Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

spyware-antivirus

awlp

Par awlp
dans Sécurisation, prévention

 Partager

Messages recommandés

awlp Junior Member

awlp

Posté(e)
Posté(e)

bonsoir, jai déjà laissé un message afin de pouvoir éradiquer spyware-secure et diverse page de pubs intempestive qui pollue mon ordinateur, si vous pouvez me donner la solution je vous remercie à l'avance je vous joint la loge de hijackvis

Logfile of HijackThis v1.99.1

Scan saved at 21:41:47, on 10/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Softwin\BitDefender8\bdnagent.exe

C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [WinServ 32] windserv.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

je vous met la log de dialhelp aussi

 

DiagHelp version v1.1.2 - http://www.malekal.com

excute le 10/07/2007 à 19:23:38,73

 

 

Liste des derniers fichies modifies/crees dans windir\system32

C:\WINDOWS\System32/drivers\adidsl.cfg -->26/05/2007 07:34:17

C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55

C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42

C:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41

C:\WINDOWS\System32/drivers\aswTdi.sys -->30/04/2007 17:38:51

C:\WINDOWS\System32/drivers\aavmker4.sys -->30/04/2007 17:37:23

C:\WINDOWS\System32/drivers\nmwcd.sys -->22/02/2007 10:15:56

 

C:\WINDOWS\System32\jdlcou_navps.dat -->10/07/2007 19:23:22

C:\WINDOWS\System32\jdlcou.dat -->10/07/2007 19:23:21

C:\WINDOWS\System32\wpa.dbl -->10/07/2007 18:41:02

C:\WINDOWS\System32\vsconfig.xml -->10/07/2007 18:40:25

C:\WINDOWS\System32\OODBS.lor -->10/07/2007 18:40:14

C:\WINDOWS\System32\jdlcou_nav.dat -->10/07/2007 17:23:29

C:\WINDOWS\System32\nvs2.inf -->10/07/2007 17:23:16

C:\WINDOWS\System32\jdlcou.exe -->10/07/2007 10:51:29

C:\WINDOWS\System32\FNTCACHE.DAT -->29/06/2007 06:52:53

C:\WINDOWS\System32\rnaph.dll -->28/06/2007 15:53:43

C:\WINDOWS\System32\iiSetup.log -->28/06/2007 15:20:20

C:\WINDOWS\System32\asfiles.txt -->28/06/2007 13:45:29

C:\WINDOWS\System32\Uninstall.ico -->28/06/2007 11:24:40

C:\WINDOWS\System32\Help.ico -->28/06/2007 11:24:40

C:\WINDOWS\System32\MRT.exe -->05/06/2007 23:38:42

C:\WINDOWS\System32\AUTOEXEC.NT -->02/06/2007 10:41:12

C:\WINDOWS\System32\PerfStringBackup.INI -->26/05/2007 07:18:07

C:\WINDOWS\System32\perfh00C.dat -->26/05/2007 07:18:07

C:\WINDOWS\System32\perfh009.dat -->26/05/2007 07:18:07

C:\WINDOWS\System32\perfc00C.dat -->26/05/2007 07:18:07

C:\WINDOWS\System32\perfc009.dat -->26/05/2007 07:18:07

C:\WINDOWS\System32\inetcomm.dll -->16/05/2007 17:13:53

C:\WINDOWS\System32\mshtml.dll -->08/05/2007 10:59:01

C:\WINDOWS\System32\CONFIG.NT -->07/05/2007 08:33:17

C:\WINDOWS\System32\mlfcache.dat -->30/04/2007 23:33:41

 

C:\WINDOWS.log -->10/07/2007 18:40:43

C:\WINDOWS\wiadebug.log -->10/07/2007 18:40:39

C:\WINDOWS\WindowsUpdate.log -->10/07/2007 18:40:38

C:\WINDOWS\wiaservc.log -->10/07/2007 18:40:37

C:\WINDOWS\bootstat.dat -->10/07/2007 18:40:19

C:\WINDOWS\SchedLgU.Txt -->10/07/2007 18:39:01

C:\WINDOWS\setupapi.log -->10/07/2007 17:14:07

C:\WINDOWS\msnfix.txt -->09/07/2007 22:42:42

C:\WINDOWS\NeroDigital.ini -->09/07/2007 12:38:57

C:\WINDOWS\win.ini -->28/06/2007 16:09:01

C:\WINDOWS\system.ini -->02/06/2007 10:41:12

C:\WINDOWS\adidsl.ini -->26/05/2007 07:35:37

C:\WINDOWS\Fast800.ini -->26/05/2007 07:34:17

C:\WINDOWS\118294.78 -->30/04/2007 18:15:41

C:\WINDOWS\yesmessenger.ini -->26/04/2007 16:32:21

 

 

Le volume dans le lecteur C s'appelle systeme

Le numéro de série du volume est 88D3-E3B1

 

Répertoire de C:\WINDOWS\system32

 

10/08/2004 15:00 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 135 859 458 048 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C s'appelle systeme

Le numéro de série du volume est 88D3-E3B1

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

10/07/2007 17:03 <REP> .

10/07/2007 17:03 <REP> ..

24/08/2006 08:28 141 424 asinst.dll

17/05/2006 15:32 198 304 avsniffdlgs.dll

17/05/2006 15:26 537 704 AXXPEE.dll

07/12/2004 16:07 32 bdcore.dll

01/03/2005 14:08 118 784 bdupd.dll

28/03/2007 10:06 541 ca.pub

07/02/2007 02:00 2 504 catalog.dat

04/07/2007 11:05 <REP> CONFLICT.1

07/05/2007 16:38 500 120 daas_s.dll

23/09/2004 20:09 65 desktop.ini

25/07/2002 18:13 24 576 dwusplay.dll

25/07/2002 18:13 196 608 dwusplay.exe

07/02/2007 02:00 6 899 ecbootil.vxd

17/05/2006 15:26 42 112 ecmldr32.dll

07/02/2007 02:00 272 040 ecmsvr32.dll

14/07/2005 17:28 365 f3initialsetup1.0.0.15-3.inf

07/05/2007 16:39 192 920 fsauc.dll

15/06/2006 10:19 483 fscax.inf

01/03/2005 14:08 53 248 ipsupd.dll

25/07/2002 18:05 172 032 isusweb.dll

30/01/2007 17:28 902 jinstall-1_5_0_11.inf

09/03/2005 15:42 6 742 lang.ini

11/12/2006 17:44 367 LegitCheckControl.inf

23/04/2007 12:48 7 168 libcomm.dll

07/12/2004 16:07 32 libfn.dll

18/02/2005 16:22 126 live.ini

29/05/2003 16:00 160 864 messengerstatsclient.dll

23/02/2007 00:41 304 544 MessengerStatsPAClient.dll

28/02/2007 15:21 131 472 msgrchkr.dll

20/06/2006 16:44 379 704 MsnPUpld.dll

19/06/2006 15:40 393 MsnPUpld.inf

17/05/2006 15:28 6 850 navapi.vxd

17/05/2006 15:28 201 896 navapi32.dll

07/02/2007 02:00 124 536 naveng32.dll

07/02/2007 02:00 902 776 navex32a.dll

01/06/2006 02:57 1 331 oscan8.inf

01/06/2006 02:54 471 040 oscan8.ocx

31/05/2006 04:15 10 oscan81.ocx_x

20/06/2006 16:44 117 560 PURen-us.dll

15/10/2004 08:59 110 592 PURfr-xx.dll

09/03/2005 15:43 6 828 scanoptions.tsi

07/02/2007 02:00 97 712 scrauth.dat

09/11/2006 15:36 5 019 swflash.inf

07/02/2007 02:00 11 875 symaveng.cat

07/02/2007 02:00 1 061 symaveng.inf

07/02/2007 02:00 188 417 tcdefs.dat

07/02/2007 02:00 1 312 335 tcscan7.dat

07/02/2007 02:00 333 024 tcscan8.dat

07/02/2007 02:00 751 564 tcscan9.dat

07/02/2007 02:00 453 tinf.dat

07/02/2007 02:00 148 tinfidx.dat

07/02/2007 02:00 1 957 tinfl.dat

07/02/2007 02:00 64 232 tscan1.dat

07/02/2007 02:00 3 072 tscan1hd.dat

07/02/2007 02:00 4 778 v.grd

07/02/2007 02:00 2 269 v.sig

07/02/2007 02:00 106 244 virscan.inf

07/02/2007 02:00 977 025 virscan1.dat

07/02/2007 02:00 570 042 virscan2.dat

07/02/2007 02:00 147 728 virscan3.dat

07/02/2007 02:00 320 186 virscan4.dat

07/02/2007 02:00 3 411 419 virscan5.dat

07/02/2007 02:00 390 216 virscan6.dat

07/02/2007 02:00 6 542 038 virscan7.dat

07/02/2007 02:00 1 681 044 virscan8.dat

07/02/2007 02:00 4 120 566 virscan9.dat

07/02/2007 02:00 32 virscant.dat

07/02/2007 02:00 224 zdone.dat

67 fichier(s) 26 441 174 octets

 

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

 

04/07/2007 11:05 <REP> .

04/07/2007 11:05 <REP> ..

25/06/2003 19:00 541 ca.pub

17/01/2006 17:11 580 663 daas_s.dll

03/02/2006 11:20 188 416 fsauc.dll

16/06/2006 15:31 181 856 fscax.dll

4 fichier(s) 951 476 octets

 

Total des fichiers listés :

71 fichier(s) 27 392 650 octets

5 Rép(s) 135 859 453 952 octets libres

 

Recherche de rootkit! (Merci S!Ri)

infection possible Magic.Control : un scan F-Secure BlackLight est recommandé

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\\Program Files\\Messenger\\msmsgs.exe"="c:\\windows\\$hf_mig$\\kb887472\\sp2qfe\\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"

"C:\\Documents and Settings\\famille\\Local Settings\\Temporary Internet Files\\Content.IE5\\Y065DK42\\magentic_install[1].exe"="C:\\Documents and Settings\\famille\\Local Settings\\Temporary Internet Files\\Content.IE5\\Y065DK42\\magentic_install[1].exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Program Files\\neuf Talk\\neuf Talk.exe"="c:\\program files\\neuf talk\\neuf talk.exe:*:Enabled:neuf Talk"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"="C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"

"C:\\Documents and Settings\\famille\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe"="C:\\Documents and Settings\\famille\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"

"I:\\telechargement\\magentic_install.exe"="I:\\telechargement\\magentic_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

Rechercher adresses sensibles dans le fichier HOSTS...

REGEDIT4

 

[taskmgr.exe]

 

 

 

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-10 19:23:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

172 - ImApp.exe

248 - guard.exe

396 - oodag.exe

556 - csrss.exe

584 - winlogon.exe

628 - services.exe

640 - lsass.exe

704 - usnsvc.exe

804 - svchost.exe

852 - svchost.exe

920 - svchost.exe

964 - svchost.exe

1044 - svchost.exe

1052 - svchost.exe

1120 - vsmon.exe

1400 - xcommsvr.exe

1432 - iexplore.exe

1460 - explorer.exe

1484 - bdss.exe

1680 - ashServ.exe

2380 - dllhost.exe

2432 - CLI.exe

2648 - alg.exe

2860 - livecall.exe

3128 - ashDisp.exe

3160 - zlclient.exe

3208 - RTHDCPL.exe

3216 - CLI.exe

3228 - Vm_sti.exe

3236 - bdnagent.exe

3244 - jdlcou.exe

3256 - MemOptimizer.ex

3296 - Ad-Watch.exe

3320 - ctfmon.exe

3740 - msnmsgr.exe

3988 - cmd.exe

 

Total number of processes = 37

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\TUKERNEL.EXE

80720000 - \WINDOWS\system32\hal.dll

F7A63000 - \WINDOWS\system32\KDCOM.DLL

F7973000 - \WINDOWS\system32\BOOTVID.dll

F7513000 - ACPI.sys

F7A65000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS

F7502000 - pci.sys

F7563000 - isapnp.sys

F7B2B000 - pciide.sys

F77E3000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F7A67000 - aliide.sys

F7A69000 - cmdide.sys

F7A6B000 - toside.sys

F7A6D000 - viaide.sys

F7A6F000 - intelide.sys

F7573000 - MountMgr.sys

F74E3000 - ftdisk.sys

F7A71000 - dmload.sys

F74BD000 - dmio.sys

F77EB000 - PartMgr.sys

F7583000 - VolSnap.sys

F7977000 - cpqarray.sys

F74A5000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

F748D000 - atapi.sys

F797B000 - aha154x.sys

F77F3000 - sparrow.sys

F797F000 - symc810.sys

F7593000 - aic78xx.sys

F7983000 - dac960nt.sys

F75A3000 - ql10wnt.sys

F7987000 - amsint.sys

F77FB000 - asc.sys

F798B000 - asc3550.sys

F7803000 - mraid35x.sys

F780B000 - i2omp.sys

F798F000 - ini910u.sys

F75B3000 - ql1240.sys

F75C3000 - aic78u2.sys

F7813000 - symc8xx.sys

F781B000 - sym_hi.sys

F7823000 - sym_u3.sys

F782B000 - ABP480N5.SYS

F7833000 - asc3350p.sys

F7A73000 - cd20xrnt.sys

F75D3000 - ultra.sys

F7474000 - adpu160m.sys

F783B000 - dpti2o.sys

F75E3000 - ql1080.sys

F75F3000 - ql1280.sys

F7603000 - ql12160.sys

F7843000 - perc2.sys

F7A75000 - perc2hib.sys

F784B000 - hpn.sys

F7993000 - cbidf2k.sys

F7448000 - dac2w2k.sys

F7613000 - disk.sys

F7623000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F7428000 - fltMgr.sys

F7633000 - PxHelp20.sys

F7411000 - KSecDD.sys

F73FE000 - WudfPf.sys

F7371000 - Ntfs.sys

F7344000 - NDIS.sys

F7643000 - viaagp.sys

F7330000 - srescan.sys

F7653000 - sisagp.sys

F7663000 - ohci1394.sys

F7673000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS

F7315000 - Mup.sys

F7683000 - alim1541.sys

F7693000 - amdagp.sys

F76A3000 - agp440.sys

F76B3000 - agpCPQ.sys

F76E3000 - \SystemRoot\system32\DRIVERS\nic1394.sys

F72B5000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F691D000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys

F6909000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F7943000 - \SystemRoot\system32\DRIVERS\usbohci.sys

F68E6000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F794B000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F72A5000 - \SystemRoot\system32\DRIVERS\imapi.sys

F7295000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F7285000 - \SystemRoot\system32\DRIVERS\redbook.sys

F68C3000 - \SystemRoot\system32\DRIVERS\ks.sys

F689E000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

F7953000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS

F7275000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F795B000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F7963000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F7B3B000 - \SystemRoot\system32\DRIVERS\audstub.sys

F6B13000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F7A53000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F6887000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F6B03000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F6AF3000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F796B000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F6876000 - \SystemRoot\system32\DRIVERS\psched.sys

F6AE3000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F785B000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F7893000 - \SystemRoot\system32\DRIVERS\raspti.sys

F789B000 - \SystemRoot\system32\DRIVERS\wanatw4.sys

F6845000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

F6AD3000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7A95000 - \SystemRoot\system32\DRIVERS\swenum.sys

F67E9000 - \SystemRoot\system32\DRIVERS\update.sys

F7241000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F6AC3000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F6A93000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7A97000 - \SystemRoot\system32\DRIVERS\USBD.SYS

AABA3000 - \SystemRoot\system32\drivers\RtkHDAud.sys

AAB81000 - \SystemRoot\system32\drivers\portcls.sys

F6A83000 - \SystemRoot\system32\drivers\drmk.sys

F7A9B000 - \SystemRoot\System32\Drivers\i2omgmt.SYS

F7A9F000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7B63000 - \SystemRoot\System32\Drivers\Null.SYS

F7AA1000 - \SystemRoot\System32\Drivers\Beep.SYS

F7B65000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys

F78C3000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F78CB000 - \SystemRoot\System32\drivers\vga.sys

F7AA3000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7AA5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F78D3000 - \SystemRoot\System32\Drivers\Msfs.SYS

F78DB000 - \SystemRoot\System32\Drivers\Npfs.SYS

F720D000 - \SystemRoot\system32\DRIVERS\rasacd.sys

AA88B000 - \SystemRoot\system32\DRIVERS\ipsec.sys

AA833000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F76F3000 - \SystemRoot\System32\Drivers\aswTdi.SYS

AA772000 - \SystemRoot\system32\DRIVERS\ipnat.sys

AA74A000 - \SystemRoot\system32\DRIVERS\netbt.sys

F7703000 - \SystemRoot\system32\DRIVERS\wanarp.sys

AA6EB000 - \SystemRoot\System32\vsdatant.sys

F7713000 - \SystemRoot\system32\DRIVERS\arp1394.sys

AA6C9000 - \SystemRoot\System32\drivers\afd.sys

F7723000 - \SystemRoot\system32\DRIVERS\netbios.sys

AA69E000 - \SystemRoot\system32\DRIVERS\rdbss.sys

AA62F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F7743000 - \SystemRoot\System32\Drivers\Fips.SYS

F7B99000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

F78EB000 - \SystemRoot\System32\Drivers\Aavmker4.SYS

F7783000 - \SystemRoot\System32\Drivers\Cdfs.SYS

F78FB000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS

AA5F0000 - \SystemRoot\System32\Drivers\usbVM31b.sys

F7793000 - \SystemRoot\System32\Drivers\STREAM.SYS

AA5D8000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F7AD9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

AAB79000 - \SystemRoot\System32\drivers\Dxapi.sys

F7903000 - \SystemRoot\System32\watchdog.sys

BF9C3000 - \SystemRoot\System32\drivers\dxg.sys

F7C7A000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9D5000 - \SystemRoot\System32\ati2dvag.dll

BFA17000 - \SystemRoot\System32\ati2cqag.dll

BFA51000 - \SystemRoot\System32\atikvmag.dll

BFA87000 - \SystemRoot\System32\ati3duag.dll

BFCEE000 - \SystemRoot\System32\ativvaxx.dll

A8424000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

A8042000 - \SystemRoot\System32\Drivers\aswMon2.SYS

A7EC5000 - \SystemRoot\system32\drivers\wdmaud.sys

A8210000 - \SystemRoot\system32\drivers\sysaudio.sys

A7D82000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

A7D19000 - \SystemRoot\System32\Drivers\HTTP.sys

A7BD7000 - \SystemRoot\system32\DRIVERS\srv.sys

A78B3000 - \SystemRoot\System32\Drivers\aswRdr.SYS

A6E42000 - \SystemRoot\system32\drivers\kmixer.sys

F7BDA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 165

 

Liste des programmes installes

 

Adobe Reader 8.1.0 - Français

Adobe® Photoshop® Album Edition Découverte 3.0

Apple Software Update

Archiveur WinRAR

ATI Catalyst Control Center

avast! Antivirus

AVG Anti-Spyware 7.5

BitDefender 8 Free Edition

Browser Address Error Redirector

Camera RAW Plug-In for EPSON Creativity Suite

CCleaner (remove only)

Codeur Windows Media Série 9

EasyCleaner

eMule

EnveloppesEditor1.08

Google Toolbar for Internet Explorer

HijackThis 1.99.1

IncrediMail Xe

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 7

Java SE Runtime Environment 6

Lecteur Windows Media 11

Macromedia Flash Player 8

Macromedia Shockwave Player

Magentic

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft Digital Image Library 9 - Blocker

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Sites publics français

Microsoft User-Mode Driver Framework Feature Pack 1.5

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

Money Manager Ex 0.8.0.6 (beta)

Mozilla Firefox (1.5.0.12)

Multi Virus Cleaner 2007

Navilog1 Version 2.0.5

Navirad9600v1

Nero 7 Demo

neuf Talk 1.4

Nokia Connectivity Cable Driver

Nokia PC Suite

O&O Defrag Professional Edition

OpenOffice.org 2.2

Outerinfo

Outil de mise à jour Google

Package de pilotes Windows - Nokia Modem (11/03/2006 6.82.0.1)

Paint.NET v3.07

PC Connectivity Solution

Picasa 2

PL-2303 USB-to-Serial

PowerDVD

RealPlayer

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

SmartSound Quicktracks Plugin

Sonic Encoders

Sonic Express Labeler

Sonic MyDVD LE

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Spybot - Search & Destroy 1.4

Starware Toolbar Musique

TuneUp Utilities 2006

TV sur PC

Ulead VideoStudio 9.0 SE DVD

VIMICRO USB PC Camera

Vista Dual Scan 1.0

WebFldrs XP

Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)

Windows Driver Package - Nokia Modem (02/15/2007 3.1)

Windows Internet Explorer 7

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

ZoneAlarm

 

 

 

Le volume dans le lecteur C s'appelle systeme

Le numéro de série du volume est 88D3-E3B1

 

Répertoire de C:\Program Files

 

10/07/2007 16:55 <REP> .

10/07/2007 16:55 <REP> ..

22/01/2007 16:46 <REP> 3rdParty

07/02/2007 13:40 <REP> Address

09/06/2007 23:31 <REP> Adobe

11/01/2007 17:20 <REP> Alwil Software

08/03/2007 10:37 <REP> Apple Software Update

04/12/2006 00:46 <REP> ATI Technologies

10/07/2007 17:26 <REP> AxBx

10/01/2007 23:10 <REP> CCleaner

22/01/2007 16:46 <REP> cryptdll

04/12/2006 01:22 <REP> CyberLink

03/06/2007 09:37 <REP> DIFX

10/07/2007 16:59 <REP> eMule

11/06/2007 23:25 <REP> EnveloppesEditor1.08

01/07/2007 17:05 <REP> epson

22/01/2007 16:46 <REP> Faces

28/06/2007 16:08 <REP> Fichiers communs

23/03/2007 08:53 <REP> Google

02/05/2007 10:15 <REP> Grisoft

22/01/2007 16:46 <REP> Help

10/07/2007 14:47 <REP> Hijackthis Version Française

26/05/2007 07:55 <REP> IncrediMail

22/01/2007 16:46 <REP> Info

06/07/2007 18:06 <REP> Internet Explorer

06/04/2007 15:24 <REP> Java

10/01/2007 23:17 <REP> Lavasoft

04/12/2006 01:10 <REP> Learn2.com

26/04/2007 08:14 <REP> Magentic

15/01/2007 13:07 <REP> Messenger

05/07/2007 16:42 <REP> Messenger Plus! Live

02/06/2007 12:13 <REP> Microsoft ActiveSync

11/05/2007 11:05 <REP> Microsoft CAPICOM 2.1.0.2

24/01/2007 22:39 <REP> Microsoft Digital Image 2006

23/09/2004 20:15 <REP> microsoft frontpage

14/01/2007 12:45 <REP> Microsoft Sites publics français

11/01/2007 09:02 <REP> Microsoft Visual Studio

11/01/2007 09:00 <REP> Microsoft Visual Studio 8

11/01/2007 09:01 <REP> Microsoft.NET

28/06/2007 14:49 <REP> Money Manager Ex

11/01/2007 23:59 <REP> Movie Maker

10/07/2007 18:45 <REP> Mozilla Firefox

06/04/2007 15:15 <REP> MSBuild

12/01/2007 01:17 <REP> MSECache

23/09/2004 19:59 <REP> MSN

23/09/2004 19:59 <REP> MSN Gaming Zone

04/07/2007 19:19 <REP> MSN Messenger

10/07/2007 17:19 <REP> Navilog1

09/07/2007 10:03 <REP> Navirad

01/04/2007 22:06 <REP> Nero

15/01/2007 14:32 <REP> NetMeeting

06/06/2007 23:02 <REP> Neuf

09/07/2007 14:43 <REP> neuf Talk

03/06/2007 09:36 <REP> Nokia

25/01/2007 01:32 <REP> Oberon Media

11/01/2007 17:14 <REP> OO Software

28/06/2007 23:28 <REP> OpenOffice.org 2.2

13/06/2007 06:56 <REP> Outlook Express

26/04/2007 14:03 <REP> Paint.NET

03/06/2007 09:37 <REP> PC Connectivity Solution

01/05/2007 00:37 <REP> Picasa2

02/06/2007 12:13 <REP> POI-Warner Speed Camera Updater

04/12/2006 01:09 <REP> Real

04/12/2006 00:48 <REP> Realtek

10/01/2007 23:32 <REP> RegCleaner

14/12/2005 14:45 <REP> RegSupreme Pro

14/01/2007 13:04 <REP> Save Flash

11/01/2007 23:59 <REP> Services en ligne

04/12/2006 01:20 <REP> SmartSound Software

28/06/2007 16:08 <REP> Softwin

04/12/2006 01:12 <REP> Sonic

07/07/2007 10:05 <REP> Spybot - Search & Destroy

17/03/2007 10:45 <REP> Starware370

22/01/2007 16:46 <REP> Template

10/07/2007 16:55 <REP> ToniArts

05/11/2005 14:42 <REP> TuneUp Utilities

22/06/2007 08:19 <REP> TuneUp Utilities 2006

04/12/2006 01:19 <REP> Ulead Systems

11/01/2007 01:29 <REP> Vimicro

03/02/2007 10:34 <REP> Windows Desktop Search

07/06/2007 17:13 <REP> Windows Live

04/12/2006 01:20 <REP> Windows Media Components

12/01/2007 02:13 <REP> Windows Media Connect 2

20/02/2007 08:52 <REP> Windows Media Player

12/01/2007 00:00 <REP> Windows NT

23/09/2004 20:01 <REP> Windows Plus

19/01/2007 11:03 <REP> WinRAR

23/09/2004 20:15 <REP> xerox

12/01/2007 00:24 <REP> Zone Labs

0 fichier(s) 0 octets

89 Rép(s) 135 859 081 216 octets libres

Le volume dans le lecteur C s'appelle systeme

Le numéro de série du volume est 88D3-E3B1

 

Répertoire de C:\Program Files\fichiers communs

 

28/06/2007 16:08 <REP> .

28/06/2007 16:08 <REP> ..

26/04/2007 13:50 <REP> ACD Systems

09/06/2007 23:32 <REP> Adobe

01/04/2007 22:09 <REP> Ahead

06/04/2007 15:16 <REP> DESIGNER

04/12/2006 01:13 <REP> InstallShield

04/12/2006 01:03 <REP> Java

01/06/2007 13:33 <REP> Microsoft Shared

23/09/2004 20:07 <REP> MSSoap

03/06/2007 09:35 <REP> Nokia

04/12/2006 01:10 <REP> Nullsoft

23/09/2004 19:53 <REP> ODBC

03/06/2007 09:37 <REP> PCSuite

25/03/2007 21:33 <REP> Real

11/01/2007 23:58 <REP> Services

28/06/2007 16:09 <REP> Softwin

11/01/2007 23:58 <REP> Sonic Shared

23/09/2004 19:53 <REP> SpeechEngines

11/01/2007 23:58 <REP> SureThing Shared

13/06/2007 06:56 <REP> System

04/12/2006 01:12 <REP> TiVo Shared

24/01/2007 14:21 <REP> Ulead Systems

25/03/2007 21:33 <REP> xing shared

30/04/2007 16:57 <REP> {38D3E3B1-0AE9-1036-0719-060511120021}

30/05/2007 08:20 <REP> {88D3E3B1-0AE9-1036-0719-060511120021}

0 fichier(s) 0 octets

26 Rép(s) 135 859 077 120 octets libres

Le volume dans le lecteur C s'appelle systeme

Le numéro de série du volume est 88D3-E3B1

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

06/04/2007 15:17 <REP> .

06/04/2007 15:17 <REP> ..

06/04/2007 15:11 <REP> 1036

26/10/2006 20:49 970 528 MSONSEXT.DLL

03/06/1999 13:09 122 937 MSOWS409.DLL

07/03/2001 08:00 127 033 MSOWS40c.DLL

3 fichier(s) 1 220 498 octets

3 Rép(s) 135 859 077 120 octets libres

Le volume dans le lecteur C s'appelle systeme

Le numéro de série du volume est 88D3-E3B1

 

Répertoire de C:\

 

12/05/2007 18:22 68 096 diff.exe

12/05/2007 18:22 103 424 grep.exe

31/10/2005 17:56 700 416 StubInstaller.exe

3 fichier(s) 871 936 octets

0 Rép(s) 135 859 077 120 octets libres

c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe

c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre.exe

c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe

c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe

c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe

c:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Télécharger des logiciels.exe

c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe

c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_1773C0A4E004EB4D3ECAE5.exe

c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_6FEFF9B68218417F98F549.exe

c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_C96AC1B409367E02762E8D.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\famille\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\famille\Local Settings\Application Data\Magentic\Runtime\ScreenSaver\955A21B3-B96B-46DC0ABE9-70EFACFBC2B2\zoomfade.exe

c:\Documents and Settings\famille\Local Settings\Application Data\Magentic\Runtime\ScreenSaver\E9EE8159-84BB-4D910B813-B8CEDC24EAAA\wind.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\ChCfg.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\RtlUpd.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\RtlUpd64.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\SetCDfmt.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\Setup.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K3\us\kb888111srvrtm.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\Alcmtr.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\AlcWzrd.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\CPLUtl64.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\MicCal.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RTHDCPL.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RTLCPL.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RtlUpd.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RtlUpd64.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\SoundMan.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\java.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javacpl.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javaw.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javaws.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\jucheck.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\jusched.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\keytool.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\kinit.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\klist.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\ktab.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\orbd.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\pack200.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\policytool.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\rmid.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\rmiregistry.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\servertool.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\tnameserv.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\unpack200.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\java.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javacpl.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\java-rmi.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javaw.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javaws.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\jucheck.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\jusched.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\keytool.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\kinit.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\klist.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\ktab.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\orbd.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\pack200.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\policytool.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\rmid.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\rmiregistry.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\servertool.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\tnameserv.exe

c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\unpack200.exe

c:\Documents and Settings\Invité\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe

c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\famille\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

 

****** Fin du rapport DiagHelp

j'ai passé aussi navilog1

je vous remercie à l'avance

Invité
Ce sujet ne peut plus recevoir de nouvelles réponses.
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...