel\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "avgnt"=G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k [] "CTHelper"=C:\WINDOWS.0\CTHELPER.EXE [2006-08-17 17920] "CTxfiHlp"=C:\WINDOWS.0\system32\CTXFIHLP.EXE [2006-08-17 18944] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360] "SuperCopier2.exe"=g:\logiciel\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "Free Download Manager"=G:\logiciel\Free Download Manager\fdm.exe [2008-05-20 2474031] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272] C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage Logitech SetPoint.lnk - G:\Logiciel\Logitech\SetPoint\SetPoint.exe C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage WinBar.lnk - G:\Logiciel\WinBar\WinBar.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS.0\system32\Ati2evxx.dll [2008-08-21 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-05-07 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"=1 "NoSMBalloonTip"=1 "NoDesktopCleanupWizard"=1 "NoWelcomeScreen"=1 "NoStrCmpLogical"=0 "NoInstrumentation"=0 "NoDrives"=0 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "G:\Logiciel\Azureus\Azureus.exe"="G:\Logiciel\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE"="G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" ======List of files/folders created in the last 1 months====== 2008-12-03 23:28:06 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative Labs 2008-12-03 23:26:55 ----A---- C:\WINDOWS.0\system32\instwdm.ini 2008-12-03 23:26:55 ----A---- C:\WINDOWS.0\system32\ctzapxx.ini 2008-12-03 22:23:24 ----D---- C:\Avenger 2008-12-03 22:23:23 ----A---- C:\avenger.txt 2008-12-03 22:20:42 ----A---- C:\cleanup.exe 2008-12-03 19:55:35 ----A---- C:\WINDOWS.0\gmer.ini 2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer_uninstall.cmd 2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer.exe 2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer.dll 2008-12-03 19:51:28 ----D---- C:\rsit 2008-12-03 12:49:19 ----D---- C:\_OTMoveIt 2008-12-03 01:41:29 ----A---- C:\WINDOWS.0\system32\unrar.dll 2008-12-03 01:41:28 ----A---- C:\WINDOWS.0\system32\yv12vfw.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidvfw.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidcore.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\qt-dx331.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\dpl100.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\divx.dll 2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll.manifest 2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll 2008-12-03 00:33:08 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira 2008-12-02 02:41:03 ----SHD---- C:\RECYCLER 2008-12-02 02:35:07 ----A---- C:\ComboFix.txt 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\zip.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\VFIND.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWXCACLS.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWSC.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWREG.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\sed.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\NIRCMD.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\grep.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\fdsv.exe 2008-12-01 21:41:12 ----D---- C:\Qoobox 2008-12-01 16:31:46 ----HD---- C:\WINDOWS.0\system32\GroupPolicy 2008-12-01 13:52:14 ----A---- C:\WINDOWS.0\NeroDigital.ini 2008-12-01 12:52:55 ----D---- C:\Documents and Settings\BaPoR\Application Data\vlc 2008-12-01 01:37:46 ----A---- C:\resultat.txt 2008-11-30 21:04:29 ----D---- C:\Program Files\Veetle 2008-11-30 21:04:29 ----A---- C:\WINDOWS.0\UninstVeetleTVPlayer.exe 2008-11-30 19:33:34 ----D---- C:\Documents and Settings\BaPoR\Application Data\WinRAR 2008-11-30 19:29:49 ----D---- C:\WINDOWS.0\ERUNT 2008-11-30 19:20:19 ----D---- C:\SDFix 2008-11-28 16:52:58 ----A---- C:\WINDOWS.0\system32\TwnLib20.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXRA7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXR7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXpr7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagX7.dll 2008-11-28 16:52:57 ----D---- C:\Program Files\Fichiers communs\Ahead 2008-11-28 16:52:57 ----A---- C:\WINDOWS.0\system32\NeroCheck.exe 2008-11-25 01:14:51 ----A---- C:\WINDOWS.0\wininit.ini 2008-11-24 23:57:19 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-11-24 23:57:19 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2008-11-24 23:57:18 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) 2008-11-24 23:56:30 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) 2008-11-24 23:55:26 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy 2008-11-22 01:23:03 ----A---- C:\Program Files\cvhx.txt 2008-11-22 01:09:05 ----A---- C:\WINDOWS.0\obzgi.txt 2008-11-22 01:06:31 ----D---- C:\Documents and Settings\BaPoR\Application Data\Malwarebytes 2008-11-22 01:06:27 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes 2008-11-22 00:23:41 ----A---- C:\Boot.bak 2008-11-22 00:23:38 ----RASHD---- C:\cmdcons 2008-11-22 00:20:34 ----D---- C:\WINDOWS.0\ERDNT 2008-11-20 15:35:38 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi 2008-11-19 23:43:00 ----D---- C:\Program Files\Fichiers communs\Creative Labs Shared 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DX9_40.dll 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\d3dx10_40.dll 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DCompiler_40.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_3.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_2.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_2.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_1.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\xactengine3_3.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\X3DAudio1_5.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\xactengine3_2.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DX9_39.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\d3dx10_39.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DCompiler_39.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll 2008-11-16 21:26:10 ----A---- C:\WINDOWS.0\system32\XAudio2_0.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\xactengine3_0.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\X3DAudio1_3.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\d3dx10_37.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DCompiler_37.dll 2008-11-16 21:26:06 ----A---- C:\WINDOWS.0\system32\xactengine2_9.dll ======List of files/folders modified in the last 1 months====== 2008-12-03 23:48:04 ----D---- C:\Documents and Settings\BaPoR\Application Data\Free Download Manager 2008-12-03 23:32:39 ----A---- C:\WINDOWS.0\SchedLgU.Txt 2008-12-03 23:30:15 ----D---- C:\WINDOWS.0\Temp 2008-12-03 23:30:14 ----D---- C:\WINDOWS.0 2008-12-03 23:28:23 ----D---- C:\WINDOWS.0\system32 2008-12-03 23:27:20 ----RSHDC---- C:\WINDOWS.0\system32\dllcache 2008-12-03 23:27:15 ----D---- C:\WINDOWS.0\system32\drivers 2008-12-03 23:27:15 ----D---- C:\WINDOWS.0\system32\Data 2008-12-03 23:27:11 ----HD---- C:\WINDOWS.0\inf 2008-12-03 23:27:10 ----D---- C:\WINDOWS.0\system32\CatRoot2 2008-12-03 23:27:05 ----D---- C:\WINDOWS.0\Prefetch 2008-12-03 23:26:57 ----D---- C:\WINDOWS.0\system 2008-12-03 23:23:56 ----D---- C:\Program Files\Creative 2008-12-03 23:22:15 ----A---- C:\WINDOWS.0\ntbtlog.txt 2008-12-03 23:22:01 ----SHD---- C:\WINDOWS.0\CSC 2008-12-03 23:18:11 ----D---- C:\WINDOWS.0\system32\ReinstallBackups 2008-12-03 23:18:09 ----A---- C:\WINDOWS.0\system32\wrap_oal.dll 2008-12-03 23:18:08 ----A---- C:\WINDOWS.0\system32\OpenAL32.dll 2008-12-03 23:17:39 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-03 18:48:02 ----D---- C:\WINDOWS.0\Minidump 2008-12-03 12:50:07 ----D---- C:\Documents and Settings\BaPoR\Application Data\Azureus 2008-12-03 01:30:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\Spybot - Search & Destroy 2008-12-02 02:34:11 ----A---- C:\WINDOWS.0\system.ini 2008-12-02 02:31:56 ----D---- C:\WINDOWS.0\system32\config 2008-12-02 02:31:26 ----D---- C:\WINDOWS.0\AppPatch 2008-12-02 02:31:26 ----D---- C:\Program Files\Fichiers communs 2008-12-01 16:51:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\dvdcss 2008-12-01 16:17:21 ----D---- C:\WINDOWS.0\Help 2008-11-30 21:04:29 ----RD---- C:\Program Files 2008-11-30 20:02:18 ----SHD---- C:\System Volume Information 2008-11-30 20:02:18 ----D---- C:\WINDOWS.0\system32\Restore 2008-11-30 19:27:45 ----D---- C:\Documents and Settings 2008-11-30 16:20:55 ----A---- C:\WINDOWS.0\win.ini 2008-11-30 15:07:23 ----SD---- C:\WINDOWS.0\Downloaded Program Files 2008-11-25 23:12:45 ----A---- C:\WINDOWS.0\system32\CmdLineExt.dll 2008-11-22 00:23:41 ----RASH---- C:\boot.ini 2008-11-20 15:35:13 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi-Backup 2008-11-20 15:30:01 ----D---- C:\Temp 2008-11-19 23:42:54 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative 2008-11-19 22:53:30 ----RSD---- C:\WINDOWS.0\assembly 2008-11-19 22:53:10 ----D---- C:\WINDOWS.0\system32\DirectX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 irda;Protocole IrDA; C:\WINDOWS.0\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 tmcomm;tmcomm; \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840] R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS.0\system32\DRIVERS\atinavt2.sys [2008-05-15 171520] R3 avgntflt;avgntflt; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS.0\system32\drivers\ctac32k.sys [2006-08-17 502272] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS.0\system32\drivers\ctaud2k.sys [2006-08-17 500480] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS.0\system32\drivers\ctprxy2k.sys [2006-08-17 7168] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\drivers\ctsfm2k.sys [2006-08-17 143872] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS.0\system32\drivers\emupia2k.sys [2006-08-17 78336] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS.0\system32\drivers\ha20x2k.sys [2006-08-17 1110528] R3 hamachi;Hamachi Network Interface; C:\WINDOWS.0\system32\DRIVERS\hamachi.sys [2008-11-20 25544] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS.0\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS.0\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] R3 mouhid;Pilote HID de souris; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS.0\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\drivers\ctoss2k.sys [2006-08-17 116224] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS.0\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS.0\system32\drivers\WmBEnum.sys [2008-01-24 19336] R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS.0\system32\drivers\WmXlCore.sys [2008-01-24 48904] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 amxebysb;amxebysb; C:\WINDOWS.0\system32\drivers\amxebysb.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS.0\system32\CT20XUT.DLL [2006-08-17 158720] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS.0\system32\drivers\ctdvda2k.sys [2006-08-17 340176] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496] S3 gmer;gmer; C:\WINDOWS.0\System32\DRIVERS\gmer.sys [2008-12-03 85969] S3 MPE;Filtre BDA MPE; C:\WINDOWS.0\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS.0\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS.0\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS.0\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS.0\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS.0\system32\drivers\WmFilter.sys [2008-01-24 28168] S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS.0\system32\drivers\WmHidLo.sys [2008-01-24 29192] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS.0\system32\drivers\WmVirHid.sys [2008-01-24 14728] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2008-08-21 573440] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS.0\system32\CTsvcCDA.exe [1999-12-13 44032] R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS.0\system32\ati2sgag.exe [2008-08-20 593920] S2 Irmon;Moniteur infrarouge; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-19 79360] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS.0\System32\TuneUpDefragService.exe [2008-10-06 307968] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- C'est surtout a vous que je dois dire merci. Par contre j'ai du reinstaller le son. Sinon j'ai un bug tres chiant, je perds le son (sauf les sons windows ou msn) au bout de 5mns je suis oblige de reactiver ca via les services (Pilote DirectSound incorrect, erreur 88780078). Je poste ca ou sur le forum ? Je fais mon scan kapersky.

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "mscicosd" disabled successfully. Driver "mbr" disabled successfully. Error: could not open driver "mchInjDrv" Disablement of driver "mchInjDrv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "CTEXFIFX.DLL" disabled successfully. Driver "CTHWIUT.DLL" disabled successfully. Error: could not open driver "akwhoahx" Disablement of driver "akwhoahx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "soxpeca" Disablement of driver "soxpeca" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "mabidwe" Disablement of driver "mabidwe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "noytcyr" Disablement of driver "noytcyr" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "tdydowkc" Disablement of driver "tdydowkc" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "roytctm" Disablement of driver "roytctm" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "wsldoekd" Disablement of driver "wsldoekd" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "afisicx" Disablement of driver "afisicx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "mscicosd" deleted successfully. Driver "mbr" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mchInjDrv" not found! Deletion of driver "mchInjDrv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "CTEXFIFX.DLL" deleted successfully. Driver "CTHWIUT.DLL" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\akwhoahx" not found! Deletion of driver "akwhoahx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\soxpeca" not found! Deletion of driver "soxpeca" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mabidwe" not found! Deletion of driver "mabidwe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\noytcyr" not found! Deletion of driver "noytcyr" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdydowkc" not found! Deletion of driver "tdydowkc" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\roytctm" not found! Deletion of driver "roytctm" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\wsldoekd" not found! Deletion of driver "wsldoekd" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\afisicx" not found! Deletion of driver "afisicx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS.0\system32\mscico.exe" deleted successfully. Error: file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys" not found! Deletion of file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp" not found! Deletion of file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml32.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml31.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml30.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2F.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2E.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2D.tmp" deleted successfully. File "C:\WINDOWS.0\system32\CT20XUT.DLL" deleted successfully. File "C:\WINDOWS.0\system32\CTHWIUT.DLL" deleted successfully. Error: file "C:\WINDOWS.0\system32\drivers\akwhoahx.sys" not found! Deletion of file "C:\WINDOWS.0\system32\drivers\akwhoahx.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\tdydowkc.exe" not found! Deletion of file "C:\WINDOWS.0\system32\tdydowkc.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\noytcyr.exe" not found! Deletion of file "C:\WINDOWS.0\system32\noytcyr.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\wsldoekd.exe" not found! Deletion of file "C:\WINDOWS.0\system32\wsldoekd.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\roytctm.exe" not found! Deletion of file "C:\WINDOWS.0\system32\roytctm.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\afisicx.exe" not found! Deletion of file "C:\WINDOWS.0\system32\afisicx.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\soxpeca.exe" not found! Deletion of file "C:\WINDOWS.0\system32\soxpeca.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\mabidwe.exe" not found! Deletion of file "C:\WINDOWS.0\system32\mabidwe.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS.0\UpdReg.EXE" deleted successfully. Completed script processing. ******************* Finished! Terminate.

SDFix: Version 1.240 Run by BaPoR on 03/12/2008 at 22:12 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS.EXE - Deleted C:\WINDOWS.EXE - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 22:15:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:19a70fe2 "s2"=dword:e9361f09 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="g:\logiciel\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,.. "khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9f,dd,7a,e1,59,a3,59,bb,dd,0c,19,59,af,fd,63,dd,4c,f8,e6,89,88,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="g:\logiciel\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,.. "khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9f,dd,7a,e1,59,a3,59,bb,dd,0c,19,59,af,fd,63,dd,4c,f8,e6,89,88,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "G:\\Logiciel\\Azureus\\Azureus.exe"="G:\\Logiciel\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe" Wed 3 Dec 2008 2,834 ...HR --- "C:\Documents and Settings\BaPoR\Application Data\SecuROM\UserData\securom_v7_01.bak" Finished!

Et gmer GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-03 20:00:05 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF75000B0] SSDT A908F084 ZwCreateThread SSDT sptd.sys ZwEnumerateKey [0xF750584E] SSDT sptd.sys ZwEnumerateValueKey [0xF7505BEE] SSDT sptd.sys ZwOpenKey [0xF7500090] SSDT A908F070 ZwOpenProcess SSDT A908F075 ZwOpenThread SSDT sptd.sys ZwQueryKey [0xF7505CC6] SSDT sptd.sys ZwQueryValueKey [0xF7505B46] SSDT sptd.sys ZwSetValueKey [0xF7505D58] SSDT A908F07F ZwTerminateProcess SSDT A908F07A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS.0\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. .text USBPORT.SYS!DllUnload B977C8AC 5 Bytes JMP 8991E1B8 ? System32\Drivers\akwhoahx.SYS Le chemin d'accès spécifié est introuvable. ! ? C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. ! ? C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.14 ---- .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\Explorer.EXE[332] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\Explorer.EXE[332] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\Explorer.EXE[332] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[576] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[576] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01BA4408 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!send 719F4C27 5 Bytes JMP 01BA48E8 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!recv 719F676F 5 Bytes JMP 01BA48A6 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!Shell_NotifyIcon 7CA321D6 5 Bytes JMP 01BA1163 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\system32\ctfmon.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\system32\ctfmon.exe[1240] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\system32\ctfmon.exe[1240] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Messenger\msmsgs.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Messenger\msmsgs.exe[1292] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Messenger\msmsgs.exe[1292] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\logiciel\Free Download Manager\fdm.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\logiciel\Free Download Manager\fdm.exe[1360] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\logiciel\Free Download Manager\fdm.exe[1360] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\WinBar\WinBar.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A .text G:\Logiciel\WinBar\WinBar.exe[1588] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\WinBar\WinBar.exe[1588] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\BaPoR\Bureau\Bapor.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\BaPoR\Bureau\Bapor.exe[2088] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\mIRC\mirc.exe[2184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\mIRC\mirc.exe[2184] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Logiciel\mIRC\mirc.exe[2184] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\mIRC\mirc.exe[2184] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\System32\alg.exe[2232] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe[2916] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\CTsvcCDA.exe[2940] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Java\jre6\bin\jqs.exe[3056] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\svchost.exe[3448] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\wscntfy.exe[3652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\system32\wscntfy.exe[3652] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\wscntfy.exe[3652] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\system32\wscntfy.exe[3652] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\System32\svchost.exe[3836] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS.0\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7513A9A] sptd.sys ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] [00E7D50D] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SAMLIB.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 89B961D8 Device \FileSystem\Fastfat \FatCdrom 88519980 Device \Driver\USBSTOR \Device\0000008e 88566980 Device \Driver\usbuhci \Device\USBPDO-0 8991D1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C0B1D8 Device \Driver\dmio \Device\DmControl\DmConfig 89C0B1D8 Device \Driver\dmio \Device\DmControl\DmPnP 89C0B1D8 Device \Driver\dmio \Device\DmControl\DmInfo 89C0B1D8 Device \Driver\usbuhci \Device\USBPDO-1 8991D1D8 Device \Driver\usbuhci \Device\USBPDO-2 8991D1D8 Device \Driver\00000049 \Device\00000053 sptd.sys Device \Driver\usbuhci \Device\USBPDO-3 8991D1D8 Device \Driver\usbehci \Device\USBPDO-4 898EE3D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 89B981D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89B981D8 Device \Driver\Cdrom \Device\CdRom0 899341D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89B981D8 Device \Driver\Cdrom \Device\CdRom1 899341D8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89B981D8 Device \Driver\Cdrom \Device\CdRom2 899341D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7F70818D-6FD2-447D-9091-77825C7C4FFD} 885891D8 Device \Driver\NetBT \Device\NetBt_Wins_Export 885891D8 Device \Driver\USBSTOR \Device\00000091 88566980 Device \Driver\NetBT \Device\NetbiosSmb 885891D8 Device \Driver\usbuhci \Device\USBFDO-0 8991D1D8 Device \Driver\usbuhci \Device\USBFDO-1 8991D1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88572980 Device \Driver\usbuhci \Device\USBFDO-2 8991D1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88572980 Device \Driver\usbuhci \Device\USBFDO-3 8991D1D8 Device \Driver\usbehci \Device\USBFDO-4 898EE3D0 Device \Driver\Ftdisk \Device\FtControl 89B981D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0B84BA82-B0C7-45B6-8D39-3F3522CA1C76} 885891D8 Device \Driver\akwhoahx \Device\Scsi\akwhoahx1 8977D560 Device \Driver\akwhoahx \Device\Scsi\akwhoahx1Port4Path0Target0Lun0 8977D560 Device \FileSystem\Fastfat \Fat 88519980 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 884F71D8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 430378978 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -382329079 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 g:\logiciel\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x7B 0xFB 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0xC1 0x69 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x45 0xAC 0x22 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 g:\logiciel\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x7B 0xFB 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0xC1 0x69 0xAC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x45 0xAC 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Core\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Meta\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Movies\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\EnglishAudio\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Lang-french\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\CNC3EP1_french_1.0.SkuDef 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\RetailExe\1.0\Data\Cursors\SCCTelestrator.ani 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\RetailExe\1.0\config.txt 2 ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x8a781ce size 0x1ac ---- EOF - GMER 1.0.14 ----

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x8a781ce size 0x1ac ! ------------------------------------------------------------------------------------------------------------------------------------------------ info.txt logfile of random's system information tool 1.04 2008-12-03 19:51:34 ======Uninstall list====== -->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c -->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:FRN -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x40c /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Archiveur WinRAR-->g:\logiciel\WinRAR\uninstall.exe ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver-->rundll32 C:\WINDOWS.0\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->G:\Logiciel\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Azureus Vuze-->g:\logiciel\Azureus\uninstall.exe Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799} CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32} Command & Conquer 3 : La Fureur de Kane-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674} Command & Conquer™ Alerte Rouge 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715} Creative Audio Console-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove Creative MediaSource 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove Delete FXP Files Classic-->MsiExec.exe /X{D3E29D5A-B772-4578-9075-4272569504E2} eMulev0.49a.-MorphXTv11.0-->"g:\logiciel\emule morphxt\unins000.exe" Fraps (remove only)-->"g:\logiciel\Fraps\uninstall.exe" Free Download Manager 2.5-->"G:\logiciel\Free Download Manager\unins000.exe" Hamachi 1.0.2.2-->g:\logiciel\Hamachi\uninstall.exe HijackThis 2.0.2-->"G:\Logiciel\HijackThis.exe" /uninstall Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} K-Lite Codec Pack 3.9.0 Full-->"g:\logiciel\K-Lite Codec Pack\unins000.exe" Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60} Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly Malwarebytes' Anti-Malware-->"g:\logiciel\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{3A1EE107-F79B-49FA-83CF-94169E63F25A} Microsoft Flight Simulator X-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS.0\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS.0\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} mIRC-->"G:\Logiciel\mIRC\mirc.exe" -uninstall Mozilla Firefox (3.0.4)-->g:\Logiciel\Mozilla Firefox\uninstall\helper.exe MSN Messenger 7.5-->MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5} MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Nero 6 Ultra Edition-->G:\Logiciel\nero\nero\uninstall\UNNERO.exe /UNINSTALL Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48} Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943} Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500} Nokia NSeries Application Installer-->MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5} Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647} Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881} Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414} Nokia NSeries System Utilities-->MsiExec.exe /X{F1932E56-8A95-40E0-A15B-E06B45969845} Nokia Software Launcher-->MsiExec.exe /I{B53F4598-B3D9-41DF-911E-523FA91EE464} Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB} OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE} Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x40c /remove SpeedFan (remove only)-->"g:\logiciel\SpeedFan\uninstall.exe" StuffPlug-NG (Messenger Plus! Plugins)-->C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe SuperCopier2-->"g:\logiciel\SuperCopier2\SC2Uninst.exe" Tennis Elbow 2006 1.0c-->g:\jeux\Tennis Elbow 2006\uninst.exe Trials 2 Second Edition-->g:\jeux\Trials 2 Second Edition\Uninstall.exe TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} TVAnts 1.0-->G:\Logiciel\tvants\UNWISE.EXE G:\Logiciel\tvants\INSTALL.LOG Veetle TV Player 0.9.11-->C:\WINDOWS.0\UninstVeetleTVPlayer.exe Virtual DJ - Atomix Productions-->G:\Logiciel\VIRTUA~1\UNWISE.EXE G:\Logiciel\VIRTUA~1\INSTALL.LOG VLC media player 0.9.4-->g:\logiciel\VideoLAN\VLC\uninstall.exe WinBar-->g:\logiciel\WinBar\Uninstall.exe Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS.0\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf =====HijackThis Backups===== O4 - HKCU\..\Run: [bandook] C:\WINDOWS\system32\svhcost.exe O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\svhcost.exe O4 - HKCU\..\Run: [bandook] C:\WINDOWS\system32\svhcost.exe O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\svhcost.exe O4 - HKCU\..\Run: [bandook] C:\WINDOWS\system32\svhcost.exe O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\svhcost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "g:\logiciel\Reader 8.0\Reader\Reader_sl.exe" O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O20 - Winlogon Notify: rwnh32 - C:\WINDOWS\SYSTEM32\rwnh32.dll O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - c:\windows\system32\iegfilt.dll O23 - Service: afisicx - Unknown owner - C:\WINDOWS.0\system32\afisicx.exe O23 - Service: roytctm - Unknown owner - C:\WINDOWS.0\system32\roytctm.exe O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe O23 - Service: wsldoekd - Unknown owner - C:\WINDOWS.0\system32\wsldoekd.exe O23 - Service: tdydowkc - Unknown owner - C:\WINDOWS.0\system32\tdydowkc.exe O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS.0\system32\soxpeca.exe O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS.0\system32\mabidwe.exe O23 - Service: noytcyr - Unknown owner - C:\WINDOWS.0\system32\noytcyr.exe O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS.0\system32\soxpeca.exe (file missing) O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS.0\system32\noytcyr.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS.0\system32\tdydowkc.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS.0\UpdReg.EXE O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS.0\system32\mabidwe.exe O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS.0\system32\soxpeca.exe (file missing) O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS.0\system32\roytctm.exe O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS.0\system32\wsldoekd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe O23 - Service: tdydowkc - Unknown owner - C:\WINDOWS.0\system32\tdydowkc.exe (file missing) O23 - Service: noytcyr - Unknown owner - C:\WINDOWS.0\system32\noytcyr.exe (file missing) O23 - Service: wsldoekd - Unknown owner - C:\WINDOWS.0\system32\wsldoekd.exe (file missing) O23 - Service: roytctm - Unknown owner - C:\WINDOWS.0\system32\roytctm.exe (file missing) ======Security center information====== AV: Avira AntiVir PersonalEdition Classic (disabled) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- ------------------------------------------------------------------------------------------------------------------------------------------- Logfile of random's system information tool 1.04 (written by random/random) Run by BaPoR at 2008-12-03 19:51:28 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 52 GB (73%) free of 71 GB Total RAM: 2047 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:51:33, on 03/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\csrss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS.0\Explorer.EXE G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE C:\WINDOWS.0\system32\CTXFIHLP.EXE G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS.0\system32\ctfmon.exe G:\logiciel\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe G:\logiciel\Free Download Manager\fdm.exe C:\Program Files\MSN Messenger\msnmsgr.exe G:\Logiciel\Logitech\SetPoint\SetPoint.exe G:\Logiciel\WinBar\WinBar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS.0\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wscntfy.exe C:\WINDOWS.0\System32\alg.exe G:\Jeux\Alerte Rouge 3\RA3.exe G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game G:\Logiciel\mIRC\mirc.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Java\jre6\bin\jucheck.exe G:\Logiciel\Mozilla Firefox\firefox.exe C:\WINDOWS.0\system32\NOTEPAD.EXE C:\Documents and Settings\BaPoR\Bureau\RSIT.exe C:\WINDOWS.0\system32\wbem\wmiprvse.exe G:\Logiciel\BaPoR.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\logiciel\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [avgnt] "G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] g:\logiciel\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] "G:\logiciel\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\logiciel\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\logiciel\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe -- End of file - 9221 bytes ======Scheduled tasks folder====== C:\WINDOWS.0\tasks\1-Click Maintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-25 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - G:\logiciel\Free Download Manager\iefdm2.dll [2008-06-18 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-25 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-25 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-25 136600] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS.0\KHALMNPR.EXE [2008-02-29 76304] "AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-11-04 49152] "Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584] "VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-07-13 122880] "Adobe Reader Speed Launcher"=G:\logiciel\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "CTxfiHlp"=C:\WINDOWS.0\system32\CTXFIHLP.EXE [2008-07-11 19968] "avgnt"=G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360] "SuperCopier2.exe"=g:\logiciel\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "Free Download Manager"=G:\logiciel\Free Download Manager\fdm.exe [2008-05-20 2474031] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272] C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage Logitech SetPoint.lnk - G:\Logiciel\Logitech\SetPoint\SetPoint.exe C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage WinBar.lnk - G:\Logiciel\WinBar\WinBar.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS.0\system32\Ati2evxx.dll [2008-08-21 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-05-07 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"=1 "NoSMBalloonTip"=1 "NoDesktopCleanupWizard"=1 "NoWelcomeScreen"=1 "NoStrCmpLogical"=0 "NoInstrumentation"=0 "NoDrives"=0 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "G:\Logiciel\Azureus\Azureus.exe"="G:\Logiciel\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE"="G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" ======List of files/folders created in the last 1 months====== 2008-12-03 19:51:28 ----D---- C:\rsit 2008-12-03 12:49:19 ----D---- C:\_OTMoveIt 2008-12-03 01:41:29 ----A---- C:\WINDOWS.0\system32\unrar.dll 2008-12-03 01:41:28 ----A---- C:\WINDOWS.0\system32\yv12vfw.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidvfw.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidcore.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\qt-dx331.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\dpl100.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\divx.dll 2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll.manifest 2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll 2008-12-03 00:33:08 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira 2008-12-02 02:41:03 ----SHD---- C:\RECYCLER 2008-12-02 02:35:07 ----A---- C:\ComboFix.txt 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\zip.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\VFIND.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWXCACLS.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWSC.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWREG.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\sed.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\NIRCMD.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\grep.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\fdsv.exe 2008-12-01 21:41:12 ----D---- C:\Qoobox 2008-12-01 16:31:46 ----HD---- C:\WINDOWS.0\system32\GroupPolicy 2008-12-01 13:52:14 ----A---- C:\WINDOWS.0\NeroDigital.ini 2008-12-01 12:52:55 ----D---- C:\Documents and Settings\BaPoR\Application Data\vlc 2008-12-01 01:37:46 ----A---- C:\resultat.txt 2008-11-30 21:04:29 ----D---- C:\Program Files\Veetle 2008-11-30 21:04:29 ----A---- C:\WINDOWS.0\UninstVeetleTVPlayer.exe 2008-11-30 19:33:34 ----D---- C:\Documents and Settings\BaPoR\Application Data\WinRAR 2008-11-30 19:29:49 ----D---- C:\WINDOWS.0\ERUNT 2008-11-30 19:20:19 ----D---- C:\SDFix 2008-11-28 16:52:58 ----A---- C:\WINDOWS.0\system32\TwnLib20.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXRA7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXR7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXpr7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagX7.dll 2008-11-28 16:52:57 ----D---- C:\Program Files\Fichiers communs\Ahead 2008-11-28 16:52:57 ----A---- C:\WINDOWS.0\system32\NeroCheck.exe 2008-11-25 01:14:51 ----A---- C:\WINDOWS.0\wininit.ini 2008-11-24 23:57:19 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-11-24 23:57:19 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2008-11-24 23:57:18 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) 2008-11-24 23:56:30 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) 2008-11-24 23:55:26 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy 2008-11-22 01:23:03 ----A---- C:\Program Files\cvhx.txt 2008-11-22 01:09:05 ----A---- C:\WINDOWS.0\obzgi.txt 2008-11-22 01:06:31 ----D---- C:\Documents and Settings\BaPoR\Application Data\Malwarebytes 2008-11-22 01:06:27 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes 2008-11-22 00:23:41 ----A---- C:\Boot.bak 2008-11-22 00:23:38 ----RASHD---- C:\cmdcons 2008-11-22 00:20:34 ----D---- C:\WINDOWS.0\ERDNT 2008-11-20 15:35:38 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi 2008-11-19 23:43:00 ----D---- C:\Program Files\Fichiers communs\Creative Labs Shared 2008-11-19 23:27:38 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml32.tmp 2008-11-19 23:27:38 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml31.tmp 2008-11-19 23:27:38 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml30.tmp 2008-11-19 23:27:33 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2F.tmp 2008-11-19 23:27:32 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2E.tmp 2008-11-19 23:27:32 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2D.tmp 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DX9_40.dll 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\d3dx10_40.dll 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DCompiler_40.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_3.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_2.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_2.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_1.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\xactengine3_3.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\X3DAudio1_5.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\xactengine3_2.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DX9_39.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\d3dx10_39.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DCompiler_39.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll 2008-11-16 21:26:10 ----A---- C:\WINDOWS.0\system32\XAudio2_0.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\xactengine3_0.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\X3DAudio1_3.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\d3dx10_37.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DCompiler_37.dll 2008-11-16 21:26:06 ----A---- C:\WINDOWS.0\system32\xactengine2_9.dll ======List of files/folders modified in the last 1 months====== 2008-12-03 19:51:33 ----D---- C:\Documents and Settings\BaPoR\Application Data\Free Download Manager 2008-12-03 19:32:29 ----D---- C:\WINDOWS.0\Prefetch 2008-12-03 18:52:33 ----A---- C:\WINDOWS.0\SchedLgU.Txt 2008-12-03 18:48:36 ----D---- C:\WINDOWS.0\Temp 2008-12-03 18:48:02 ----D---- C:\WINDOWS.0 2008-12-03 14:35:13 ----D---- C:\WINDOWS.0\Minidump 2008-12-03 12:50:07 ----D---- C:\Documents and Settings\BaPoR\Application Data\Azureus 2008-12-03 12:40:06 ----D---- C:\WINDOWS.0\system32 2008-12-03 01:30:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\Spybot - Search & Destroy 2008-12-03 01:17:35 ----D---- C:\WINDOWS.0\system32\CatRoot2 2008-12-03 00:33:09 ----D---- C:\WINDOWS.0\system32\drivers 2008-12-02 02:34:11 ----A---- C:\WINDOWS.0\system.ini 2008-12-02 02:31:56 ----D---- C:\WINDOWS.0\system32\config 2008-12-02 02:31:26 ----D---- C:\WINDOWS.0\AppPatch 2008-12-02 02:31:26 ----D---- C:\Program Files\Fichiers communs 2008-12-01 16:51:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\dvdcss 2008-12-01 16:17:21 ----D---- C:\WINDOWS.0\Help 2008-11-30 21:04:29 ----RD---- C:\Program Files 2008-11-30 20:02:18 ----SHD---- C:\System Volume Information 2008-11-30 20:02:18 ----D---- C:\WINDOWS.0\system32\Restore 2008-11-30 19:30:18 ----A---- C:\WINDOWS.0\ntbtlog.txt 2008-11-30 19:27:45 ----D---- C:\Documents and Settings 2008-11-30 16:20:55 ----A---- C:\WINDOWS.0\win.ini 2008-11-30 15:07:23 ----SD---- C:\WINDOWS.0\Downloaded Program Files 2008-11-30 15:07:21 ----HD---- C:\WINDOWS.0\inf 2008-11-25 23:12:45 ----A---- C:\WINDOWS.0\system32\CmdLineExt.dll 2008-11-22 00:23:41 ----RASH---- C:\boot.ini 2008-11-20 15:35:13 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi-Backup 2008-11-20 15:30:01 ----D---- C:\Temp 2008-11-19 23:43:04 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-19 23:42:54 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative 2008-11-19 23:42:49 ----A---- C:\WINDOWS.0\system32\wrap_oal.dll 2008-11-19 23:42:49 ----A---- C:\WINDOWS.0\system32\OpenAL32.dll 2008-11-19 23:42:35 ----D---- C:\WINDOWS.0\system32\Data 2008-11-19 23:42:30 ----RSHDC---- C:\WINDOWS.0\system32\dllcache 2008-11-19 23:36:45 ----D---- C:\WINDOWS.0\system 2008-11-19 22:53:30 ----RSD---- C:\WINDOWS.0\assembly 2008-11-19 22:53:10 ----D---- C:\WINDOWS.0\system32\DirectX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 irda;Protocole IrDA; C:\WINDOWS.0\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 tmcomm;tmcomm; \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840] R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS.0\system32\DRIVERS\atinavt2.sys [2008-05-15 171520] R3 avgntflt;avgntflt; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS.0\system32\CT20XUT.DLL [2008-07-15 170520] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS.0\system32\drivers\ctac32k.sys [2008-07-15 511000] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS.0\system32\drivers\ctaud2k.sys [2008-07-15 527384] R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS.0\system32\CTEXFIFX.DLL [2008-07-15 1323544] R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS.0\system32\CTHWIUT.DLL [2008-07-15 72728] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS.0\system32\drivers\ctprxy2k.sys [2008-07-15 14360] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\drivers\ctsfm2k.sys [2008-07-15 157208] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS.0\system32\drivers\emupia2k.sys [2008-07-15 92696] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS.0\system32\drivers\ha20x2k.sys [2008-07-15 1173016] R3 hamachi;Hamachi Network Interface; C:\WINDOWS.0\system32\DRIVERS\hamachi.sys [2008-11-20 25544] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS.0\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS.0\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] R3 mouhid;Pilote HID de souris; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS.0\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\drivers\ctoss2k.sys [2008-07-15 127000] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS.0\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS.0\system32\drivers\WmBEnum.sys [2008-01-24 19336] R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS.0\system32\drivers\WmXlCore.sys [2008-01-24 48904] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 akwhoahx;akwhoahx; C:\WINDOWS.0\system32\drivers\akwhoahx.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS.0\system32\drivers\ctdvda2k.sys [2008-07-15 347080] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496] S3 mbr;mbr; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys [] S3 MPE;Filtre BDA MPE; C:\WINDOWS.0\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS.0\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS.0\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS.0\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS.0\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS.0\system32\drivers\WmFilter.sys [2008-01-24 28168] S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS.0\system32\drivers\WmHidLo.sys [2008-01-24 29192] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS.0\system32\drivers\WmVirHid.sys [2008-01-24 14728] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2008-08-21 573440] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS.0\system32\CTsvcCDA.exe [1999-12-13 44032] R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS.0\system32\ati2sgag.exe [2008-08-20 593920] S2 Irmon;Moniteur infrarouge; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S2 mscicosd;Files Management Service; C:\WINDOWS.0\system32\mscico.exe [2008-04-14 66560] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-19 79360] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS.0\System32\TuneUpDefragService.exe [2008-10-06 307968] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- Je continue avec Gmer

Hi. Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x8a781ce size 0x1ac !

Avira AntiVir Personal Date de création du fichier de rapport : mercredi 3 décembre 2008 15:22 La recherche porte sur 1070676 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : BaPoR Nom de l'ordinateur :A6-6D3439E225D0 Informations de version : BUILD.DAT : 8.2.0.51 16930 Bytes 30/10/2008 15:47:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:49 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:29:38 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:56:28 ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 18:30:06 ANTIVIR3.VDF : 7.1.0.178 149504 Bytes 03/12/2008 12:13:34 Version du moteur: 8.2.0.36 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 03/12/2008 12:13:46 AESCN.DLL : 8.1.1.5 123251 Bytes 03/12/2008 12:13:45 AERDL.DLL : 8.1.1.3 438645 Bytes 03/12/2008 12:13:44 AEPACK.DLL : 8.1.3.4 393591 Bytes 03/12/2008 12:13:43 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 03/12/2008 12:13:41 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 03/12/2008 12:13:40 AEHELP.DLL : 8.1.2.0 119159 Bytes 03/12/2008 12:13:37 AEGEN.DLL : 8.1.1.6 323955 Bytes 03/12/2008 12:13:36 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.5.2 172405 Bytes 03/12/2008 12:13:35 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 03/12/2008 12:13:34 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Sélection manuelle Fichier de configuration.........: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, G:, H:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: arrêt Fichier mode de recherche........: Sélection de fichiers intelligente Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : mercredi 3 décembre 2008 15:22 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'jucheck.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'CTSVCCDA.EXE' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'KHALMNPR.exe' - '1' module(s) sont contrôlés Processus de recherche 'WinBar.exe' - '1' module(s) sont contrôlés Processus de recherche 'CCC.exe' - '1' module(s) sont contrôlés Processus de recherche 'SetPoint.exe' - '1' module(s) sont contrôlés Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'fdm.exe' - '1' module(s) sont contrôlés Processus de recherche 'msmsgs.exe' - '1' module(s) sont contrôlés Processus de recherche 'SuperCopier2.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'Ctxfihlp.exe' - '1' module(s) sont contrôlés Processus de recherche 'CTxfispi.exe' - '1' module(s) sont contrôlés Processus de recherche 'VolPanlu.exe' - '1' module(s) sont contrôlés Processus de recherche 'LWEMon.exe' - '1' module(s) sont contrôlés Processus de recherche 'DLLML.exe' - '1' module(s) sont contrôlés Processus de recherche 'MsgPlus.exe' - '1' module(s) sont contrôlés Processus de recherche 'MOM.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'CTAudSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '45' processus ont été contrôlés avec '45' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [RESULTAT] Contient le code du virus de secteur dapos;amorçage BOO/Sinowal.A [REMARQUE] Le secteur n'a pas été réécrit ! Secteur d'amorçage maître HD2 [RESULTAT] Contient le code du virus de secteur dapos;amorçage BOO/Sinowal.A [REMARQUE] Le secteur n'a pas été réécrit ! Secteur d'amorçage maître HD3 [RESULTAT] Contient le code du virus de secteur dapos;amorçage BOO/Sinowal.A [REMARQUE] Le secteur n'a pas été réécrit ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'G:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'H:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '62' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\WINDOWS.0\system32\mscico.exe [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\WINDOWS.0\system32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'G:\' Recherche débutant dans 'H:\' <My Book> Fin de la recherche : mercredi 3 décembre 2008 15:54 Temps nécessaire: 31:54 Minute(s) La recherche a été effectuée intégralement 14048 Les répertoires ont été contrôlés 536087 Des fichiers ont été contrôlés 3 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 3 Impossible de contrôler des fichiers 536084 Fichiers non infectés 4421 Les archives ont été contrôlées 3 Avertissements 3 Consignes

========== PROCESSES ========== Process explorer.exe killed successfully. Unable to kill process: afisicx.exe Unable to kill process: noytcyr.exe Unable to kill process: roytctm.exe Unable to kill process: tdydowkc.exe Unable to kill process: wsldoekd.exe ========== SERVICES/DRIVERS ========== Unable to stop service MCHINJDRV . ========== FILES ========== File/Folder c:\windows.0\system32\afisicx.exe not found. File/Folder c:\windows.0\system32\comsa32.sys not found. File/Folder c:\windows.0\system32\mabidwe.exe not found. File/Folder c:\windows.0\system32\noytcyr.exe not found. File/Folder c:\windows.0\system32\roytctm.exe not found. File/Folder c:\windows.0\system32\soxpeca.exe not found. File/Folder c:\windows.0\system32\tdydowkc.exe not found. File/Folder c:\windows.0\system32\tpszxyd.sys not found. File/Folder c:\windows.0\system32\udxfytw.sys not found. File/Folder c:\windows.0\system32\wsldoekd.exe not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\hsperfdata_BaPoR\1572 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\hsperfdata_BaPoR\2796 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\e4j1C8.tmp_dir28555\exe4jlib.jar scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\azemp-win32_2.0.32.zip scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\etilqs_FMExnlgMvGHmMSzPHzBa scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DF9CAD.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DFB5F0.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS.0\temp\Perflib_Perfdata_670.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12032008_124919 Files moved on Reboot... File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\hsperfdata_BaPoR\1572 not found! File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\hsperfdata_BaPoR\2796 not found! C:\DOCUME~1\BaPoR\LOCALS~1\Temp\e4j1C8.tmp_dir28555\exe4jlib.jar moved successfully. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\azemp-win32_2.0.32.zip moved successfully. File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\etilqs_FMExnlgMvGHmMSzPHzBa not found! DllUnregisterServer procedure not found in C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-gdip-win32-3448.dll C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-win32-3448.dll C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\swt-win32-3448.dll moved successfully. File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DF9CAD.tmp not found! File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DFB5F0.tmp not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. File C:\WINDOWS.0\temp\Perflib_Perfdata_670.dat not found! C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\XUL.mfl moved successfully.

1) J'ai toujours gere sans antivirus, sauf la ou je trouvais pas l'infection, c'est plus casse bonbon qu'autre chose, mais j'ai toujours antivir en setup quand j'ai un doute. 2) Je ne communiquerais pas la dessus sur un forum publique mais vu ce que j'en fais y a pas risque la dessus (ou peu). 3) Ca je savais pas, thx ! 4) Mon pc avait reboot pendant l'installation de windows et j'ai du reinstaller un autre. Par flemme je n'ai pas efface l'ancien, d'ailleurs ca me derange pas. Je vais faire le reste. Merci de ton aide !

Et le rapport de mbam Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1443 Windows 5.1.2600 Service Pack 3 02/12/2008 11:31:53 mbam-log-2008-12-02 (11-31-50).txt Type de recherche: Examen complet (C:\|G:\|H:\|) Eléments examinés: 202635 Temps écoulé: 27 minute(s), 50 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP1\A0000003.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP1\A0002007.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP2\A0003112.exe (Trojan.Agent) -> No action taken.

Hi, thx. ComboFix 08-12-01.01 - BaPoR 2008-12-02 2:29:51.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1444 [GMT 1:00] Lancé depuis: c:\documents and settings\BaPoR\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\BaPoR\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\batchrunner.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Launch.cmd c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Netfx20a_x86.msi c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1025\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1028\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1031\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1033\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1036\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1040\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1041\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\1042\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\2052\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\3082\DWINTL20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DWDCW20.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Internet Explorer\MUI\0409\mscorier.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\NETFXSBS10.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\netfxsbs12.hkf c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_diasymreader.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_iehost.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_microsoft.jscript.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_mscordbi.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_mscorrc.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_mscorsec.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_system.configuration.install.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_system.data.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_VsaVb7rt.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbs_wminet_utils.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbscmp10.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbscmp20_mscorwks.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\sbscmp20_perfcounter.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\SharedReg12.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_DataOracleClientPerfCounters_shared12_neutral.h c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_DataOracleClientPerfCounters_shared12_neutral.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_DataPerfCounters.h c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_DataPerfCounters.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_dataperfcounters_shared12_neutral.h c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_dataperfcounters_shared12_neutral.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_NetworkingPerfCounters.h c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\_Networkingperfcounters.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\1033\alinkui.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\1033\cscompui.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\1033\CvtResUI.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\1033\vbc7ui.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\1033\Vsavb7rtUI.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Accessibility.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\AdoNetDiag.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\adonetdiag.mof c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\alink.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\AppLaunch.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Code\WizardPage.cs c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_GlobalResources\AppConfigCommon.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_GlobalResources\GlobalResources.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\default.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\error.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\home0.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\home1.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\home2.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\navigationBar.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Application.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Internals.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Provider.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Security.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppConfigHome.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppSetting.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\CreateAppSetting.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DebugAndTrace.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DefineErrorPage.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\EditAppSetting.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ManageAppSettings.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\SmtpSettings.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\AppConfigHome.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\AppSetting.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\DebugAndTrace.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\DefineErrorPage.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\AppConfig\SmtpSettings.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\default.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\error.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\home0.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\home1.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\home2.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\alert_lrg.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\aspx_file.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\branding_Full2.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\folder.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\help.jpg c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\image1.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\image2.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\requiredBang.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\security_watermark.jpg c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Images\yellowCORNER.gif c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\navigationBar.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\App_LocalResources\chooseProviderManagement.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageconsolidatedProviders.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageProviders.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\App_LocalResources\providerList.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Providers\ProviderList.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\App_LocalResources\security.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\App_LocalResources\security0.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\App_LocalResources\setUpAuthentication.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\createPermission.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\managePermissions.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageAllRoles.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageSingleRole.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Roles\manageAllRoles.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Roles\manageSingleRole.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\security.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\security0.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\addUser.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\addUser.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\editUser.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\findUsers.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\manageUsers.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\editUser.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\findUsers.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Users\manageUsers.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\confirmation.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizard.aspx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAddUser.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAuthentication.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardCreateRoles.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardFinish.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardInit.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardPermission.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardProviderInfo.ascx.resx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\confirmation.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizardAddUser.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizardCreateRoles.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizardFinish.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\Security\Wizard\wizardProviderInfo.ascx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\web.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\webAdmin.master c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\webAdminButtonRow.master c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminHelp.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\webAdminNoButtonRow.master c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\webAdminNoNavBar.master c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminStyles.css c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminWithConfirmation.master c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ASP.NETWebAdminFiles\WebAdminWithConfirmationNoButtonRow.master c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Aspnet.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet.mof c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet.mof.uninstall c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_compiler.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_filter.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_isapi.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Aspnet_perf.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_perf.h c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_perf.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_perf2.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_rc.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regbrowsers.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regiis.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regsql.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Aspnet_regsql.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_state.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_state_perf.h c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_state_perf.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_wp.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\AspNetMMCExt.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\big5.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\bopomofo.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CasPol.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\caspol.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CLR.mof c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CLR.mof.uninstall c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\avantgo.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\cassio.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\Default.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\docomo.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\ericsson.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\EZWap.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\gateway.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\generic.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\goAmerica.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\ie.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\Jataayu.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\jphone.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\legend.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\MME.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\mozilla.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\netscape.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\nokia.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\openwave.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\opera.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\palm.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\panasonic.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\pie.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\webtv.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\winwap.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\Browsers\xiino.browser c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\DefaultWsdlHelpGenerator.aspx c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\machine.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\machine.config.comments c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\machine.config.default c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web.config.comments c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web.config.default c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_hightrust.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_hightrust.config.default c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_lowtrust.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_lowtrust.config.default c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_mediumtrust.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_mediumtrust.config.default c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_minimaltrust.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CONFIG\web_minimaltrust.config.default c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CORPerfMonExt.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CORPerfMonSymbols.h c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\corperfmonsymbols.ini c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\csc.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\csc.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\csc.rsp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\cscomp.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\cscompmgd.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Culture.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CustomMarshalers.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\cvtres.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\dfdll.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\dfsvc.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\diasymreader.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\dv_aspnetmmc.chm c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\EventLogMessages.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\fusion.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\gdiplus.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\IEExec.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ieexec.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\IEExecRemote.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\IEHost.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\IIEHost.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ilasm.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ilasm.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallCommon.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallMembership.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallPersistSqlState.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallPersonalization.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallProfile.SQL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallRoles.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallSqlState.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallSqlStateTemplate.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallUtil.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallUtilLib.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallWebEventSqlProvider.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ISymWrapper.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\jsc.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\jsc.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ksc.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Build.Engine.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Build.Framework.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Build.Tasks.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Build.Utilities.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Build.xsd c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Common.targets c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Common.Tasks c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.CSharp.targets c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.JScript.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.JScript.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.VisualBasic.Compatibility.Data.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.VisualBasic.Compatibility.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.VisualBasic.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.VisualBasic.targets c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.VisualBasic.Vsa.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.VisualC.Dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Vsa.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Vsa.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Vsa.Vb.CodeDOMProcessor.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\Microsoft_VsaVb.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MmcAspExt.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MSBuild.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\msbuild.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MSBuild.rsp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MSBuild\Microsoft.Build.Commontypes.xsd c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MSBuild\Microsoft.Build.Core.xsd c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscordacwks.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscordbc.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscordbi.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscoree.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorie.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorjit.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorld.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorlib.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorlib.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorpe.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorrc.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorsec.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorsn.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorsvc.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorsvw.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscortim.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorwks.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MUI\0409\mscorsecr.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ngen.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\normalization.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\normidna.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\normnfc.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\normnfd.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\normnfkc.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\normnfkd.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\PerfCounter.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\peverify.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\prc.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\prcp.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RedistList\FrameworkList.xml c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegAsm.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\regasm.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegSvcs.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\regsvcs.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\regtlibv12.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\sbscmp20_mscorlib.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\shfusion.chm c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\shfusion.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ShFusRes.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\sortkey.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\sorttbls.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\SOS.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\sysglobl.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.configuration.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Configuration.Install.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Data.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Data.OracleClient.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Data.SqlXml.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Deployment.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Design.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.DirectoryServices.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.DirectoryServices.Protocols.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Drawing.Design.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Drawing.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Drawing.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.EnterpriseServices.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.EnterpriseServices.Thunk.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.EnterpriseServices.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.EnterpriseServices.Wrapper.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Management.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Messaging.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Runtime.Remoting.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Runtime.Serialization.Formatters.Soap.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Security.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.ServiceProcess.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Transactions.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Web.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Web.Mobile.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Web.RegularExpressions.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Web.Services.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Web.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Windows.Forms.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.Windows.Forms.tlb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\System.XML.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\TLBREF.DLL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallCommon.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallMembership.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallPersistSqlState.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallPersonalization.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UnInstallProfile.SQL c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallRoles.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallSqlState.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallSqlStateTemplate.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\UninstallWebEventSqlProvider.sql c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\vbc.exe c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\vbc.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\vbc.rsp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\vsavb7.olb c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\VsaVb7rt.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\webengine.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\WMINet_Utils.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\xjis.nlp c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\XPThemes.manifest c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\v1.0.3705\mscormmc.cfg c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\RegisteredPackages\{D5D40355-5FB0-48fb-A231-CDC637FA16E0}\NETFXMigration.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\RegisteredPackages\{D5D40355-5FB0-48fb-A231-CDC637FA16E0}\NETFXUSA.CAT c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\RegisteredPackages\{D5D40355-5FB0-48fb-A231-CDC637FA16E0}\NETFXUSA.INF c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\dfshim.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\mscoree.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\mscorier.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\mscories.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\MUI\0409\mscorees.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\netfxperf.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\WBEM\wbemDC.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\WBEM\Wmidcad.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\System\WBEM\wmiutils.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1025.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1028.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1031.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1033.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1036.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1040.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1041.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_1042.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_2052.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\INF\AER_3082.ADM c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\system32\msvcm80.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\system32\msvcp80.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\system32\msvcr80.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\winsxs\92rg91xw.1p4\msvcm80.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\winsxs\92rg91xw.1p4\msvcp80.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\winsxs\92rg91xw.1p4\msvcr80.dll c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2.cat c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2.manifest c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.1433.cat c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.1433.policy c:\windows.0\Install.txt c:\windows.0\system32\afisicx.exe c:\windows.0\system32\comsa32.sys c:\windows.0\system32\mabidwe.exe c:\windows.0\system32\msnfoed.exe c:\windows.0\system32\noytcyr.exe c:\windows.0\system32\roytctm.exe c:\windows.0\system32\soxpeca.exe c:\windows.0\system32\tdydowkc.exe c:\windows.0\system32\tmp0_637450579860.bk c:\windows.0\system32\tpszxyd.sys c:\windows.0\system32\udxfytw.sys c:\windows.0\system32\wsldoekd.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFISICX -------\Legacy_MABIDWE -------\Legacy_MCHINJDRV -------\Legacy_NOYTCYR -------\Legacy_ROYTCTM -------\Legacy_SOXPECA -------\Legacy_TDYDOWKC -------\Legacy_WSLDOEKD -------\Service_afisicx -------\Service_mabidwe -------\Service_mchInjDrv -------\Service_noytcyr -------\Service_roytctm -------\Service_soxpeca -------\Service_tdydowkc -------\Service_wsldoekd ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 )))))))))))))))))))))))))))))))))))) . 2008-12-01 16:31 . 2008-12-01 16:31 <REP> d--h----- c:\windows.0\system32\GroupPolicy 2008-12-01 13:52 . 2008-12-01 16:50 69 --a------ c:\windows.0\NeroDigital.ini 2008-12-01 12:52 . 2008-12-01 13:22 <REP> d-------- c:\documents and settings\BaPoR\Application Data\vlc 2008-11-30 21:04 . 2008-11-30 21:04 <REP> d-------- c:\program files\Veetle 2008-11-30 21:04 . 2008-11-30 21:05 48,396 --a------ c:\windows.0\UninstVeetleTVPlayer.exe 2008-11-30 19:29 . 2008-11-30 19:29 <REP> d-------- c:\windows.0\ERUNT 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Voisinage réseau 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Voisinage d'impression 2008-11-30 19:27 . 2008-10-07 03:03 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Modèles 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Mes documents 2008-11-30 19:27 . 2008-10-07 04:58 <REP> dr------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Menu Démarrer 2008-11-30 19:27 . 2008-10-07 03:08 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Favoris 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Bureau 2008-11-30 19:27 . 2008-12-02 02:30 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0 2008-11-30 19:20 . 2008-11-30 19:59 <REP> d-------- C:\SDFix 2008-11-28 16:53 . 2004-03-02 16:37 125,184 --------- c:\windows.0\system32\drivers\imagesrv.sys 2008-11-28 16:53 . 2004-03-02 16:37 5,504 --------- c:\windows.0\system32\drivers\imagedrv.sys 2008-11-28 16:52 . 2008-11-28 16:52 <REP> d-------- c:\program files\Fichiers communs\Ahead 2008-11-28 16:52 . 2004-07-26 16:16 1,568,768 --------- c:\windows.0\system32\ImagX7.dll 2008-11-28 16:52 . 2004-07-26 16:16 476,320 --------- c:\windows.0\system32\ImagXpr7.dll 2008-11-28 16:52 . 2004-07-26 16:16 471,040 --------- c:\windows.0\system32\ImagXRA7.dll 2008-11-28 16:52 . 2004-07-26 16:16 262,144 --------- c:\windows.0\system32\ImagXR7.dll 2008-11-28 16:52 . 2001-07-09 10:50 155,648 --a------ c:\windows.0\system32\NeroCheck.exe 2008-11-28 16:52 . 2000-06-26 10:45 106,496 --a------ c:\windows.0\system32\TwnLib20.dll 2008-11-25 01:14 . 2008-11-30 13:10 604 --a------ c:\windows.0\wininit.ini 2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-11-24 23:56 . 2008-11-24 23:56 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2008-11-24 23:55 . 2008-11-30 12:47 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy 2008-11-24 00:20 . 2008-08-30 19:48 102,664 --a------ c:\windows.0\system32\drivers\tmcomm.sys 2008-11-22 01:06 . 2008-11-22 01:06 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Malwarebytes 2008-11-22 01:06 . 2008-11-22 01:06 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes 2008-11-22 01:06 . 2008-10-22 16:10 38,496 --a------ c:\windows.0\system32\drivers\mbamswissarmy.sys 2008-11-22 01:06 . 2008-10-22 16:10 15,504 --a------ c:\windows.0\system32\drivers\mbam.sys 2008-11-20 15:35 . 2008-11-29 12:28 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Hamachi 2008-11-20 15:30 . 2008-11-20 15:33 25,544 --a------ c:\windows.0\system32\drivers\hamachi.sys 2008-11-19 23:43 . 2008-11-19 23:43 <REP> d-------- c:\program files\Fichiers communs\Creative Labs Shared 2008-11-19 23:43 . 2008-12-02 02:32 54,568 --a------ c:\windows.0\system32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx 2008-11-19 23:43 . 2008-12-02 02:32 54,568 --a------ c:\windows.0\system32\BMXState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx 2008-11-19 23:43 . 2008-12-02 02:32 788 --a------ c:\windows.0\system32\DVCState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx 2008-11-11 18:55 . 2007-01-01 00:00 60,273 --a------ c:\windows.0\system32\pthreadGC2.dll 2008-11-11 18:55 . 2007-12-15 16:11 7,680 --a------ c:\windows.0\system32\ff_vfw.dll 2008-11-11 18:55 . 2007-01-01 00:00 547 --a------ c:\windows.0\system32\ff_vfw.dll.manifest 2008-11-03 16:48 . 2008-11-03 16:48 <REP> d--h----- c:\windows.0\PIF . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-02 01:27 --------- d-----w c:\documents and settings\BaPoR\Application Data\Free Download Manager 2008-12-01 15:51 --------- d-----w c:\documents and settings\BaPoR\Application Data\dvdcss 2008-12-01 14:56 --------- d-----w c:\documents and settings\BaPoR\Application Data\Azureus 2008-11-25 22:12 98,304 ----a-w c:\windows.0\system32\CmdLineExt.dll 2008-11-22 00:23 544 ----a-w c:\program files\cvhx.txt 2008-11-20 14:35 --------- d-----w c:\documents and settings\BaPoR\Application Data\Hamachi-Backup 2008-11-19 22:43 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-19 22:42 413,696 ----a-w c:\windows.0\system32\wrap_oal.dll 2008-11-19 22:42 110,592 ----a-w c:\windows.0\system32\OpenAL32.dll 2008-11-19 22:42 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Creative 2008-11-02 19:50 --------- d-----w c:\documents and settings\BaPoR\Application Data\Red Alert 3 2008-11-01 14:03 7,130 ----a-w c:\windows.0\system32\ealregsnapshot1.reg 2008-10-31 21:56 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Blizzard 2008-10-31 19:41 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2008-10-27 09:04 70,992 ----a-w c:\windows.0\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows.0\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows.0\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows.0\system32\X3DAudio1_5.dll 2008-10-25 10:10 410,976 ----a-w c:\windows.0\system32\deploytk.dll 2008-10-25 10:10 --------- d-----w c:\program files\Java 2008-10-24 14:24 2,829 ----a-w c:\windows.0\War3Unin.pif 2008-10-24 14:24 139,264 ----a-w c:\windows.0\War3Unin.exe 2008-10-17 15:17 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-10-17 10:45 --------- d-----w c:\program files\MSXML 4.0 2008-10-15 17:42 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft Help 2008-10-15 17:41 --------- d-----w c:\program files\MSBuild 2008-10-15 17:41 --------- d-----w c:\program files\Microsoft.NET 2008-10-15 17:41 --------- d-----w c:\program files\Microsoft Works 2008-10-15 17:39 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-10-15 17:31 639,224 ----a-w c:\windows.0\system32\drivers\sptd.sys 2008-10-10 15:41 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-10-10 11:03 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-10 11:02 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Nokia 2008-10-10 10:57 --------- d-----w c:\program files\Nokia 2008-10-10 10:57 --------- d-----w c:\program files\MSXML 6.0 2008-10-10 10:56 --------- d-----w c:\program files\Fichiers communs\Nokia 2008-10-10 10:53 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Installations 2008-10-10 03:52 452,440 ----a-w c:\windows.0\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows.0\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows.0\system32\D3DCompiler_40.dll 2008-10-09 09:33 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\FreeDownloadManager.ORG 2008-10-08 22:31 --------- d-----w c:\program files\Creative 2008-10-08 22:27 --------- d--h--w c:\program files\Creative Installation Information 2008-10-08 22:27 --------- d-----w c:\program files\Fichiers communs\Creative 2008-10-08 20:18 --------- d-----w c:\program files\Logitech 2008-10-08 20:18 --------- d-----w c:\program files\Fichiers communs\Logitech 2008-10-07 10:56 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\PC Suite 2008-10-07 10:55 --------- d-----w c:\documents and settings\BaPoR\Application Data\Nokia 2008-10-07 10:53 --------- d-----w c:\program files\PC Connectivity Solution 2008-10-07 10:53 --------- d-----w c:\program files\Fichiers communs\PCSuite 2008-10-07 10:53 --------- d-----w c:\program files\DIFX 2008-10-07 10:53 --------- d-----w c:\documents and settings\BaPoR\Application Data\PC Suite 2008-10-07 09:28 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Messenger Plus! 2008-10-07 09:23 --------- d-----w c:\program files\OpenAL 2008-10-07 09:22 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\LogiShrd 2008-10-07 09:21 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-10-07 09:21 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-10-07 09:20 0 ---ha-w c:\windows.0\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-07 09:20 --------- d-----w c:\program files\Fichiers communs\Logishrd 2008-10-07 09:20 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Logitech 2008-10-07 02:04 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-07 01:44 --------- d-----w c:\program files\microsoft frontpage 2008-10-07 01:43 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-07 01:43 --------- d-----w c:\program files\Fichiers communs\Java 2008-10-07 01:41 --------- d-----w c:\program files\Services en ligne 2008-10-06 23:09 --------- d-----w c:\program files\MessengerPlus! 3 2008-10-06 23:02 --------- d-----w c:\program files\MSN Messenger 2008-10-06 21:58 307,968 ----a-w c:\windows.0\system32\TuneUpDefragService.exe 2008-10-06 21:58 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\TuneUp Software 2008-10-06 21:55 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Azureus 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Media Player Classic 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Logitech 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\IGN_DLM 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Acreon 2008-10-06 21:20 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\ATI 2008-10-06 21:19 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-10-06 21:19 --------- d-----w c:\program files\ATI Technologies 2008-10-06 20:41 --------- d-----w c:\program files\VIA 2008-09-18 20:11 19,104 ----a-w c:\documents and settings\BaPoR\Application Data\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- 2008-04-29 19:34 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows.0\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-01_21.48.15.40 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-01 12:17:50 32,768 --sha-w c:\windows.0\system32\config\systemprofile\Cookies\index.dat + 2008-12-01 21:30:59 32,768 --sha-w c:\windows.0\system32\config\systemprofile\Cookies\index.dat - 2008-12-01 12:17:50 32,768 --sha-w c:\windows.0\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-01 21:30:59 32,768 --sha-w c:\windows.0\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-12-01 21:30:59 98,304 --sha-w c:\windows.0\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-01 20:58:09 60,928 ----a-w c:\windows.0\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T7AXN450\msusc[1].bin + 2008-12-02 01:34:16 16,384 ----atw c:\windows.0\Temp\Perflib_Perfdata_670.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360] "SuperCopier2.exe"="g:\logiciel\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-07 190024] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Free Download Manager"="g:\logiciel\Free Download Manager\fdm.exe" [2008-05-20 2474031] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-25 136600] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-07 190024] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880] "Adobe Reader Speed Launcher"="g:\logiciel\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows.0\KHALMNPR.Exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 c:\windows.0\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\BaPoR\Menu D‚marrer\Programmes\D‚marrage\ WinBar.lnk - g:\logiciel\WinBar\WinBar.exe [2008-06-10 188928] c:\documents and settings\All Users.WINDOWS.0\Menu D‚marrer\Programmes\D‚marrage\ Logitech SetPoint.lnk - g:\logiciel\Logitech\SetPoint\SetPoint.exe [2008-06-10 805392] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DAEMON Tools"="g:\logiciel\DAEMON Tools\daemon.exe" -lang 1033 "NSLauncher"=c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisablePagingExecutive"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "g:\\Logiciel\\Azureus\\Azureus.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 videX32;videX32;c:\windows.0\system32\DRIVERS\videX32.sys [2008-10-06 9216] R2 CTAudSvcService;Creative Audio Service;c:\program files\Creative\Shared Files\CTAudSvc.exe [2008-11-19 417792] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe" [2008-11-19 79360] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows.0\system32\drivers\nmwcdnsu.sys [2008-10-10 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows.0\system32\drivers\nmwcdnsuc.sys [2008-10-10 8320] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - MCHINJDRV . Contenu du dossier 'Tâches planifiées' 2008-12-02 c:\windows.0\Tasks\1-Click Maintenance.job - g:\logiciel\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\ FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Veetle\plugins\npVeetle.dll FF -: plugin - c:\windows\system32\Adobe\Director\np32dsw.dll FF -: plugin - g:\logiciel\DivX\DivX Web Player\npdivx32.dll FF -: plugin - g:\logiciel\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - g:\logiciel\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\np32dsw.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\NPAdbESD.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npdivx32.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npnul32.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\NPOFF12.DLL FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\nppdf32.dll FF -: plugin - g:\logiciel\Reader 8.0\Reader\browser\nppdf32.dll FF -: plugin - g:\logiciel\Reader 9.0\Reader\browser\nppdf32.dll FF -: plugin - g:\logiciel\Real Alternative\browser\plugins\nppl3260.dll FF -: plugin - g:\logiciel\Real Alternative\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-02 02:34:09 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\BaPoR\LOCALS~1\Temp\mc22.tmp" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows.0\system32\Ati2evxx.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows.0\system32\ati2evxx.exe c:\windows.0\system32\ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows.0\system32\CTxfispi.exe c:\progra~1\MSNMES~1\msnmsgr.exe c:\windows.0\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows.0\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-12-02 2:35:06 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-02 01:35:03 ComboFix2.txt 2008-12-01 20:48:52 Avant-CF: 54 237 753 344 octets libres Après-CF: 54,174,601,216 octets libres 764

Apres ce coup de combofix, les processus avaient disparu au demarrage mais sont revenus au bout de 10 mns. Toujours infecte donc et toujours ces bruits de click

1) As-tu des problèmes sur un site en particulier ? Si oui, lequel ? Non 2) Quel navigateur utilises-tu (Internet Explorer, FireFox, ...) ? Firefox ComboFix 08-12-01.01 - BaPoR 2008-12-01 21:44:34.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1582 [GMT 1:00] Lancé depuis: c:\documents and settings\BaPoR\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows.0\Install.txt c:\windows.0\system32\afisicx.exe c:\windows.0\system32\comsa32.sys c:\windows.0\system32\mabidwe.exe c:\windows.0\system32\noytcyr.exe c:\windows.0\system32\roytctm.exe c:\windows.0\system32\soxpeca.exe c:\windows.0\system32\tdydowkc.exe c:\windows.0\system32\tpszxyd.sys c:\windows.0\system32\udxfytw.sys c:\windows.0\system32\wsldoekd.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFISICX -------\Legacy_MABIDWE -------\Legacy_NOYTCYR -------\Legacy_ROYTCTM -------\Legacy_SOXPECA -------\Legacy_TDYDOWKC -------\Legacy_WSLDOEKD -------\Service_afisicx -------\Service_mabidwe -------\Service_noytcyr -------\Service_poof -------\Service_roytctm -------\Service_soxpeca -------\Service_tdydowkc -------\Service_wsldoekd ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 )))))))))))))))))))))))))))))))))))) . 2008-12-01 16:31 . 2008-12-01 16:31 <REP> d--h----- c:\windows.0\system32\GroupPolicy 2008-12-01 13:52 . 2008-12-01 16:50 69 --a------ c:\windows.0\NeroDigital.ini 2008-12-01 12:52 . 2008-12-01 13:22 <REP> d-------- c:\documents and settings\BaPoR\Application Data\vlc 2008-12-01 01:34 . 2008-12-01 19:28 60,928 --a------ c:\windows.0\system32\msnfoed.exe 2008-11-30 21:04 . 2008-11-30 21:04 <REP> d-------- c:\program files\Veetle 2008-11-30 21:04 . 2008-11-30 21:05 48,396 --a------ c:\windows.0\UninstVeetleTVPlayer.exe 2008-11-30 19:29 . 2008-11-30 19:29 <REP> d-------- c:\windows.0\ERUNT 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Voisinage réseau 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Voisinage d'impression 2008-11-30 19:27 . 2008-10-07 03:03 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Modèles 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Mes documents 2008-11-30 19:27 . 2008-10-07 04:58 <REP> dr------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Menu Démarrer 2008-11-30 19:27 . 2008-10-07 03:08 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Favoris 2008-11-30 19:27 . 2008-10-07 04:58 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Bureau 2008-11-30 19:27 . 2008-10-07 03:08 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp 2008-11-30 19:27 . 2008-11-30 19:28 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0 2008-11-30 19:20 . 2008-11-30 19:59 <REP> d-------- C:\SDFix 2008-11-28 16:53 . 2004-03-02 16:37 125,184 --------- c:\windows.0\system32\drivers\imagesrv.sys 2008-11-28 16:53 . 2004-03-02 16:37 5,504 --------- c:\windows.0\system32\drivers\imagedrv.sys 2008-11-28 16:52 . 2008-11-28 16:52 <REP> d-------- c:\program files\Fichiers communs\Ahead 2008-11-28 16:52 . 2004-07-26 16:16 1,568,768 --------- c:\windows.0\system32\ImagX7.dll 2008-11-28 16:52 . 2004-07-26 16:16 476,320 --------- c:\windows.0\system32\ImagXpr7.dll 2008-11-28 16:52 . 2004-07-26 16:16 471,040 --------- c:\windows.0\system32\ImagXRA7.dll 2008-11-28 16:52 . 2004-07-26 16:16 262,144 --------- c:\windows.0\system32\ImagXR7.dll 2008-11-28 16:52 . 2001-07-09 10:50 155,648 --a------ c:\windows.0\system32\NeroCheck.exe 2008-11-28 16:52 . 2000-06-26 10:45 106,496 --a------ c:\windows.0\system32\TwnLib20.dll 2008-11-25 01:14 . 2008-11-30 13:10 604 --a------ c:\windows.0\wininit.ini 2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-11-24 23:56 . 2008-11-24 23:56 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2008-11-24 23:55 . 2008-11-30 12:47 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy 2008-11-24 00:20 . 2008-08-30 19:48 102,664 --a------ c:\windows.0\system32\drivers\tmcomm.sys 2008-11-22 01:06 . 2008-11-22 01:06 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Malwarebytes 2008-11-22 01:06 . 2008-11-22 01:06 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes 2008-11-22 01:06 . 2008-10-22 16:10 38,496 --a------ c:\windows.0\system32\drivers\mbamswissarmy.sys 2008-11-22 01:06 . 2008-10-22 16:10 15,504 --a------ c:\windows.0\system32\drivers\mbam.sys 2008-11-20 15:35 . 2008-11-29 12:28 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Hamachi 2008-11-20 15:30 . 2008-11-20 15:33 25,544 --a------ c:\windows.0\system32\drivers\hamachi.sys 2008-11-19 23:43 . 2008-11-19 23:43 <REP> d-------- c:\program files\Fichiers communs\Creative Labs Shared 2008-11-19 23:43 . 2008-12-01 21:46 54,568 --a------ c:\windows.0\system32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx 2008-11-19 23:43 . 2008-12-01 21:46 54,568 --a------ c:\windows.0\system32\BMXState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx 2008-11-19 23:43 . 2008-12-01 21:46 788 --a------ c:\windows.0\system32\DVCState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx 2008-11-11 18:55 . 2007-01-01 00:00 60,273 --a------ c:\windows.0\system32\pthreadGC2.dll 2008-11-11 18:55 . 2007-12-15 16:11 7,680 --a------ c:\windows.0\system32\ff_vfw.dll 2008-11-11 18:55 . 2007-01-01 00:00 547 --a------ c:\windows.0\system32\ff_vfw.dll.manifest 2008-11-03 16:48 . 2008-11-03 16:48 <REP> d--h----- c:\windows.0\PIF 2008-11-01 15:07 . 2008-11-02 20:50 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Red Alert 3 2008-11-01 15:03 . 2008-11-01 15:03 7,130 --a------ c:\windows.0\system32\ealregsnapshot1.reg 2008-11-01 14:35 . 2008-11-01 14:35 <REP> d-------- c:\windows.0\Logs 2008-11-01 14:35 . 2008-05-30 14:11 3,850,760 --a------ c:\windows.0\system32\D3DX9_38.dll 2008-11-01 14:35 . 2007-07-19 18:14 3,727,720 --a------ c:\windows.0\system32\d3dx9_35.dll 2008-11-01 14:35 . 2008-05-30 14:11 1,491,992 --a------ c:\windows.0\system32\D3DCompiler_38.dll 2008-11-01 14:35 . 2007-07-19 18:14 1,358,192 --a------ c:\windows.0\system32\D3DCompiler_35.dll 2008-11-01 14:35 . 2008-05-30 14:11 467,984 --a------ c:\windows.0\system32\d3dx10_38.dll 2008-11-01 14:35 . 2007-07-19 18:14 444,776 --a------ c:\windows.0\system32\d3dx10_35.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-01 20:45 --------- d-----w c:\documents and settings\BaPoR\Application Data\Free Download Manager 2008-12-01 15:51 --------- d-----w c:\documents and settings\BaPoR\Application Data\dvdcss 2008-12-01 14:56 --------- d-----w c:\documents and settings\BaPoR\Application Data\Azureus 2008-11-25 22:12 98,304 ----a-w c:\windows.0\system32\CmdLineExt.dll 2008-11-22 00:23 544 ----a-w c:\program files\cvhx.txt 2008-11-20 14:35 --------- d-----w c:\documents and settings\BaPoR\Application Data\Hamachi-Backup 2008-11-19 22:43 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-19 22:42 413,696 ----a-w c:\windows.0\system32\wrap_oal.dll 2008-11-19 22:42 110,592 ----a-w c:\windows.0\system32\OpenAL32.dll 2008-11-19 22:42 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Creative 2008-10-31 21:56 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Blizzard 2008-10-31 19:41 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2008-10-27 09:04 70,992 ----a-w c:\windows.0\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows.0\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows.0\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows.0\system32\X3DAudio1_5.dll 2008-10-25 10:10 410,976 ----a-w c:\windows.0\system32\deploytk.dll 2008-10-25 10:10 --------- d-----w c:\program files\Java 2008-10-24 14:24 2,829 ----a-w c:\windows.0\War3Unin.pif 2008-10-24 14:24 139,264 ----a-w c:\windows.0\War3Unin.exe 2008-10-17 15:17 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-10-17 10:45 --------- d-----w c:\program files\MSXML 4.0 2008-10-15 17:42 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft Help 2008-10-15 17:41 --------- d-----w c:\program files\MSBuild 2008-10-15 17:41 --------- d-----w c:\program files\Microsoft.NET 2008-10-15 17:41 --------- d-----w c:\program files\Microsoft Works 2008-10-15 17:39 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-10-15 17:31 639,224 ----a-w c:\windows.0\system32\drivers\sptd.sys 2008-10-10 15:41 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-10-10 11:03 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-10 11:02 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Nokia 2008-10-10 10:57 --------- d-----w c:\program files\Nokia 2008-10-10 10:57 --------- d-----w c:\program files\MSXML 6.0 2008-10-10 10:56 --------- d-----w c:\program files\Fichiers communs\Nokia 2008-10-10 10:53 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Installations 2008-10-10 03:52 452,440 ----a-w c:\windows.0\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows.0\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows.0\system32\D3DCompiler_40.dll 2008-10-09 09:33 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\FreeDownloadManager.ORG 2008-10-08 22:31 --------- d-----w c:\program files\Creative 2008-10-08 22:27 --------- d--h--w c:\program files\Creative Installation Information 2008-10-08 22:27 --------- d-----w c:\program files\Fichiers communs\Creative 2008-10-08 20:18 --------- d-----w c:\program files\Logitech 2008-10-08 20:18 --------- d-----w c:\program files\Fichiers communs\Logitech 2008-10-07 10:56 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\PC Suite 2008-10-07 10:55 --------- d-----w c:\documents and settings\BaPoR\Application Data\Nokia 2008-10-07 10:53 --------- d-----w c:\program files\PC Connectivity Solution 2008-10-07 10:53 --------- d-----w c:\program files\Fichiers communs\PCSuite 2008-10-07 10:53 --------- d-----w c:\program files\DIFX 2008-10-07 10:53 --------- d-----w c:\documents and settings\BaPoR\Application Data\PC Suite 2008-10-07 09:28 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Messenger Plus! 2008-10-07 09:23 --------- d-----w c:\program files\OpenAL 2008-10-07 09:22 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\LogiShrd 2008-10-07 09:21 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-10-07 09:21 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-10-07 09:20 0 ---ha-w c:\windows.0\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-07 09:20 --------- d-----w c:\program files\Fichiers communs\Logishrd 2008-10-07 09:20 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Logitech 2008-10-07 02:04 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-07 01:44 --------- d-----w c:\program files\microsoft frontpage 2008-10-07 01:43 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-07 01:43 --------- d-----w c:\program files\Fichiers communs\Java 2008-10-07 01:41 --------- d-----w c:\program files\Services en ligne 2008-10-06 23:09 --------- d-----w c:\program files\MessengerPlus! 3 2008-10-06 23:02 --------- d-----w c:\program files\MSN Messenger 2008-10-06 21:58 307,968 ----a-w c:\windows.0\system32\TuneUpDefragService.exe 2008-10-06 21:58 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\TuneUp Software 2008-10-06 21:55 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Azureus 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Media Player Classic 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Logitech 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\IGN_DLM 2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Acreon 2008-10-06 21:20 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\ATI 2008-10-06 21:19 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-10-06 21:19 --------- d-----w c:\program files\ATI Technologies 2008-10-06 20:41 --------- d-----w c:\program files\VIA 2008-09-18 20:11 19,104 ----a-w c:\documents and settings\BaPoR\Application Data\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- 2008-04-29 19:34 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows.0\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360] "SuperCopier2.exe"="g:\logiciel\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-07 190024] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Free Download Manager"="g:\logiciel\Free Download Manager\fdm.exe" [2008-05-20 2474031] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-25 136600] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-07 190024] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880] "Adobe Reader Speed Launcher"="g:\logiciel\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows.0\KHALMNPR.Exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 c:\windows.0\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\BaPoR\Menu D‚marrer\Programmes\D‚marrage\ WinBar.lnk - g:\logiciel\WinBar\WinBar.exe [2008-06-10 188928] c:\documents and settings\All Users.WINDOWS.0\Menu D‚marrer\Programmes\D‚marrage\ Logitech SetPoint.lnk - g:\logiciel\Logitech\SetPoint\SetPoint.exe [2008-06-10 805392] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DAEMON Tools"="g:\logiciel\DAEMON Tools\daemon.exe" -lang 1033 "NSLauncher"=c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisablePagingExecutive"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "g:\\Logiciel\\Azureus\\Azureus.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 videX32;videX32;c:\windows.0\system32\DRIVERS\videX32.sys [2008-10-06 9216] R2 CTAudSvcService;Creative Audio Service;c:\program files\Creative\Shared Files\CTAudSvc.exe [2008-11-19 417792] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe" [2008-11-19 79360] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows.0\system32\drivers\nmwcdnsu.sys [2008-10-10 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows.0\system32\drivers\nmwcdnsuc.sys [2008-10-10 8320] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2008-12-01 c:\windows.0\Tasks\1-Click Maintenance.job - g:\logiciel\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\ FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Veetle\plugins\npVeetle.dll FF -: plugin - c:\windows\system32\Adobe\Director\np32dsw.dll FF -: plugin - g:\logiciel\DivX\DivX Web Player\npdivx32.dll FF -: plugin - g:\logiciel\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - g:\logiciel\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\np32dsw.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\NPAdbESD.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npdivx32.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npnul32.dll FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\NPOFF12.DLL FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\nppdf32.dll FF -: plugin - g:\logiciel\Reader 8.0\Reader\browser\nppdf32.dll FF -: plugin - g:\logiciel\Reader 9.0\Reader\browser\nppdf32.dll FF -: plugin - g:\logiciel\Real Alternative\browser\plugins\nppl3260.dll FF -: plugin - g:\logiciel\Real Alternative\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-01 21:47:49 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\BaPoR\LOCALS~1\Temp\mc22.tmp" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows.0\system32\Ati2evxx.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows.0\system32\ati2evxx.exe c:\windows.0\system32\ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows.0\system32\CTxfispi.exe c:\progra~1\MSNMES~1\msnmsgr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows.0\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe c:\windows.0\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-12-01 21:48:51 - La machine a redémarré [baPoR] ComboFix-quarantined-files.txt 2008-12-01 20:48:49 Avant-CF: 54,277,980,160 octets libres Après-CF: 54,275,776,512 octets libres 309

...