Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Plantage régulier de on PC

mitemat

Par mitemat
dans Analyses et éradication malwares

 Partager

Messages recommandés

mitemat Member

mitemat

Posté(e)
  • Auteur
Posté(e)

merci pour le suivi...

 

voila le résultat :

 

DiagHelp version v1.1 - http://www.malekal.com

excute le 28/05/2007 à 17:20:53,89

 

 

Liste des derniers fichies modifies/crees dans windir\system32

C:\WINDOWS\System32/drivers\tmcomm.sys -->28/05/2007 13:30:30

C:\WINDOWS\System32/drivers\ssmdrv.sys -->26/04/2007 07:29:08

C:\WINDOWS\System32/drivers\avipbb.sys -->26/04/2007 07:29:08

C:\WINDOWS\System32/drivers\ntfs.sys -->09/02/2007 13:10:35

C:\WINDOWS\System32/drivers\sptd.sys -->27/01/2007 16:13:13

C:\WINDOWS\System32/drivers\AvgAsCln.sys -->05/09/2006 18:03:16

C:\WINDOWS\System32/drivers\fltmgr.sys -->21/08/2006 11:14:58

 

C:\WINDOWS\System32\wpa.dbl -->28/05/2007 16:57:55

C:\WINDOWS\System32\vsconfig.xml -->28/05/2007 16:57:43

C:\WINDOWS\System32\nvapps.xml -->28/05/2007 16:56:59

C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000008-40021102}.rfx -->28/05/2007 16:01:18

C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000008-40021102}.rfx -->28/05/2007 16:01:18

C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000008-40021102}.rfx -->28/05/2007 16:01:18

C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000008-40021102}.rfx -->28/05/2007 16:01:18

C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000008-40021102}.rfx -->28/05/2007 16:01:18

C:\WINDOWS\System32\FNTCACHE.DAT -->28/05/2007 12:18:37

C:\WINDOWS\System32\CmdLineExt03.dll -->27/05/2007 20:15:13

C:\WINDOWS\System32\MRT.exe -->27/04/2007 22:45:12

C:\WINDOWS\System32\msi.dll -->18/04/2007 18:14:18

C:\WINDOWS\System32\zllictbl.dat -->16/04/2007 09:03:25

C:\WINDOWS\System32\PerfStringBackup.INI -->25/03/2007 09:11:30

C:\WINDOWS\System32\perfh00C.dat -->25/03/2007 09:11:30

C:\WINDOWS\System32\perfh009.dat -->25/03/2007 09:11:30

C:\WINDOWS\System32\perfc00C.dat -->25/03/2007 09:11:30

C:\WINDOWS\System32\perfc009.dat -->25/03/2007 09:11:30

C:\WINDOWS\System32\winsrv.dll -->17/03/2007 15:44:47

C:\WINDOWS\System32\xpsp3res.dll -->09/03/2007 12:24:03

C:\WINDOWS\System32\vsutil_loc040c.dll -->09/03/2007 00:03:04

C:\WINDOWS\System32\vsdatant.sys -->09/03/2007 00:02:10

C:\WINDOWS\System32\zpeng24.dll -->09/03/2007 00:01:42

C:\WINDOWS\System32\zlcommdb.dll -->09/03/2007 00:01:32

C:\WINDOWS\System32\zlcomm.dll -->09/03/2007 00:01:30

 

C:\WINDOWS\1-wlancfg.log -->28/05/2007 16:58:48

C:\WINDOWS.log -->28/05/2007 16:57:36

C:\WINDOWS\wiadebug.log -->28/05/2007 16:57:03

C:\WINDOWS\wiaservc.log -->28/05/2007 16:57:02

C:\WINDOWS\SchedLgU.Txt -->28/05/2007 16:56:47

C:\WINDOWS\bootstat.dat -->28/05/2007 16:56:46

C:\WINDOWS\ntbtlog.txt -->28/05/2007 16:08:14

C:\WINDOWS\WindowsUpdate.log -->28/05/2007 16:00:58

C:\WINDOWS\d3dx.dat -->24/05/2007 13:18:43

C:\WINDOWS\hpinfo.lnk -->26/03/2007 18:16:05

C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt -->01/03/2007 19:24:07

C:\WINDOWS\Sti_Trace.log -->04/02/2007 20:26:01

C:\WINDOWS\system.ini -->04/12/2006 15:35:05

C:\WINDOWS\NeroDigital.ini -->04/08/2006 09:03:07

C:\WINDOWS\kit.ini -->29/07/2006 19:51:44

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\WINDOWS\system

 

10/09/1999 13:06 4 672 WOWPOST.EXE

1 fichier(s) 4 672 octets

0 Rép(s) 55 631 417 344 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\WINDOWS\system32

 

20/08/2004 01:09 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 55 631 417 344 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

31/07/2006 22:42 <REP> .

31/07/2006 22:42 <REP> ..

08/09/2004 18:24 65 desktop.ini

07/06/2006 11:09 1 249 erma.inf

10/04/2000 18:12 1 765 fhg.inf

15/10/2004 08:59 110 592 PURfr-xx.dll

4 fichier(s) 113 671 octets

 

Total des fichiers listés :

4 fichier(s) 113 671 octets

2 Rép(s) 55 631 413 248 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Disabled:Age of Empires II"

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"

"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Disabled:Half-Life Launcher"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"

"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Disabled:NAVBrowser"

"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Disabled:SoulSeek Client"

"C:\\Documents and Settings\\matiungming\\Bureau\\slsk.exe"="C:\\Documents and Settings\\matiungming\\Bureau\\slsk.exe:*:Disabled:SoulSeek Client"

"C:\\Program Files\\Starcraft\\starcraft.exe"="C:\\Program Files\\Starcraft\\starcraft.exe:*:Disabled:Starcraft"

"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Disabled:TrueVector Service"

"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Disabled:Warcraft III"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"

"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\\WINDOWS\\AppPatch\\explorer.exe"="C:\\WINDOWS\\AppPatch\\explorer.exe:*:Enabled:Explorer"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"C:\\WINDOWS\\AppPatch\\explorer.exe"="C:\\WINDOWS\\AppPatch\\explorer.exe:*:Enabled:Explorer"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

Rechercher adresses sensibles dans le fichier HOSTS...

 

 

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-28 17:21:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

204 - avgas.exe

232 - ctfmon.exe

456 - sched.exe

496 - avguard.exe

572 - guard.exe

708 - mdm.exe

820 - nvsvc32.exe

976 - csrss.exe

1000 - winlogon.exe

1044 - services.exe

1064 - lsass.exe

1268 - svchost.exe

1308 - svchost.exe

1388 - vsmon.exe

1424 - svchost.exe

1452 - svchost.exe

1744 - WLANCFG.EXE

1832 - explorer.exe

1980 - rundll32.exe

2004 - zlclient.exe

2012 - AGRSMMSG.exe

2032 - avgnt.exe

2576 - alg.exe

3712 - Maxthon.exe

3868 - cmd.exe

 

Total number of processes = 26

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntoskrnl.exe

806FD000 - \WINDOWS\system32\hal.dll

F7B2E000 - \WINDOWS\system32\KDCOM.DLL

F7A3E000 - \WINDOWS\system32\BOOTVID.dll

F7536000 - sptd.sys

F7B30000 - \WINDOWS\System32\Drivers\WMILIB.SYS

F751E000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

F74EF000 - ACPI.sys

F74DE000 - pci.sys

F762E000 - isapnp.sys

F763E000 - ohci1394.sys

F764E000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS

F7BF6000 - pciide.sys

F78AE000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

F765E000 - MountMgr.sys

F74BF000 - ftdisk.sys

F78B6000 - PartMgr.sys

F766E000 - VolSnap.sys

F74A7000 - atapi.sys

F7495000 - viaraid.sys

F7483000 - viamraid.sys

F767E000 - disk.sys

F768E000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

F7463000 - fltmgr.sys

F7451000 - sr.sys

F78BE000 - PxHelp20.sys

F743A000 - KSecDD.sys

F73AD000 - Ntfs.sys

F7380000 - NDIS.sys

F736C000 - srescan.sys

F7B32000 - prosync1.sys

F7354000 - prohlp02.sys

F7339000 - Mup.sys

F6A5B000 - \SystemRoot\system32\DRIVERS\tunmp.sys

F77AE000 - \SystemRoot\System32\DRIVERS\intelppm.sys

F603B000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys

F6027000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

F6003000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys

F7A26000 - \SystemRoot\System32\DRIVERS\usbuhci.sys

F5FE0000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS

F7A2E000 - \SystemRoot\System32\DRIVERS\usbehci.sys

F5EAA000 - \SystemRoot\System32\DRIVERS\AGRSM.sys

F7A36000 - \SystemRoot\System32\Drivers\Modem.SYS

F5E47000 - \SystemRoot\system32\drivers\ctaud2k.sys

F5E23000 - \SystemRoot\system32\drivers\portcls.sys

F77BE000 - \SystemRoot\system32\drivers\drmk.sys

F5E00000 - \SystemRoot\system32\drivers\ks.sys

F5DD0000 - \SystemRoot\system32\drivers\ctoss2k.sys

F78CE000 - \SystemRoot\system32\drivers\ctprxy2k.sys

F77CE000 - \SystemRoot\System32\DRIVERS\nic1394.sys

F7906000 - \SystemRoot\System32\DRIVERS\RTL8139.SYS

F790E000 - \SystemRoot\System32\DRIVERS\fdc.sys

F5DBF000 - \SystemRoot\System32\DRIVERS\serial.sys

F7B02000 - \SystemRoot\System32\DRIVERS\serenum.sys

F5DAB000 - \SystemRoot\System32\DRIVERS\parport.sys

F77DE000 - \SystemRoot\System32\DRIVERS\i8042prt.sys

F7916000 - \SystemRoot\System32\DRIVERS\kbdclass.sys

F7B06000 - \SystemRoot\System32\Drivers\cdrbsvsd.SYS

F7B0A000 - \SystemRoot\system32\drivers\pfc.sys

F77EE000 - \SystemRoot\System32\DRIVERS\cdrom.sys

F77FE000 - \SystemRoot\System32\DRIVERS\redbook.sys

F791E000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys

F780E000 - \SystemRoot\System32\DRIVERS\imapi.sys

F7CBB000 - \SystemRoot\System32\DRIVERS\audstub.sys

F781E000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys

F7B16000 - \SystemRoot\System32\DRIVERS\ndistapi.sys

F5D94000 - \SystemRoot\System32\DRIVERS\ndiswan.sys

F782E000 - \SystemRoot\System32\DRIVERS\raspppoe.sys

F783E000 - \SystemRoot\System32\DRIVERS\raspptp.sys

F7926000 - \SystemRoot\System32\DRIVERS\TDI.SYS

F5D83000 - \SystemRoot\System32\DRIVERS\psched.sys

F784E000 - \SystemRoot\System32\DRIVERS\msgpc.sys

F792E000 - \SystemRoot\System32\DRIVERS\ptilink.sys

F7936000 - \SystemRoot\System32\DRIVERS\raspti.sys

F785E000 - \SystemRoot\System32\DRIVERS\termdd.sys

F793E000 - \SystemRoot\System32\DRIVERS\mouclass.sys

F7B7C000 - \SystemRoot\System32\DRIVERS\swenum.sys

F5D4F000 - \SystemRoot\System32\DRIVERS\update.sys

F7B26000 - \SystemRoot\System32\DRIVERS\mssmbios.sys

F7946000 - \SystemRoot\system32\DRIVERS\vsb.sys

F63E5000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F2EE1000 - \SystemRoot\system32\drivers\cmudax.sys

F277E000 - \SystemRoot\System32\DRIVERS\usbhub.sys

F7BC2000 - \SystemRoot\System32\DRIVERS\USBD.SYS

EDEB3000 - \SystemRoot\system32\drivers\ha10kx2k.sys

EDE88000 - \SystemRoot\system32\drivers\emupia2k.sys

EDA0E000 - \SystemRoot\system32\drivers\ctsfm2k.sys

ED974000 - \SystemRoot\system32\drivers\ctac32k.sys

F7BE6000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

EBB05000 - \SystemRoot\System32\Drivers\Null.SYS

F7BE8000 - \SystemRoot\System32\Drivers\Beep.SYS

EBAFD000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys

EB90F000 - \SystemRoot\System32\drivers\vga.sys

F7BEC000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7BEE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

EB907000 - \SystemRoot\System32\Drivers\Msfs.SYS

EB8FF000 - \SystemRoot\System32\Drivers\Npfs.SYS

F0A8E000 - \SystemRoot\System32\DRIVERS\rasacd.sys

EB009000 - \SystemRoot\System32\DRIVERS\ipsec.sys

F0178000 - \SystemRoot\System32\DRIVERS\tcpip.sys

F0150000 - \SystemRoot\System32\DRIVERS\netbt.sys

F012F000 - \SystemRoot\System32\DRIVERS\ipnat.sys

EBD2C000 - \SystemRoot\System32\DRIVERS\wanarp.sys

F00BF000 - \SystemRoot\system32\DRIVERS\tcpip6.sys

F0060000 - \SystemRoot\System32\vsdatant.sys

EB8F7000 - \SystemRoot\system32\drivers\ip6fw.sys

EBD1C000 - \SystemRoot\System32\DRIVERS\arp1394.sys

EFFE5000 - \SystemRoot\System32\drivers\afd.sys

EBCFC000 - \SystemRoot\System32\DRIVERS\netbios.sys

F69FC000 - \SystemRoot\System32\DRIVERS\rdbss.sys

EB9F9000 - \SystemRoot\System32\drivers\prodrv06.sys

F6984000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys

EB9E9000 - \SystemRoot\System32\Drivers\Fips.SYS

F7B36000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys

EBAD8000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

F7294000 - \SystemRoot\system32\DRIVERS\sis163u.sys

F00FF000 - \SystemRoot\System32\DRIVERS\hidusb.sys

F647E000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

F67DA000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS

F67D2000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS

F711F000 - \SystemRoot\System32\DRIVERS\mouhid.sys

EB1BA000 - \SystemRoot\System32\Drivers\Fastfat.SYS

EF75B000 - \SystemRoot\System32\Drivers\Cdfs.SYS

EB1A9000 - \SystemRoot\System32\Drivers\Udfs.SYS

EFE45000 - \SystemRoot\System32\Drivers\dump_diskdump.sys

EB197000 - \SystemRoot\System32\Drivers\dump_viamraid.sys

BF800000 - \SystemRoot\System32\win32k.sys

EFE31000 - \SystemRoot\System32\drivers\Dxapi.sys

EF90F000 - \SystemRoot\System32\watchdog.sys

BF9C3000 - \SystemRoot\System32\drivers\dxg.sys

F7D1D000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9D5000 - \SystemRoot\System32\nv4_disp.dll

EB11E000 - \SystemRoot\system32\DRIVERS\nwlnkipx.sys

F789E000 - \SystemRoot\system32\DRIVERS\nwlnknb.sys

EB109000 - \SystemRoot\system32\drivers\wdmaud.sys

F0C6C000 - \SystemRoot\system32\drivers\sysaudio.sys

EB08E000 - \SystemRoot\System32\DRIVERS\mrxdav.sys

F01D6000 - \SystemRoot\System32\Drivers\Nsynas32.SYS

F727A000 - \SystemRoot\System32\Drivers\ParVdm.SYS

F0107000 - \SystemRoot\System32\Drivers\ASPI32.SYS

EB6E4000 - \SystemRoot\System32\DRIVERS\srv.sys

EF6EB000 - \SystemRoot\system32\DRIVERS\nwlnkspx.sys

EB7CF000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys

EB7BD000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys

EBB8B000 - \SystemRoot\System32\Drivers\HTTP.sys

EBA09000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS

F05C2000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 147

 

Liste des programmes installes

 

802.11 USB Wireless LAN Adapter

Ableton Live v1.5

AC3Filter (remove only)

ACE Mega CoDecS Pack

Adobe Flash Player 9

Adobe Illustrator 10

Adobe Photoshop 7.0

Adobe Premiere Pro

Adobe Reader 7.0.9 - Français

Adobe SVG Viewer 3.0

Age of Empires III

Age of Empires III

Age of Empires III - The WarChiefs

Age of Empires III - The WarChiefs

Agere Systems PCI Soft Modem

Archiveur WinRAR

Audacity 1.2.3

AVG Anti-Spyware 7.5

AVIcodec (remove only)

Avira AntiVir PersonalEdition Classic

C-Media High Definition Audio Driver

CCleaner (remove only)

CleanUp!

Compel Adaptec WinASPI

Cubasis VST 4

DesignWorkshop Lite

Diablo II

DivX Video Duplicator

Dofus-Arena beta 13

Dofus 1.18.2

DVD Solution

E-MU Audio Drivers and E-MU 0404 Documentation

E-MU PatchMix DSP

EasyCleaner

eMule

eMusic - 50 Free MP3 offer

EPSON Copy Utility 3

EPSON Scan

EPSON Smart Panel

EVEREST Home Edition v2.20

Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP

FAST Defrag Freeware 2.04.0

Google Earth

HardwareDetection

HijackThis 2.0.0

hp deskjet 840c series (Supprimer uniquement)

J2SE Runtime Environment 5.0 Update 2

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_06

Java 2 SDK, SE v1.4.2_06

Kinoma Producer 1.1.2

LaCie Backup Software v1.5.2215

Le Centre de Contrôle de Licences de Syncrosoft

Lecteur Windows Media 10

Les Sims 2

Macromedia Flash Player

Maxthon

MiCôSystème

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft Office XP Professional avec FrontPage

MS Export

MSXML 4.0 SP2 (KB927978)

Music Visualizer Library 1.4.00

Nokia Connectivity Cable Driver

Nokia Connectivity Cable Driver

NVIDIA Drivers

OpenMG Limited Patch 3.1-02-08-23-01

OpenMG Limited Patch 3.1-02-08-26-01

OpenMG Secure Module 3.1

PC Card 802.11g OLITEC

Perf2480P_2580P Guide de réf.

PhotoImpression 5

PowerDVD

PowerProducer

QuickTime

QuickTime 3.0

RealPlayer

Reason

Room Arranger (remove only)

Satsuki Decoder Pack

ScanToWeb

SonicStage

SpywareBlaster v3.5.1

Stand O'Food

Steinberg Cubase SX v2.01

SuperCopier

Sven Co-op 3.0

SweetIM For Internet Explorer 3.0b

Tropico

Virtual Serial Port ActiveX Control

VobSub v2.23 (Remove Only)

WebFldrs XP

WinAce Archiver

Winamp (remove only)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Media Format Runtime

Windows XP Service Pack 2

ZoneAlarm Pro

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\Program Files

 

28/05/2007 15:57 <REP> .

28/05/2007 15:57 <REP> ..

14/08/2005 12:36 <REP> Ableton

24/02/2006 11:50 <REP> AC3Filter

01/02/2006 13:24 <REP> ACE Mega CoDecS Pack

14/08/2005 12:25 <REP> Adobe

27/05/2007 22:47 <REP> Alawar

15/01/2006 15:18 <REP> Alwil Software

28/05/2007 11:10 <REP> AntiVir PersonalEdition Classic

09/09/2006 19:10 <REP> Apperson

02/03/2005 18:25 <REP> ArcSoft

12/04/2007 21:37 <REP> Audacity

23/07/2006 13:12 <REP> AVIcodec

02/05/2007 20:19 <REP> BellesBeautyBoutique_at

02/05/2007 11:42 <REP> BFG

28/05/2007 13:25 <REP> bfgtoolbar

26/01/2007 23:31 <REP> Bullfrog

30/07/2006 09:46 <REP> CCleaner

24/02/2006 11:27 <REP> CleanUp!

08/09/2004 18:33 <REP> Common Files

08/09/2004 18:22 <REP> ComPlus Applications

04/03/2006 14:15 <REP> Creative

14/02/2006 10:26 <REP> Creative Professional

09/09/2004 13:02 <REP> CyberLink

14/04/2005 12:41 <REP> CyberLink DVD Solution

11/02/2007 10:18 <REP> DAEMON Tools

10/02/2007 10:59 <REP> DaemonTools_WhenUSave_Installer

29/01/2006 13:55 <REP> DaViDeo2

18/01/2007 11:41 <REP> DesignWorkshop Lite

27/05/2007 20:15 <REP> Diablo II

30/03/2005 11:58 <REP> directx

24/02/2006 11:52 <REP> DivX Video Duplicator

22/05/2007 09:01 <REP> Dofus

10/05/2007 09:48 <REP> Dofus-Arena

11/02/2007 11:48 <REP> EA GAMES

05/06/2006 17:12 <REP> Eltima Software

28/05/2007 10:56 <REP> eMule

12/06/2006 10:25 <REP> Enlight

02/03/2005 18:24 <REP> epson

28/05/2007 16:02 <REP> ewido anti-spyware 4.0

06/02/2007 19:16 <REP> FAST Defrag Freeware

10/02/2007 11:06 <REP> Fichiers communs

28/05/2007 12:26 <REP> Flower Shop Big City Break

24/02/2006 11:50 <REP> Gabest

28/05/2007 13:25 <REP> Google

28/05/2007 15:57 <REP> Grisoft

31/10/2006 20:14 <REP> HardwareDetection

26/03/2007 18:13 <REP> Hewlett-Packard

04/03/2006 14:04 <REP> HighMAT CD Writing Wizard

26/03/2007 18:16 <REP> hp deskjet 840c series

09/09/2004 11:42 <REP> Intel

10/05/2007 03:03 <REP> Internet Explorer

29/07/2006 18:39 <REP> Inventel

06/06/2006 20:48 <REP> Java

05/02/2006 13:32 <REP> JoWood

08/01/2006 14:38 <REP> Kinoma

03/11/2006 17:01 <REP> LaCie

31/10/2006 19:46 <REP> Lavalys

04/03/2007 13:53 <REP> Macrogaming

28/05/2007 13:32 <REP> Maxthon

18/01/2007 11:50 <REP> MiCô-Soft

08/09/2004 18:44 <REP> microsoft frontpage

03/11/2006 16:16 <REP> Microsoft Games

15/04/2005 16:38 <REP> Microsoft Office

15/04/2005 16:38 <REP> Microsoft Visual Studio

04/03/2006 14:33 <REP> Minnetonka Audio Software

21/12/2004 10:31 <REP> Movie Maker

06/03/2006 13:00 <REP> MSN

08/09/2004 18:21 <REP> MSN Gaming Zone

21/11/2006 04:01 <REP> MSXML 4.0

28/10/2006 10:23 <REP> Native Instruments

20/12/2004 11:12 <REP> NetMeeting

07/02/2006 19:35 <REP> NewASOfr

04/03/2006 14:13 <REP> NewSoft

03/03/2006 21:02 <REP> Nokia

09/06/2004 16:03 832 728 NPSWF32.dll

17/03/2006 11:16 <REP> OLITEC

17/12/2006 04:01 <REP> Outlook Express

11/10/2006 16:18 <REP> Outlook Messenger

12/04/2007 21:49 <REP> Propellerhead

15/05/2006 17:58 <REP> QuickTime

03/06/2006 13:25 <REP> Real

16/08/2005 15:41 <REP> Reason

24/05/2007 14:19 <REP> ReflexiveArcade

03/06/2006 13:24 <REP> RichFX

09/09/2006 18:58 <REP> Room Arranger

23/07/2006 13:17 <REP> Satsuki Decoder Pack

29/07/2006 09:43 <REP> Securitoo

08/09/2004 18:22 <REP> Services en ligne

15/10/2006 16:14 <REP> Shockwave.com

18/09/2006 16:51 <REP> SlySoft

02/03/2005 18:25 <REP> Smart Panel

14/08/2005 12:44 <REP> Sonic Foundry Setup

28/10/2006 10:12 <REP> Sony

18/06/2006 13:27 <REP> Sony Handheld

13/11/2005 20:09 <REP> Sony Setup

08/10/2006 16:30 <REP> Spybot - Search & Destroy

28/05/2007 13:24 <REP> SpywareBlaster

04/03/2006 20:22 <REP> Steinberg

04/03/2006 14:07 <REP> SuperCopier

30/03/2005 11:54 <REP> Syncrosoft

13/11/2005 20:17 <REP> temp

30/07/2006 16:02 <REP> ToniArts

28/07/2006 08:46 <REP> Tropico

23/10/2003 17:52 40 960 Uninstall_CDS.exe

18/06/2006 13:29 <REP> VSO

29/07/2006 19:51 <REP> Wanadoo

02/01/2005 18:43 <REP> WinAce

13/03/2006 17:52 <REP> Winamp

24/02/2006 11:49 <REP> WinASPI

04/03/2006 14:08 <REP> Windows Media Player

07/02/2006 19:41 <REP> Windows Messaging

20/12/2004 11:12 <REP> Windows NT

18/09/2006 16:41 <REP> WinRAR

08/09/2004 18:44 <REP> xerox

28/05/2007 12:26 <REP> Yahoo!

03/03/2006 23:25 <REP> Zone Labs

2 fichier(s) 873 688 octets

115 Rép(s) 55 626 362 880 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\Program Files\fichiers communs

 

10/02/2007 11:06 <REP> .

10/02/2007 11:06 <REP> ..

30/03/2005 12:32 <REP> Adobe

05/08/2006 08:08 <REP> Ahead

04/12/2006 14:40 <REP> BOONTY Shared

15/04/2005 16:38 <REP> Designer

29/07/2006 09:58 278 528 FDEUnInstaller.exe

18/12/2005 11:39 <REP> InstallShield

21/12/2004 11:57 <REP> Java

06/06/2006 19:47 <REP> Kaspersky Lab

30/07/2006 15:48 <REP> Microsoft Shared

08/09/2004 18:23 <REP> MSSoap

08/09/2004 19:17 <REP> ODBC

04/03/2006 15:18 <REP> Panda Software

03/06/2006 13:25 <REP> Real

08/09/2004 18:23 <REP> Services

30/03/2005 11:58 <REP> Sony Shared

08/09/2004 19:17 <REP> SpeechEngines

17/12/2006 04:01 <REP> System

03/06/2006 13:25 <REP> xing shared

1 fichier(s) 278 528 octets

19 Rép(s) 55 626 358 784 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

15/04/2005 16:39 <REP> .

15/04/2005 16:39 <REP> ..

15/03/2005 14:17 <REP> 1033

15/04/2005 16:35 <REP> 1036

15/02/2001 06:45 1 318 912 MSONSEXT.DLL

13/02/2001 08:23 58 784 MSOSV.DLL

03/06/1999 14:09 122 937 MSOWS409.DLL

07/03/2001 09:00 127 033 MSOWS40c.DLL

06/08/2000 09:04 401 462 MSVCP60.DLL

22/01/2001 03:25 69 632 PKMAXCTL.DLL

22/01/2001 03:25 872 448 PKMCDO.DLL

22/01/2001 03:25 159 744 PKMCORE.DLL

07/02/2001 09:59 106 496 PKMFORMS.DLL

12/02/2001 04:03 684 032 PKMRES.DLL

22/01/2001 03:25 28 672 PKMSSTLB.DLL

22/01/2001 03:25 40 960 PKMTEMPL.DLL

22/01/2001 03:25 24 576 PKMTRACE.DLL

22/01/2001 04:25 86 016 PKMWS.DLL

22/01/2001 03:25 237 568 PROMDEMO.DLL

22/01/2001 03:25 184 320 SECMGR.DLL

22/01/2001 03:25 323 584 VAIDDMGR.DLL

22/01/2001 03:25 32 768 VAIMEM.DLL

18 fichier(s) 4 879 944 octets

4 Rép(s) 55 626 358 784 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\Program Files\common files

 

08/09/2004 18:33 <REP> .

08/09/2004 18:33 <REP> ..

08/09/2004 18:38 <REP> System

0 fichier(s) 0 octets

3 Rép(s) 55 626 358 784 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2098-E2A5

 

Répertoire de C:\

 

12/05/2007 18:22 68 096 diff.exe

12/05/2007 18:22 103 424 grep.exe

2 fichier(s) 171 520 octets

0 Rép(s) 55 626 358 784 octets libres

c:\Documents and Settings\All Users\Documents\Winzip.exe

c:\Documents and Settings\All Users\Documents\nettoyage\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\All Users\Documents\nettoyage\blbeta.exe

c:\Documents and Settings\All Users\Documents\nettoyage\EClea2_0.exe

c:\Documents and Settings\All Users\Documents\nettoyage\HijackThis.exe

c:\Documents and Settings\All Users\Documents\Vieil ordi\setup.exe

c:\Documents and Settings\All Users\Documents\Vieil ordi\upg5a.exe

c:\Documents and Settings\All Users\Documents\Vieil ordi\WindowsXP-KB835935-SP2-FRA.exe

c:\Documents and Settings\matiungming\.housecall6.6\getMac.exe

c:\Documents and Settings\matiungming\.housecall6.6\patch.exe

c:\Documents and Settings\matiungming\.housecall6.6\tsc.exe

c:\Documents and Settings\matiungming\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe

c:\Documents and Settings\matiungming\Application Data\Microsoft\Installer\{6DD9963C-271A-4A14-82B0-4DC148C52E58}\ARPPRODUCTICON.exe

c:\Documents and Settings\matiungming\Application Data\Microsoft\Installer\{6DD9963C-271A-4A14-82B0-4DC148C52E58}\NewShortcut1_6DD9963C271A4A1482B04DC148C52E58_2.exe

c:\Documents and Settings\matiungming\Application Data\Microsoft\Installer\{6DD9963C-271A-4A14-82B0-4DC148C52E58}\NewShortcut2_6DD9963C271A4A1482B04DC148C52E58_2.exe

c:\Documents and Settings\matiungming\Application Data\Microsoft\Installer\{F6D63A65-BD23-46F3-B9A3-87F442423481}\ARPPRODUCTICON.exe

c:\Documents and Settings\matiungming\Bureau\840-fra-xp.exe

c:\Documents and Settings\matiungming\Bureau\audacity-win-1.2.3.exe

c:\Documents and Settings\matiungming\Bureau\fsblc.exe

c:\Documents and Settings\matiungming\Bureau\HiJackThis_v2.exe

c:\Documents and Settings\matiungming\Bureau\ReasonKEYGEN.EXE

c:\Documents and Settings\matiungming\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\matiungming\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\matiungming\Bureau\DVN-RE\re.exe

c:\Documents and Settings\matiungming\Bureau\DVN-RE\Restaurant Empire.exe

c:\Documents and Settings\matiungming\Bureau\DVN-RE\VSetting.exe

c:\Documents and Settings\matiungming\Bureau\Lisou\AUTOSET.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\Daemon tool.exe

c:\Documents and Settings\matiungming\Bureau\Lisou\DOS4GW.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\2_Diner Dash Setup Gh (Full Unlocked Cracked Deluxe Game) Not A Joke!(1)\DinerDash-SetUp-GH.exe

c:\Documents and Settings\matiungming\Bureau\Lisou\2_Diner Dash Setup Gh (Full Unlocked Cracked Deluxe Game) Not A Joke!(1)\Diner Dash - Full Version\DinerDashSetup.exe

c:\Documents and Settings\matiungming\Bureau\Lisou\briquett'\Pack_Vista_Inspirat_1.1.exe

c:\Documents and Settings\matiungming\Bureau\Lisou\DOSSETUP\DOS4GW.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\DOSSETUP\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\DOSSETUP\SOUND\SETSOUND.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\HOSP\DOS4GW.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\HOSP\HOSPITAL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\HOSP\WINMAIN.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\HOSP\SOUND\DOS4GW.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\HOSP\SOUND\MSSW95.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\HOSP\SOUND\SETSOUND.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\HOSP\SOUND\MIDI\MIDIFORM.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-227-thospital\theme hospital\theme hospital\DOS4GW.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-227-thospital\theme hospital\theme hospital\HOSPITAL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-227-thospital\theme hospital\theme hospital\SOUND\DOS4GW.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-227-thospital\theme hospital\theme hospital\SOUND\MSSW95.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-227-thospital\theme hospital\theme hospital\SOUND\SETSOUND.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-227-thospital\theme hospital\theme hospital\SOUND\MIDI\MIDIFORM.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-227-thospital\theme hospital\theme hospital\THWIN\HOSPITAL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-74-Croisiere_Cadavre\DELPHINE\DELPHINE\CR256\DELPHINE.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-74-Croisiere_Cadavre\DELPHINE\DELPHINE\CR256\DISK1.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\jeu-74-Croisiere_Cadavre\DELPHINE\DELPHINE\CR256\INSTALL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\lisou\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\matiungming\Bureau\Lisou\REDIST\INSTDX.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\REDIST\DIRECTX\DDHELP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\REDIST\DIRECTX\DXSETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\REDIST\DIRECTX\DRVSNEC\DISPLAY\BIN\NECGMMUT.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\Stand.O.Food.v1.09-RG-koolman2007\StandOFood_1660.exe

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\ENGLISH\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\ENGLISH\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\ENGLISH\UNINST.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\FRENCH\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\FRENCH\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\FRENCH\UNINST.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\GERMAN\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\GERMAN\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\GERMAN\UNINST.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\ITALIAN\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\ITALIAN\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\ITALIAN\UNINST.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\SPANISH\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\SPANISH\UNINST.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\SWEDISH\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\SWEDISH\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\Lisou\WINSETUP\SWEDISH\UNINST.EXE

c:\Documents and Settings\matiungming\Bureau\plan\_ISDEL.EXE

c:\Documents and Settings\matiungming\Bureau\plan\DesignWorkshop_Lite-Win.exe

c:\Documents and Settings\matiungming\Bureau\plan\SETUP.EXE

c:\Documents and Settings\matiungming\Bureau\plans\Setup.Exe

c:\Documents and Settings\matiungming\Bureau\SDFix\catchme.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\cliptext.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\download.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\LS.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\MD5File.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\moveex.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\Process.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\RegDACL.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\RestartIt!.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\sc.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\SF.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\shutdown.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\swreg.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\swsc.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\unzip.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\zip.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\Replace\W2K.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\apps\Replace\XP.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\backups\attrib.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\backups\find.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\backups\findstr.exe

c:\Documents and Settings\matiungming\Bureau\SDFix\backups\regedit.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\eauninstall.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\Crack\Sims2SP2.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\Support\EasyInfo.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\Support\EReg.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\Support\The Sims 2 Glamour Life Stuff_code.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\Support\The Sims 2 Glamour Life Stuff_uninst.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\TSBin\Sims2SP2.exe

c:\Documents and Settings\matiungming\Bureau\sims\académie\TSBin\TS2UPD.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\AutoRun.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\eauninstall.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\setup.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\CSBin\PackageInstaller.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\CSBin\TS2BodyShop.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\DirectX\dxsetup.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\Support\EasyInfo.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\Support\EReg.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\Support\The Sims 2_code.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\Support\The Sims 2_uninst.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\TSBin\First15.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD1\VP6\vp6install.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD2\RunGame.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD3\RunGame.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\CD4\RunGame.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\fichiers à copier coller\Patch Sin Censura [www.elmejorwarez.org].exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\fichiers à copier coller\Sims2.exe

c:\Documents and Settings\matiungming\Bureau\sims\siiiims\fichiers à copier coller\The Sims2-NUDE-Patch_4-MONEY-REL__GameFreak.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\autorun.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\hpzglu04.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\setup.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\fra\nt4\Disk1\setup.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\fra\nt4\Disk1\nt4\hpfinstx.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\fra\nt4\Disk1\nt4\hpfldr.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\fra\nt4\Disk1\nt4\hpfsplsh.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\util\common\hpfpdi04.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\util\common\hpzghl04.exe

c:\Documents and Settings\matiungming\Bureau\win2k_xp\util\common\hpzpin04.exe

c:\Documents and Settings\matiungming\Local Settings\Temporary Internet Files\Content.IE5\K9MNCPQ3\HiJackThis_v2[1].exe

c:\Documents and Settings\matiungming\Mes documents\AVIcodec_1.2_b110.exe

c:\Documents and Settings\matiungming\Mes documents\daemon403-x86.exe

c:\Documents and Settings\matiungming\Mes documents\google-earth_google_earth_4.0.1693_beta_francais_14783.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\ccleaner-crap-cleaner_ccleaner_crap_cleaner_1.31.325_francais_14492.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Satsuki.Decoder.Pack.3.1.0.4.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\Adobe After Effects 5.5\instmsia.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\Adobe After Effects 5.5\instmsiw.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\Adobe After Effects 5.5\Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\illustrator 10 fr +crack\Ilusstrator10fr_Up7-crk.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\illustrator 10 fr +crack\Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PhotoShop 7 Fr\_ISDel.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PhotoShop 7 Fr\keygen.Exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PhotoShop 7 Fr\Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\Video Converter 3.1.3.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\Adobe Premiere Pro v7.0\AutoPlay.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\Adobe Premiere Pro v7.0\Adobe Reader 6.0\AdbeRdr60_fra_full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\Adobe Premiere Pro v7.0\Premiere Pro\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\Adobe Premiere Pro v7.0\Premiere Pro\DirectX9\dxsetup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\Adobe Premiere Pro v7.0\Premiere Pro\WMF\wmfdist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\Adobe Premiere Pro v7.0\Produits tiers\2d3 SteadyMove\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\AntiVirus7fr.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\AntySpyware7int.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\Internet Anonyme Pro\Steganos internet internet anomym pro 715.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\Securitysuitev7.1.3\keygen.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\Securitysuitev7.1.3\Stegano Security Suite 7int.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\STEGANOS Destructeur de traces 7.5 FR Full 2\STEGANOS Destructeur de traces 7.5 FR Full\itd7int.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\STEGANOS Destructeur de traces 7.5 FR Full 2\STEGANOS Destructeur de traces 7.5 FR Full\Keygen Internet Trace Destructor 7.0.5\keygen.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\Steganos Internet Anonym Pro v7.0.4 + Internet Trace Destructor + Security Suite = Full\itd7int.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\Steganos Internet Anonym Pro v7.0.4 + Internet Trace Destructor + Security Suite = Full\safe7int.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\Steganos Internet Anonym Pro v7.0.4 + Internet Trace Destructor + Security Suite = Full\siapro7int.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Image\PremierePro\STEGANOS\Steganos Internet Anonym Pro v7.0.4 + Internet Trace Destructor + Security Suite = Full\sss7int.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\install logiciels divers\splus_install.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Archiveur-decompresseur\WinRAR 3.20\wrar320fr.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Archiveur-decompresseur\WinRAR 3.20\WinRAR-3.20-crack\Crack.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Audacity\audacity.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\audiograbber\audiograbber.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\audiograbber\uninstall.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Convertisseur fichier audio\dBpowerAMC\dBpowerAMP-r2.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Convertisseur fichier audio\dBpowerAMC\dMC-r11\dBpowerAMP-codec-ogg.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Convertisseur fichier audio\dBpowerAMC\dMC-r11\dBpowerAMP-codec-wmav91.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Convertisseur fichier audio\dBpowerAMC\dMC-r11\dBpowerAMP-OggVorbis-CLI.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Convertisseur fichier audio\dBpowerAMC\dMC-r11\dMC-r11.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Convertisseur fichier audio\dBpowerAMC\dMC-r9\dMC-PowerPack.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Audio\Convertisseur fichier audio\dBpowerAMC\dMC-r9\dMC-r9.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Babylon Pro 5.0\bab_ttsf (moteur vocal).exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Babylon Pro 5.0\babylon50_setup_eng_fre.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\CopySys.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\install.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\acrobat\ar505fra.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Codecs\505-codec-silent.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Codecs\XviD.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Modules\ac3filter_0_68b.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Modules\Compel WinAspi.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Modules\DVobSub_2.23.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Modules\extrememm_1.2.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Modules\mmswitch.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Modules\Avery\French\Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Divx Video Duplicator 2\setup\Modules\Avery\French\App\designp.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Explorateur de fichiers\acdsee-500-win-fr.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graphique_Photos\fotoslate-20-win-fr.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graphique_Photos\Anti yeux rouges\redeye.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graphique_Photos\PhotoFiltre\pf-setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graphique_Photos\Visualisation graphique\TeeChartOffice.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graveurs\Clone CD 4\SetupCloneCD.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graveurs\Clone DVD\SetupCloneDVD.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graveurs\Nero\Nero serie 6\Keygen.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graveurs\Nero\Nero serie 6\Nero 6606\NBR6606FRA (patch langue).exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Graveurs\Nero\Nero serie 6\Nero 6606\nero6606.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Nettoyage\CleanUp312.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Nettoyage\FastDefrag2.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Nettoyage\Defrag Registre\NTREGOPT.EXE

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Nettoyage\jv16 Power Tool 1.4\jv16pt_setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Nettoyage\Nettoyeur IE History\iehv.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Pilotes et Utilitaires pour XP\Optimisation_System_ PC\SuperCopier135.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\winamp501_full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\ableton\CrcCheck.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\ableton\Install.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\ableton\pdxlivekgv15.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\ableton\pdx-wartro.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\ableton\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Autorun.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Acrobat Reader\Deu\AdbeRdr60_deu_full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Acrobat Reader\Eng\AdbeRdr60_enu_full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Acrobat Reader\Esp\AdbeRdr60_esp_full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Acrobat Reader\Fra\AdbeRdr60_fra_full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Acrobat Reader\Ita\AdbeRdr60_ita_full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Copy Protection Driver\SyncrosoftLicenseControlSetup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Product Demos\WaveLab-5.00a-Demo\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Product Demos\XPhraze\Setup_Xphraze_demo.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Product Demos\Zero-X Beat Quantizer 1.1 30-day Demo\Zero-X Beat Quantizer 1.1 30-day Demo Setup.EXE

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Additional Content\Product Information\Videos\Wavelab5_Projector.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Cubase SX 3.01.514 Update and Crack\Cubasesx3.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Cubase SX 3.01.514 Update and Crack\Update_Cubase_SX_3.01.514.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\DirectX 9.0c\Deu\directx_9c_redist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\DirectX 9.0c\Eng\directx_9c_redist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\DirectX 9.0c\Esp\directx_9c_redist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\DirectX 9.0c\Fra\directx_9c_redist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\DirectX 9.0c\Ita\directx_9c_redist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\DirectX 9.0c\Jpn\directx_9c_redist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\HTML Help\hhupd.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\QuickTime\Deu\QuickTimeFullInstaller.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\QuickTime\Eng\QuickTimeFullInstaller.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\QuickTime\Esp\QuickTimeFullInstaller.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\QuickTime\Fra\QuickTimeFullInstaller.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\QuickTime\Ita\QuickTimeFullInstaller.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Cubase SX3.01\Steinberg Cubase SX3 v3.01.514\Installer Data\QuickTime\Jpn\QuickTimeFullInstaller.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\lE BON Steinberg.Cubase.SX.v3.1.1.944-H2O\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Native Traktor\Native Instruments Traktor DJ Studio 2.5.1 Full + Crack [eltentaculo.com]\Native Instruments Traktor DJ Studio 2.5.1 Full.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Native Traktor\Native Instruments Traktor DJ Studio 2.5.1 Full + Crack [eltentaculo.com]\Traktor DJ Studio 2.5.1 crack (serial + no-cd protection).exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\[sound Forge Plugins # DirectX] Waves-Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\driver\EWS88_App_Drv_WDM_5.40.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\[sound Forge Plugins # DirectX] Waves-Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Pack_de_traduction.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Cakewalk Audio FX2 v1.0\setupfx2.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Cakewalk Audio FX3 v1.0\setupfx3.EXE

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\DivX\DivX Player\DivX Player.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\DivX\DivX Pro Codec\config.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\DivX\DivX Pro Codec Adware\config.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\DivX\DivX Pro Codec Adware\DivX EKG.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Edirol\Edirol.HQ.Orchestral.VSTi.DXi.v1.01-ArCTiC\Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Loudness Maximizer [1.2]\loudness.EXE

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\OhmBoyz.Frohmage.v1.0.DX-di0ne\frohmage_dx.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Ohmforce.Hematohm.DX.PRO.v1.0-Paradox\pdxofhdx.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Ohmforce.MobilOhm.SE.DX.v1.0-PARADOX\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Ohmforce.Ohmboyz.DX.PRO.v1.20-Paradox\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Ohmforce.Predatohm.DX.PRO-Paradox\setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Prosonic Mixciter\Setup mixCiter.EXE

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Prosonic Piwarp 1\Setup_PIWarp.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Steinberg DeClicker v1.21 working\setupdcl.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Steinberg Denoiser v1.51\denoiser.EXE

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Steinberg FreeFilter v1.0\ffsetup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\plugs\Plugs\Steinberg Quadrafuzz v1.0\setupqfz.EXE

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\pro tools\pro toollsfree.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\pro tools\ptf guide.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\pro tools\soundcheck.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Autorun.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Setup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Copy Protection Driver\SyncrosoftLicenseControlSetup.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Installer Data\DirectX 9.0c\Eng\directx_9c_redist.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Installer Data\HTML Help\hhupd.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Installer Data\QuickTime\Eng\QuickTimeFullInstaller.exe

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Sound Forge\soundforge60_bld132.exe

c:\Documents and Settings\matiungming\Mes documents\nettoyage\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\matiungming\Mes documents\nettoyage\blbeta.exe

c:\Documents and Settings\matiungming\Mes documents\nettoyage\EClea2_0.exe

c:\Documents and Settings\matiungming\Mes documents\nettoyage\HijackThis.exe

c:\Documents and Settings\matiungming\Mes documents\PcSetup\everest_everest_2.20_francais_12281.exe

c:\Documents and Settings\matiungming\Mes documents\Pinces Amusettes\.Trashes\501\anim\menu+son.exe

c:\Documents and Settings\matiungming\Mes documents\sécurité\spybotsd14.exe

c:\Documents and Settings\matiungming\Mes documents\sécurité\spywareblastersetup351.exe

c:\Documents and Settings\matiungming\Mes documents\sécurité\zapSetup_65_725_000_fr.exe

c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll

c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_45af1818\LicTest\avwinll.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\autopan.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\autopole.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\choirus.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\choirus2.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\chopper2.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\distortion.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\espacial.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\fuzzbox.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\karlette.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\metalizer2.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\midicomb.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\mysterizer.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\phatsync.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\reverb.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\reverb32.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\ringmod.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\scopion.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\stereoecho.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\stereowizard.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\subbass.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\tranceformer2.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Effects\wunderverb3.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Instruments\cs40.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Instruments\jx16.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Instruments\neon.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Instruments\lm-9\lm-9.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Additional Content\Additional Cubase VST PlugIns\Instruments\Universal Sound Module\universal sound module.dll

c:\Documents and Settings\matiungming\Mes documents\Logiciels\Son\Qbase SX 3\Cubase sx 3 full Application (needs serial)\Cubase sx 3\Crack\dongle.dll

 

****** Fin du rapport DiagHelp

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Re

 

 

 

Télécharge ATF Cleaner par Atribune.

 

 

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

 

Si tu utilises le navigateur Firefox :

  • Clique Firefox au haut et choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

  • Clique Opera au haut et choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

Ensuite tente un scan en ligne ici pour voir stp :

 

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

Ensuite tu utilise la version beta de hijackthis juste au cas ou fait ceci :

 

- Télécharge HijackThis de Merijn sur ton bureau.

http://www.merijn.org/files/hijackthis.zip

 

- Génère un rapport en suivant ces indications :

- Double-clic sur hijackthis.exe

- Exécute le et clique sur Do a scan and save log file.

- Le rapport s'ouvre sur leBloc-Note

- Colle le rapport ici, pour cela :

- Menu Edition / Selectionner Tout

- Menu Edition / copier

- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HijackThis -

http://www.malekal.com/tutorial_HijackThis.html

 

Renomme hijackthis comme ceci => mitemat.exe

 

Et refait un rapport stp

 

A plus.

mitemat Member

mitemat

Posté(e)
  • Auteur
Posté(e)

re

 

apparemment il y a un problème, kapersky ne veut pas se lancer c'est peut etre lié au controle active X d'après ce que je lis sur le tutorial mais on ne me propose pas de l'installer

mitemat Member

mitemat

Posté(e)
  • Auteur
Posté(e)

bon, même problème avec le scan en ligne de Kapersky ca plante sérieux avant la fin...

j'en ai marre

j'ai refait un rapport quand même

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:54:22, on 28/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\SYSTEM32\GEARSEC.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Maxthon\Maxthon.exe

C:\Documents and Settings\matiungming\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7167EE97-5A25-4996-AA4B-717322814063}: NameServer = 80.10.246.1,80.10.246.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{B7E0D1E6-0D54-4687-85EB-39DAC6934BC4}: NameServer = 192.168.1.1

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

mitemat Member

mitemat

Posté(e)
  • Auteur
Posté(e)

le rappport avec hijack renommé :

:P

 

Logfile of HijackThis v1.99.1

Scan saved at 23:11:12, on 28/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\SYSTEM32\GEARSEC.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Maxthon\Maxthon.exe

C:\Documents and Settings\matiungming\Bureau\mitemat.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7167EE97-5A25-4996-AA4B-717322814063}: NameServer = 80.10.246.1,80.10.246.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{B7E0D1E6-0D54-4687-85EB-39DAC6934BC4}: NameServer = 192.168.1.1

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Salut !

 

Voici ce que tu vas faire stp :

 

Télécharge Gmer ici :

http://gmer.net/gmer110.zip

 

Ensuite du decompresse l'archive et tu clique sur l'icone Gmer

 

Clique sur l'onglet Rootkit

Vérifie que tout soit coché à droite :

  1. System
  2. Devices
  3. Proceses
  4. Libraries
  5. Modules
  6. Services
  7. Registry
  8. Files

Ensuite clique sur scan et laisse le faire son travail.

 

A la fin du scan clique sur copy

Dans ton prochain message fais clique droit/copier

 

Télécharge SREng (par Smallfrogs) de ce lien:

http://www.kztechs.com/eng/download.html

 

Extrais tout son contenu sur ton Bureau

Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil

Clique sur Smart Scan

Ensuite, clique sur le bouton [scan]

 

Lorsque complété, clique sur le bouton [save Reports]

Sauvegarde le rapport sur ton Bureau

Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

 

Ps : si tu refait un autre scan copie au fur et à mesure à la main si il faut le nom des infections trouvées ou le nom et le chemin des fichiers.

Ou en essayant de faire une copie d'écran :P

 

Tout les moyens sont bon :P

 

A plus.

mitemat Member

mitemat

Posté(e)
  • Auteur
Posté(e)

bonjour régis

et toujours Merci !!

 

Voilà le rapport sren dans un premier temps :

 

2007-05-29,18:51:15

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
<SetDefaultMIDI><MIDIDef.exe>  [Creative Technology Ltd]
<WOOKIT><C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SchedulingAgent><mstinit.exe /firstlogon>  [(Verified)Microsoft Windows Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
<nwiz><nwiz.exe /install>  [NVIDIA Corporation]
<Raccourci vers la page des propriétés de High Definition Audio><HDAudPropShortcut.exe>  [(Verified)Microsoft Windows XP Publisher]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
<CTHelper><CTHELPER.EXE>  [Creative Technology Ltd]
<Zone Labs Client><C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe>  [(Verified)Check Point Software Technologies Ltd.]
<AGRSMMSG><AGRSMMSG.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
<avgnt><"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min>  [Avira GmbH]
<HPDJ Taskbar Utility><C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe">  [(Verified)Check Point Software Technologies Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Lancement rapide d'Adobe Reader]
 <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Microsoft Office]
 <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>

==================================
Services
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start]
 <C:\Program Files\AntiVir PersonalEdition Classic\sched.exe><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService][Running/Auto Start]
 <C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe><Avira GmbH>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
 <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
 <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
 <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Boonty Games / Boonty Games][Stopped/Manual Start]
 <"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"><BOONTY>
[GEARSecurity / GEARSecurity][Running/Auto Start]
 <SYSTEM32\GEARSEC.EXE><GEAR Software>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
 <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
 <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Machine Debug Manager / MDM][Running/Auto Start]
 <"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
 <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
 <C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe><Sony Corporation>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
 <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>
[Service de lancement de WlanCfg / Wlancfg][Running/Auto Start]
 <C:\Program Files\Inventel\Gateway\wlancfg.exe SVC><Inventel>

==================================
Drivers
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
 <System32\DRIVERS\AGRSM.sys><Agere Systems>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
 <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
 <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[avgio / avgio][Running/System Start]
 <\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Running/Manual Start]
 <\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
[C-Media High Definition Audio Interface / cmudax][Running/Manual Start]
 <system32\drivers\cmudax.sys><C-Media Inc>
[Coach Digital Camera on USB / CoachUsb][Stopped/Manual Start]
 <system32\DRIVERS\CoachUsb.sys><FotoNation Ltd.>
[Coach Video Capture / CoachVc][Stopped/Manual Start]
 <system32\DRIVERS\CoachVc.sys><Accapella Ltd.>
[Panda Anti-Dialer / ComFiltr][Stopped/Manual Start]
 <\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys><N/A>
[Creative AC3 Software Decoder / ctac32k][Running/Manual Start]
 <system32\drivers\ctac32k.sys><Creative Technology Ltd>
[Creative Audio Driver (WDM) / ctaud2k][Running/Manual Start]
 <system32\drivers\ctaud2k.sys><Creative Technology Ltd>
[Creative Proxy Driver / ctprxy2k][Running/Manual Start]
 <system32\drivers\ctprxy2k.sys><Creative Technology Ltd>
[Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start]
 <system32\drivers\ctsfm2k.sys><Creative Technology Ltd>
[driverhardwarev2 / driverhardwarev2][Stopped/Manual Start]
 <\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys><N/A>
[dtscsi / dtscsi][Stopped/Manual Start]
 <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[E-mu Plug-in Architecture Driver / emupia][Running/Manual Start]
 <system32\drivers\emupia2k.sys><Creative Technology Ltd>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
 <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Creative Hardware Abstract Layer Driver / ha10kx2k][Running/Manual Start]
 <system32\drivers\ha10kx2k.sys><Creative Technology Ltd>
[Pilote de fonction Microsoft UAA pour Service High Definition Audio / HdAudAddService][Stopped/Manual Start]
 <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start]
 <System32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[nv / nv][Running/Manual Start]
 <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Creative OS Services Driver / ossrv][Running/Manual Start]
 <system32\drivers\ctoss2k.sys><Creative Technology Ltd.>
[PalmUSBD / PalmUSBD][Stopped/Manual Start]
 <system32\drivers\PalmUSBD.sys><Palm, Inc.>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
 <\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
 <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Low level access layer for CD devices / Pcouffin][Stopped/Manual Start]
 <System32\Drivers\Pcouffin.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
 <system32\drivers\pfc.sys><Padus, Inc.>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
 <\SystemRoot\System32\drivers\prodrv06.sys><StarForce Technologies, Inc.>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
 <\SystemRoot\System32\drivers\prohlp02.sys><StarForce Technologies, Inc.>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
 <\SystemRoot\System32\drivers\prosync1.sys><StarForce Technologies, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
 <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
 <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[OLITEC 513V2 - PC Card 802.11g Driver / RT2500][Stopped/Manual Start]
 <system32\DRIVERS\RT2500.sys><Ralink Technology Inc.>
[Hercules Wireless USB Dongle Driver / RT2500USB][Stopped/Manual Start]
 <system32\DRIVERS\rt2500usb.sys><N/A>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Running/Manual Start]
 <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SANDRA / SANDRA][Stopped/Manual Start]
 <\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\Sandra.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
 <System32\DRIVERS\secdrv.sys><N/A>
[SiS163 USB Wireless LAN Adapter Driver / SIS163u][Running/Manual Start]
 <system32\DRIVERS\sis163u.sys><Silicon Integrated Systems Corp.>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
 <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
 <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[srescan / srescan][Running/Boot Start]
 <\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[tmcomm / tmcomm][Running/Auto Start]
 <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[vaxscsi / vaxscsi][Stopped/Manual Start]
 <\SystemRoot\System32\Drivers\vaxscsi.sys><Alcohol Soft Co., Ltd.>
[viamraid / viamraid][Running/Boot Start]
 <\SystemRoot\System32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[viaraid / viaraid][Running/Boot Start]
 <\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[Virtual Serial Bus Enumerator / vsbus][Running/Manual Start]
 <system32\DRIVERS\vsb.sys><ELTIMA Software>
[vsdatant / vsdatant][Running/System Start]
 <System32\vsdatant.sys><Zone Labs, LLC>
[ELTIMA Virtual Serial Ports Driver / vserial][Stopped/Manual Start]
 <System32\DRIVERS\vserial.sys><ELTIMA Software>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
 <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SWEETIE Class]
 {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} <C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll, Macrogaming>
[BFGTOOLBAR]
 {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} <C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL, Big Fish Games, Inc.						 >
[Java Plug-in 1.5.0_06]
 {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Messenger]
 {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
[SweetIM For Internet Explorer]
 {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} <C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll, Macrogaming>
[BFGTOOLBAR]
 {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} <C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL, Big Fish Games, Inc.						 >
[CKAVWebScan Object]
 {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[YInstStarter Class]
 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[Java Plug-in 1.5.0_06]
 {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
 {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Adobe PDF Reader Link Helper]
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SWEETIE Class]
 {1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A} <C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll, Macrogaming>
[BFGTOOLBAR]
 {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} <C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL, Big Fish Games, Inc.						 >
[SweetIM For Internet Explorer]
 {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} <C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll, Macrogaming>
[Shockwave Flash Object]
 {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[E&xporter vers Microsoft Excel]
 <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 684][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][\??\C:\WINDOWS\SYSTEM32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\SYSTEM32\WgaLogon.dll]  [Microsoft Corporation, 1.5.0540.0]
[C:\WINDOWS\SYSTEM32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1040][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1200][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1416][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1444][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1496][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpzlnt04.dll]  [HP, 2,80,0,0]
[PID: 1832][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\ctagent.dll]  [Creative Technology Ltd, 1, 0, 0, 11]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[C:\Program Files\WinAce\arcext.dll]  [e-merge GmbH, 2.5.1.0]
[C:\Program Files\WinAce\acev2.dll]  [ACE Compression Software, 2.5.0.0]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
[C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll]  [Avira GmbH, 7.00.00.10]
[C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7090]
[C:\WINDOWS\system32\NVRSFR.DLL]  [NVIDIA Corporation, 6.14.10.7090]
[C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10020]
[C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll]  [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
[PID: 952][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system\cmicnfg.cpl]  [C-Media Corporation, 1, 0, 43, 1]
[C:\WINDOWS\System32\udaprop.dll]  [C-Media Corporation, 1.0.2.3]
[PID: 1160][C:\WINDOWS\CTHELPER.EXE]  [Creative Technology Ltd, 2, 0, 0, 11]
[C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[C:\WINDOWS\SYSTEM32\CTDPROXY.DLL]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[C:\WINDOWS\SYSTEM32\CTDC0001.DLL]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[C:\WINDOWS\SYSTEM32\ctosuser.dll]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[C:\WINDOWS\SYSTEM32\PIAPROXY.DLL]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[C:\WINDOWS\system32\ctagent.dll]  [Creative Technology Ltd, 1, 0, 0, 11]
[C:\WINDOWS\system32\ctspkhlp.dll]  [Creative Technology Ltd, 1, 0, 2, 0]
[C:\WINDOWS\system32\ctpcmcia.dll]  [Creative Technology Ltd, 2, 0, 0, 22]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\CTDCRES.DLL]  [Creative Technology Ltd, 5.12.01.0142-1.00.0000]
[PID: 1380][C:\WINDOWS\AGRSMMSG.exe]  [Agere Systems, 2.1.41.10 2.1.41.10 06/29/2004 09:06:35]
[PID: 1400][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
[PID: 1580][C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe]  [Avira GmbH, 7.00.04.05]
[C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\AntiVir PersonalEdition Classic\avgcmxp.dll]  [Avira GmbH, 7.00.04.00]
[C:\Program Files\AntiVir PersonalEdition Classic\AVWINLL.DLL]  [Avira GmbH, 1.0.0.7]
[PID: 1620][C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe]  [HP, 2,80,0,0]
[C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3204.DLL]  [HP, 2,80,0,0]
[PID: 1652][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1956][C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe]  [EMU Systems, 1.70.01.0010]
[C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.dll]  [EMU Systems, 1.70.01.0010]
[C:\WINDOWS\system32\ctosuser.dll]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[C:\WINDOWS\SYSTEM32\PIAPROXY.DLL]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[C:\WINDOWS\SYSTEM32\CTDPROXY.DLL]  [Creative Technology Ltd, 5.12.01.1021-2.01.0230]
[PID: 2408][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 4076][C:\Program Files\Maxthon\Maxthon.exe]  [MY Soft Technology, 1, 3, 3, 23]
[C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\ctagent.dll]  [Creative Technology Ltd, 1, 0, 0, 11]
[C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3068][C:\Documents and Settings\matiungming\Bureau\gmer.exe]  [GMER, 1, 0, 10, 10122]
[C:\WINDOWS\gmer.dll]  [GMER, 1, 0, 10, 10122]
[C:\WINDOWS\system32\ctagent.dll]  [Creative Technology Ltd, 1, 0, 0, 11]
[PID: 3840][C:\Documents and Settings\matiungming\Bureau\sreng\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\ctagent.dll]  [Creative Technology Ltd, 1, 0, 0, 11]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

 

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2007-05-29 18:56:51

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.10 ----

 

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey

SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey

SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject

SSDT sptd.sys ZwEnumerateKey

SSDT sptd.sys ZwEnumerateValueKey

SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver

SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey

SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile

SSDT sptd.sys ZwOpenKey

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread

SSDT sptd.sys ZwQueryKey

SSDT sptd.sys ZwQueryValueKey

SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey

SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort

SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey

SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort

SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile

SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation

SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey

SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver

 

INT 0x20 srescan.sys F7373A20

 

---- Devices - GMER 1.0.10 ----

 

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FCE1D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8603E1D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 86B05980

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 86B05980

Device \Driver\USBSTOR \Device00008f IRP_MJ_CREATE 86D33508

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [EF4258A0] vsdatant.sys

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86DCD1D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86DCD1D8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86DCD1D8

Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86DCD1D8

Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 86D2B5F8

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [EF4258A0] vsdatant.sys

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1B75C30

Device \Driver\NetBT \Device\NetBT_Tcpip_{7167EE97-5A25-4996-AA4B-717322814063} IRP_MJ_CREATE 86C141D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86F5F1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86C3B7C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86C3B7C8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86FD01D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 86FD01D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86FD01D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 86FD01D8

Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 86FD01D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 86FD01D8

Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E163BD08

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86C141D8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86C141D8

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [EF4258A0] vsdatant.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{9B743653-65CA-4697-9CCB-4BA971298DB9} IRP_MJ_CREATE 86C141D8

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [EF4258A0] vsdatant.sys

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 86DCD1D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 86DCD1D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 86C195C8

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [EF4258A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [EF4258A0] vsdatant.sys

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 86DCD1D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86C195C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 86C195C8

Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 86DCD1D8

Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 86D2B5F8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86F5F1D8

Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_CREATE 86FCF1D8

Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\viamraid \Device\Scsi\viamraid1Port4Path0Target0Lun0 IRP_MJ_CREATE 86FCF1D8

Device \Driver\viamraid \Device\Scsi\viamraid1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN [F7B32651] prosync1.sys

Device \Driver\USBSTOR \Device00008d IRP_MJ_CREATE 86D33508

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8603E1D8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 867D61D8

 

---- Registry - GMER 1.0.10 ----

 

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{2E29FD1C-8E93-4d17-8893-DD18E3D36851}\Version@Version 0xBC 0x24 0x52 0x54 ...

Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\discWelder BRONZE\Version@Version 0xBC 0x24 0x52 0x54 ...

 

---- Files - GMER 1.0.10 ----

 

File C:\System Volume Information\MountPointManagerRemoteDatabase

File C:\System Volume Information\tracking.log

File C:\System Volume Information\_restore{14DB660F-C2CA-417E-AE16-8FEC811D76B8}

File C:\System Volume Information\_restore{362E3112-5D7D-494C-BE73-F9719B144703}

 

---- EOF - GMER 1.0.10 ----

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...