[Résolu] Un site me pourrit la vie => demande d'analyse de mon PC (infection ?)

Christian54 · le 14 janvier 2008

Bonjour tous et meilleurs voeux, Un site: fp.pc-on-internet.com me squatte ma page d'accueil dès que j'entre une recherche google depuis 3 ou 4 jours:

-affichage de sa page téléchargement son log,

-ouverture instantanée un site porno,

- fenêtre de telechargt "Instant Access".

J'ai entré au moins 50 fois cet Url dans Adblock plus, sans résultat. Scans divers avec antivirus, sans résultats significatifs. Spybot lancé à maintes reprises arrive à tout nettoyer, sauf une cle, impossible à supprimer m^m en mode sans echec, ni manuellement. Bien qu'ennuyeux je ne crois pas que cela ait un rapport, mais? HKLM\Syst\controlSet 1\services\MSN RAV. Msn est désactivé sur mon PC. Je n'utilise pas IE.

En tout état de cause, voici le résultat d'Hijackthis à ttes fins utiles; n'utilisant pas IE, mais FF(à jour), je trouve qu'il y a beaucoup d'items le concernant. Merci d'avance des conseils.

Pour info: je suis sous XP Pro, Firefox et TB, Spybot S&D, Antivir, Adaware etc.

Logfile of HijackThis v1.99.1

Scan saved at 10:03:26, on 14/01/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Tray Commander Lite\TC.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

C:\Program Files\APO Usb Autorun\usb_autorun.exe

C:\Program Files\WinTidy\WinTidy.exe

C:\Program Files\Webshots\webshots.scr

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKLM\..\Run: [Tray Commander Lite] C:\Program Files\Tray Commander Lite\TC.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

O4 - Startup: APO Usb Autorun.lnk = C:\Program Files\APO Usb Autorun\usb_autorun.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: WinTidy.lnk = C:\Program Files\WinTidy\WinTidy.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DD8DAF50-9F10-434E-9E02-1C38C73BFF15}: NameServer = 86.64.145.147 84.103.237.147

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Lexmark International, Inc. - (no file)

Modifié le 29 janvier 2008 par Christian54

Gof · le 15 janvier 2008

Bonjour Christian54

Je ne vois pas de service Pack ? Pas de pare-feu ? Peux tu m'en dire un peu plus ?

Commence par ceci.

Télécharge Navilog1 de Il-Mafioso et enregistre-le sur ton bureau.

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valide.
Patiente jusqu'au message : *** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Christian54 · le 16 janvier 2008

Bjr à Gof, Merci d'avoir pris la peine de répondre, comme demandé voici le rapport de Navilog.

Search Navipromo version 3.4.0 commencé le 15/01/2008 à 23:33:34,22

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 6.0.2600.0000

Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

InternetGameBox

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox trouvé !

*** Recherche dossiers dans ***

*** Recherche dossiers dans "C:\Documents and Settings\Christian\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\Christian\menu dÚmarrer\programmes" ***

*** Recherche dossiers dans ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Christian\local settings\application data" *

Fichiers trouvés :

skvnak.exe trouvé !

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Christian\local settings\application data" :

skvnak.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

*** Analyse terminée le 15/01/2008 à 23:36:57,18 ***

Par ailleurs: Au premier clic pour une recherche ou aller sur un bookmark, cette adresse(fp.pc-on-internet.com) ouvre une nouvelle fenêtre immédiatement et ouvre une 2ème en m^m temps sur site C... AdBlock plus n'y peux rien, Antivir non plus , etc.... Je suppose qu'un de mes chimpanzés a du se faire pièger par un de leurs sites (YouTube ou autres). Quant au reste on pourra voir ça après. Merci de ton attention.

Gof · le 16 janvier 2008

Bonsoir Christian54

Quant au reste on pourra voir ça après.

S'il n'y a pas de pare-feu sur ce pc, tu es vulnérable. C'est important de le savoir tout de suite.

Double-clique sur le raccourci Navilog1 présent sur le bureau

Laisse-toi guider. Au menu principal, choisis 2 et valide.
Patiente jusqu'au message : *** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

Décompresse le, sur ton bureau par exemple.
Un nouveau dossier chercher va être créé DiagHelp.
Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
Copie/colle le contenu du bloc-note qui s'ouvre et joins le à ta prochaine réponse.

Christian54 · le 17 janvier 2008

Bjr GOF, merci de ta patience; ci-après les deux rapports demandés:

DiagHelp version v1.4 - http://www.malekal.com

excute le 17/01/2008 à 9:13:36,69

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\Layout.ini -->07/12/2007 20:35:56

C:\WINDOWS\System32\drivers\pcouffin.sys -->25/12/2007 23:31:39

C:\WINDOWS\System32\drivers\avipbb.sys -->08/12/2007 01:23:51

C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11

C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19

C:\WINDOWS\System32\drivers\SDTHOOK.SYS -->05/06/2007 10:56:40

C:\WINDOWS\System32\drivers\ssmdrv.sys -->01/03/2007 10:34:36

C:\WINDOWS\System32\drivers\avgarkt.sys -->31/01/2007 14:33:46

C:\WINDOWS\System32\wpa.dbl -->16/01/2008 23:56:08

C:\WINDOWS\System32\asfiles.txt -->16/01/2008 16:15:18

C:\WINDOWS\System32\Uninstall.ico -->16/01/2008 16:03:53

C:\WINDOWS\System32\pavas.ico -->16/01/2008 16:03:53

C:\WINDOWS\System32\Help.ico -->16/01/2008 16:03:53

C:\WINDOWS\System32\118290.54 -->16/01/2008 08:35:47

C:\WINDOWS\System32\PerfStringBackup.INI -->25/12/2007 13:31:22

C:\WINDOWS\System32\perfh00C.dat -->25/12/2007 13:31:22

C:\WINDOWS\System32\perfh009.dat -->25/12/2007 13:31:22

C:\WINDOWS\System32\perfc00C.dat -->25/12/2007 13:31:22

C:\WINDOWS\System32\perfc009.dat -->25/12/2007 13:31:22

C:\WINDOWS\System32\tmpC29E3.FOT -->23/12/2007 17:54:52

C:\WINDOWS\System32\tmpAA8E3.FOT -->23/12/2007 17:54:52

C:\WINDOWS\System32\tmp386E3.FOT -->23/12/2007 17:54:52

C:\WINDOWS\System32\tmp2E7E3.FOT -->23/12/2007 17:54:52

C:\WINDOWS\System32\tmp297E3.FOT -->23/12/2007 17:54:52

C:\WINDOWS\System32\tmp0F8E3.FOT -->23/12/2007 17:54:52

C:\WINDOWS\System32\satsukidecodersettings.ini -->23/12/2007 15:46:40

C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->11/12/2007 23:28:02

C:\WINDOWS\System32\3497384506.dat -->08/12/2007 00:24:41

C:\WINDOWS\System32\wmpscheme.xml -->07/12/2007 15:12:23

C:\WINDOWS\System32\FNTCACHE.DAT -->07/12/2007 15:10:07

C:\WINDOWS\System32\$winnt$.inf -->07/12/2007 15:09:08

C:\WINDOWS\System32\CONFIG.NT -->07/12/2007 15:04:56

C:\WINDOWS\System32\nscompat.tlb -->07/12/2007 15:04:52

C:\WINDOWS\zipgenius.xml -->17/01/2008 09:11:34

C:\WINDOWS\nscstiu_error.txt -->17/01/2008 09:06:16

C:\WINDOWS\wiadebug.log -->17/01/2008 09:05:57

C:\WINDOWS\wiaservc.log -->17/01/2008 09:05:56

C:\WINDOWS\bootstat.dat -->17/01/2008 09:04:37

C:\WINDOWS\ntbtlog.txt -->17/01/2008 00:03:45

C:\WINDOWS\win.ini -->16/01/2008 16:14:45

C:\WINDOWS\setupapi.log -->16/01/2008 16:05:15

C:\WINDOWS\LEXSTAT.INI -->16/01/2008 13:10:15

C:\WINDOWS\Debug.ini -->16/01/2008 12:25:40

C:\WINDOWS\Temp.ini -->16/01/2008 12:25:39

C:\WINDOWS\umaxuapi.ini -->16/01/2008 12:25:28

C:\WINDOWS\118294.78 -->16/01/2008 08:35:48

C:\WINDOWS\msnfix.txt -->14/01/2008 16:17:39

C:\WINDOWS\d3dx.dat -->13/01/2008 09:33:19

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT

Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------

explorer.exe pid: 1360

Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path

0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE

0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll

0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll

0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll

0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll

0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll

0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll

0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll

0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll

0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll

0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll

0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL

0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll

0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll

0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll

0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll

0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll

0x67800000 0x39000 3.00.0000.0399 C:\Program Files\Mamutu\a2handler.dll

0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll

0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll

0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll

0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll

0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll

0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll

0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll

0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll

ListDLLs v2.25 - DLL lister for Win9x/NT

Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------

winlogon.exe pid: 612

Command line: winlogon.exe

Base Size Version Path

0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe

0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll

0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll

0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll

0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll

0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll

0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll

0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll

0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll

0x008f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll

0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll

0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll

0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll

0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll

0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll

0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\system32\CLBCATQ.DLL

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est D075-DA3A

Répertoire de C:\WINDOWS\system32

28/08/2001 13:00 4 096 csrss.exe

1 fichier(s) 4 096 octets

0 Rép(s) 15 836 250 112 octets libres

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est D075-DA3A

Répertoire de C:\WINDOWS\Downloaded Program Files

16/01/2008 16:45 <REP> .

16/01/2008 16:45 <REP> ..

24/08/2006 08:28 141 424 asinst.dll

22/08/2006 09:06 537 asinst.inf

07/12/2004 17:07 32 bdcore.dll

25/05/2006 01:21 118 784 bdupd.dll

10/12/2007 14:32 <REP> CONFLICT.1

07/12/2007 15:03 65 desktop.ini

20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe

25/05/2006 01:21 53 248 ipsupd.dll

16/03/2005 12:34 7 407 lang.ini

07/12/2004 17:07 32 libfn.dll

14/03/2005 14:38 126 live.ini

01/06/2006 02:57 1 331 oscan8.inf

01/06/2006 02:54 471 040 oscan8.ocx

31/05/2006 04:15 10 oscan81.ocx_x

14/03/2005 14:58 7 073 scanoptions.tsi

20/11/2007 15:50 247 swflash.inf

15 fichier(s) 2 324 892 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

10/12/2007 14:32 <REP> .

10/12/2007 14:32 <REP> ..

20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe

20/11/2007 15:50 247 swflash.inf

2 fichier(s) 1 523 783 octets

Total des fichiers listés :

17 fichier(s) 3 848 675 octets

5 Rép(s) 15 836 246 016 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

Export de la clef SharedTaskScheduler

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies

REGEDIT4

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

127.0.0.1 counter.kaspersky.com

127.0.0.1 www.counter.kaspersky.com

127.0.0.1 symantecreview.com

127.0.0.1 www.symantecreview.com

127.0.0.1 liveupdate.myim.cn

127.0.0.1 www.liveupdate.myim.cn

127.0.0.1 ip.sirius.com

127.0.0.1 milkyway.sirius-cafe.de

127.0.0.1 osiris.at

127.0.0.1 osiris.cj.com

127.0.0.1 osiris98.cj.com

127.0.0.1 siri1.com

127.0.0.1 sirius.com

127.0.0.1 sirius.infonex.com

127.0.0.1 sirius.siol.net

127.0.0.1 siriusquest.com

127.0.0.1 startatsiri.com

127.0.0.1 www1.sirius.com

127.0.0.1 www7.sirius.com

127.0.0.1 wwwn1.sirius.com

127.0.0.1 www.ip.sirius.com

127.0.0.1 www.milkyway.sirius-cafe.de

127.0.0.1 www.osiris.at

127.0.0.1 www.osiris.cj.com

127.0.0.1 www.osiris98.cj.com

127.0.0.1 www.siri1.com

127.0.0.1 www.sirius.com

127.0.0.1 www.sirius.infonex.com

127.0.0.1 www.sirius.siol.net

127.0.0.1 www.siriusquest.com

127.0.0.1 www.startatsiri.com

127.0.0.1 www.www1.sirius.com

127.0.0.1 www.www7.sirius.com

127.0.0.1 www.wwwn1.sirius.com

127.0.0.1 activexupdate.com

127.0.0.1 ads.macupdate.com

127.0.0.1 ads1.updated.com

127.0.0.1 adultupdate.com

127.0.0.1 anit_spyware.msupdater.org

127.0.0.1 anit1478.msupdater.org

127.0.0.1 anit1808.msupdater.org

127.0.0.1 anit2157.msupdater.org

127.0.0.1 anit2242.msupdater.org

127.0.0.1 anit2350.msupdater.org

127.0.0.1 anit2393.msupdater.org

127.0.0.1 anit2520.msupdater.org

127.0.0.1 anit2811.msupdater.org

127.0.0.1 anit2824.msupdater.org

127.0.0.1 anit2840.msupdater.org

127.0.0.1 anit2948.msupdater.org

127.0.0.1 anit3039.msupdater.org

127.0.0.1 anit427.msupdater.org

127.0.0.1 anit988.msupdater.org

127.0.0.1 autoupdate.windowsmedia.com

127.0.0.1 azupdates.com

127.0.0.1 browserupdate.co.uk

127.0.0.1 cioupdate.com

127.0.0.1 ddupdates.com

127.0.0.1 dlx.getupdate.com

127.0.0.1 getupdate.com

127.0.0.1 ieupdate.info

127.0.0.1 install38.msupdater.org

127.0.0.1 liveupdate.myim.cn

127.0.0.1 msupdater.com

127.0.0.1 msupdater.net

127.0.0.1 msupdater.org

127.0.0.1 necessaryupdates.com

127.0.0.1 needupdate.com

127.0.0.1 newupdates.lzio.com

127.0.0.1 nl.browserupdate.co.uk

127.0.0.1 ns1.updatesystempage.com

127.0.0.1 ns2.updatesystempage.com

127.0.0.1 omi-update.net

127.0.0.1 online.update.redirect.hm

127.0.0.1 pcsecurityupdates.com

127.0.0.1 public.windupdates.com

127.0.0.1 registryupdate.com

127.0.0.1 serverupdate13.com

127.0.0.1 soapoperaupdates.com

127.0.0.1 softupdate.net

127.0.0.1 sp2msupdateresearch.com

127.0.0.1 spyfalconupdate.com

127.0.0.1 static.windupdates.com

127.0.0.1 systemupdate.net

127.0.0.1 system-update.net

127.0.0.1 systemupdates.net

127.0.0.1 sysupdate.grandstreetinteractive.com

127.0.0.1 sysupdate.ieplugin.com

127.0.0.1 sysupdates.com

127.0.0.1 sysupdates2.com

127.0.0.1 traders-update.com

127.0.0.1 update.680180.net

127.0.0.1 update.downloadaccelerator.com

127.0.0.1 update.downloadv3.com

127.0.0.1 update.imiserver.com

127.0.0.1 update.kazaa.com

127.0.0.1 update.msupdater.com

127.0.0.1 update.outerinfo.com

127.0.0.1 update.searchmiracle.com

127.0.0.1 update.searchsquire.com

127.0.0.1 update.smart-browser.com

127.0.0.1 update.thunderdownloads.com

127.0.0.1 update.topconverting.com

127.0.0.1 update.webhancer.com

127.0.0.1 update.yupsearch.com

127.0.0.1 update2.outerinfo.com

127.0.0.1 update2.thunderdownloads.com

127.0.0.1 update32.searchmiracle.com

127.0.0.1 update32.yupsearch.com

127.0.0.1 updatecenter.com

127.0.0.1 updated.com

127.0.0.1 updatedcumshots.com

127.0.0.1 updatedfetish.com

127.0.0.1 updatedgays.com

127.0.0.1 updatedlatinas.com

127.0.0.1 updatedlesbians.com

127.0.0.1 updatedmatures.com

127.0.0.1 updatedpornstars.com

127.0.0.1 updatedsexgalleries.com

127.0.0.1 updatedteens.com

127.0.0.1 updatedvoyeur.com

127.0.0.1 updatehere.com

127.0.0.1 updatehq.net

127.0.0.1 updatenow.com

127.0.0.1 updatenow.org

127.0.0.1 updatepage.com

127.0.0.1 updaterservice.wildtangent.com

127.0.0.1 updates.adultprovide.com

127.0.0.1 updates.browseraid.com

127.0.0.1 updates.copernic.com

127.0.0.1 updates.desktop.ak-networks.com

127.0.0.1 updates.desktop.virtumundo.com

127.0.0.1 updates.hotbar.com

127.0.0.1 updates.lzio.com

127.0.0.1 updates.searchmadesafe.net

127.0.0.1 updates.shopperreports.com

127.0.0.1 updates2.conducent.com

127.0.0.1 updatescenter.com

127.0.0.1 updatesearches.com

127.0.0.1 updateserver.gator.com

127.0.0.1 updateserver1.com

127.0.0.1 updatesystempage.com

127.0.0.1 updatetest.conducent.com

127.0.0.1 updateyoursystem.com

127.0.0.1 updateyourwindows.com

127.0.0.1 videocodecupdate.com

127.0.0.1 windows-security-updater.com

127.0.0.1 windowsupdate.62nds.com

127.0.0.1 windowsupdatenow.com

127.0.0.1 windupdates.com

127.0.0.1 win-update.net

127.0.0.1 www.activexupdate.com

127.0.0.1 www.ads.macupdate.com

127.0.0.1 www.ads1.updated.com

127.0.0.1 www.adultupdate.com

127.0.0.1 www.anit_spyware.msupdater.org

127.0.0.1 www.anit1478.msupdater.org

127.0.0.1 www.anit1808.msupdater.org

127.0.0.1 www.anit2157.msupdater.org

127.0.0.1 www.anit2242.msupdater.org

127.0.0.1 www.anit2350.msupdater.org

127.0.0.1 www.anit2393.msupdater.org

127.0.0.1 www.anit2520.msupdater.org

127.0.0.1 www.anit2811.msupdater.org

127.0.0.1 www.anit2824.msupdater.org

127.0.0.1 www.anit2840.msupdater.org

127.0.0.1 www.anit2948.msupdater.org

127.0.0.1 www.anit3039.msupdater.org

127.0.0.1 www.anit427.msupdater.org

127.0.0.1 www.anit988.msupdater.org

127.0.0.1 www.autoupdate.windowsmedia.com

127.0.0.1 www.azupdates.com

127.0.0.1 www.browserupdate.co.uk

127.0.0.1 www.cioupdate.com

127.0.0.1 www.ddupdates.com

127.0.0.1 www.dlx.getupdate.com

127.0.0.1 www.getupdate.com

127.0.0.1 www.ieupdate.info

127.0.0.1 www.install38.msupdater.org

127.0.0.1 www.liveupdate.myim.cn

127.0.0.1 www.msupdater.com

127.0.0.1 www.msupdater.net

127.0.0.1 www.msupdater.org

127.0.0.1 www.necessaryupdates.com

127.0.0.1 www.needupdate.com

127.0.0.1 www.newupdates.lzio.com

127.0.0.1 www.nl.browserupdate.co.uk

127.0.0.1 www.ns1.updatesystempage.com

127.0.0.1 www.ns2.updatesystempage.com

127.0.0.1 www.omi-update.net

127.0.0.1 www.online.update.redirect.hm

127.0.0.1 www.pcsecurityupdates.com

127.0.0.1 www.public.windupdates.com

127.0.0.1 www.registryupdate.com

127.0.0.1 www.serverupdate13.com

127.0.0.1 www.soapoperaupdates.com

127.0.0.1 www.softupdate.net

127.0.0.1 www.sp2msupdateresearch.com

127.0.0.1 www.spyfalconupdate.com

127.0.0.1 www.static.windupdates.com

127.0.0.1 www.systemupdate.net

127.0.0.1 www.system-update.net

127.0.0.1 www.systemupdates.net

127.0.0.1 www.sysupdate.grandstreetinteractive.com

127.0.0.1 www.sysupdate.ieplugin.com

127.0.0.1 www.sysupdates.com

127.0.0.1 www.sysupdates2.com

127.0.0.1 www.traders-update.com

127.0.0.1 www.update.680180.net

127.0.0.1 www.update.downloadaccelerator.com

127.0.0.1 www.update.downloadv3.com

127.0.0.1 www.update.imiserver.com

127.0.0.1 www.update.kazaa.com

127.0.0.1 www.update.msupdater.com

127.0.0.1 www.update.outerinfo.com

127.0.0.1 www.update.searchmiracle.com

127.0.0.1 www.update.searchsquire.com

127.0.0.1 www.update.smart-browser.com

127.0.0.1 www.update.thunderdownloads.com

127.0.0.1 www.update.topconverting.com

127.0.0.1 www.update.webhancer.com

127.0.0.1 www.update.yupsearch.com

127.0.0.1 www.update2.outerinfo.com

127.0.0.1 www.update2.thunderdownloads.com

127.0.0.1 www.update32.searchmiracle.com

127.0.0.1 www.update32.yupsearch.com

127.0.0.1 www.updatecenter.com

127.0.0.1 www.updated.com

127.0.0.1 www.updatedcumshots.com

127.0.0.1 www.updatedfetish.com

127.0.0.1 www.updatedgays.com

127.0.0.1 www.updatedlatinas.com

127.0.0.1 www.updatedlesbians.com

127.0.0.1 www.updatedmatures.com

127.0.0.1 www.updatedpornstars.com

127.0.0.1 www.updatedsexgalleries.com

127.0.0.1 www.updatedteens.com

127.0.0.1 www.updatedvoyeur.com

127.0.0.1 www.updatehere.com

127.0.0.1 www.updatehq.net

127.0.0.1 www.updatenow.com

127.0.0.1 www.updatenow.org

127.0.0.1 www.updatepage.com

127.0.0.1 www.updaterservice.wildtangent.com

127.0.0.1 www.updates.adultprovide.com

127.0.0.1 www.updates.browseraid.com

127.0.0.1 www.updates.copernic.com

127.0.0.1 www.updates.desktop.ak-networks.com

127.0.0.1 www.updates.desktop.virtumundo.com

127.0.0.1 www.updates.hotbar.com

127.0.0.1 www.updates.lzio.com

127.0.0.1 www.updates.searchmadesafe.net

127.0.0.1 www.updates.shopperreports.com

127.0.0.1 www.updates2.conducent.com

127.0.0.1 www.updatescenter.com

127.0.0.1 www.updatesearches.com

127.0.0.1 www.updateserver.gator.com

127.0.0.1 www.updateserver1.com

127.0.0.1 www.updatesystempage.com

127.0.0.1 www.updatetest.conducent.com

127.0.0.1 www.updateyoursystem.com

127.0.0.1 www.updateyourwindows.com

127.0.0.1 www.videocodecupdate.com

127.0.0.1 www.windows-security-updater.com

127.0.0.1 www.windowsupdate.62nds.com

127.0.0.1 www.windowsupdatenow.com

127.0.0.1 www.windupdates.com

127.0.0.1 www.win-update.net

127.0.0.1 wdcs.trendmicro.com

127.0.0.1 www.wdcs.trendmicro.com

127.0.0.1 sunbelt-software.com

127.0.0.1 www.sunbelt-software.com

127.0.0.1 mailpanda.com

127.0.0.1 pandaasiannude.fsn.net

127.0.0.1 pandaprints.com

127.0.0.1 pandasoftware.es

127.0.0.1 pornopanda.com

127.0.0.1 www.mailpanda.com

127.0.0.1 www.pandaasiannude.fsn.net

127.0.0.1 www.pandaprints.com

127.0.0.1 www.pandasoftware.es

127.0.0.1 www.pornopanda.com

127.0.0.1 windowsupdate.62nds.com

127.0.0.1 windowsupdatenow.com

127.0.0.1 www.windowsupdate.62nds.com

127.0.0.1 www.windowsupdatenow.com

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-17 09:15:26

Windows 5.1.2600 NTFS

scanning hidden services & system hive ...

IPC error: 2 Le fichier spécifié est introuvable.

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes00FA0000063D11C8EF00054038389C]

"C040FA0900063D11C8EF10054038389C"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\66EDAE6A0000000084E4E7A854000000]

"68AB67CA7DA76301B7447A7000000020"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003]

"8A0F842331866D117AB7000B0D610003"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F4DB32D08C445EF48BCCA4FADDEFC148]

"D1CB593B60CCE5240994C49D58FE0F40"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA76301B7447A7000000020\Features]

"Updater"="i4~nD_nPB=]dpXM(BkO6b@'2xQc4a@7&l3S~&z8MdpV~l]-O]AXdbw`+{OPV66$3PEIc(=UdP}c^]o_U_v}zQLIu`@}jJ.-M?3TO_lSYpFsAL=X5ZHczwEW$ddFwLyJXu9bncpOcNI2z\2ReaderProgramFiles"

"Reader_Big_Features"="eicXT!cP]8W$]!^Ma0[^"

"SearchAndIndex"="'o%[email protected],Ux(vAPr`b}MA=~wIdrC`(DL+h^xgiT49H$l~o?JOg(fsuLwNQYa=QwFYM_nwbM$E(h*28T5=Ocg`@5_YDBwwc$b8,r[@nruGZf0P,UM$4GP`4ws=nuPFo$?CFB\2Reader_Big_Features"

"eBookEBXPlugin"="K9{!GAXPX8HOdiUw?WM+Nz2cV.CQh?-,(s?@=7fkiUajX9'(,?bG)AME%.vnEix*nr@L[=UDL)eK2H0U]m5Iyy7&,?vB5yd+X-ba}jouU'ygb8)RXq_u&z{p\2Reader_Big_Features"

"ReaderProgramFiles"="._FU*(*_2@0slVZ*5.z_v-]SdHa@k@=nH}[email protected]=z7XY9b=194Dy`[email protected]@le2hu+bKa)B~TAV?e@vJ4`k31$yC@'t8+@)cJFU?,JX(B,ig1O9%A@y{B[`7Rlq6f3W1+7qj+=.rcJ4CazuNl{n^ry?Ot@2d1lc!YJQr_QYe0sBt??CX%pr$P[^p%Dr=J5G.3@B[o!jMLkHhfVknlUmRq8^U^%-ji,xhI[PPih36KA!7MB!^J,R&F{i^-Yf1N9z_yJp?~@!e.xeodI0a9?*PwJ9PAh$$5m5H-EB^w=@7cJ?_CS%B5JiDH@eh99k.)~2E+oT*UJWnkJJ).@1[MUSjj]V[9JYpAndr.?J0G'OVCEk4s5KOXX(Tx@O9it$PYp0%q{*bUab!k@8(itf5ZXiN7+0R8+hnK?x0^1%oW}-+~kh*9PLwPA)~~~KdW]jWzcpEb)~jz?ptW2H-fY',ZSFSFJ,gF=Faq]nD[DSrp5H~36!nc@e2YLT4GPl[1tcPQSbsd?m}OH+*wg}(JdnnNi-d?AjlR&UdQ%RRn=B1Z`VZ%@3r?8ZtrD7q*iv+yATUy8JF$5xzgV35v-JpP%J!N@1sI*A^'am)JZ[1?ytaC9R-Js]{uAhdN9$M.CgJn8W&Qk7n!du=q!.cv1([@9PAKWV6Gj!zfX--TA)F6@q75[1+_[ms4v''43I9J?K`S+v3*LNbdhe=lLSt,?NY,t*K)@mG9dHm&g^rD?Z5LM9qR_rrVE2sy.vXs@`-zl4onx]h8pVC=,wIs9B+Owz0mED3gpt4FA_h{9xK1IDV?OW@ghhxq+lFy@DG-g^-+'d=SJl,szLhw?ht`0,.926K8y!moDy7X@rtiW'j!b+(C?OaVN&E}8!+o8IP}@y^P}a,0_Q]FA!pRKKOv=cN?(HrL[bDx9jj)@iSwoXF+I_q9xm5l@5fj[hX8tk)0=J[O`v^9=_qKwW[nRoe-9)'z0'GX?9nMWL]C3*w)yaokOVQZ9T-Dto=@fKY.(yo@Y@i+=hO8(%~~M_hTSp[-gRtTA==]p?,NP9=[nIX?V7zP?.^b^v{2x_rT,=OH8-v`AtP%+XMJko1$GtTiU[[email protected]!NAFUaxk+xt*j^h?sakH%j,W`Kx}{1QlKcE9BqLy+a%k}vq2H*OKKee8mq$v]+g&JQJDcb&69~N?vrX$oHDCU(zYKuKujjc?.lSp]gNYDFip{$(8(+b?3!_Gw`F~Jd12wyMf6m)9e2YSmA([gRH]r',s}Uc=fVIIX^f[cQgS8]C2RGt?k-Il@7}M~[$utx1`%}k?EZM@D]&^*t8jBev-lYSAGmXPA[w_jCX64$.rEk.@Z@9[@K}b'qVF&^&Xgu`@4ekFN(2qmzd1mJl_yp8@x-*H'tRF!)Y'LBbd5V=@%w'R4OZPBY&kLBtQ6jJ?({$0)gJg5.G0Ytdj-6+Aza}{05HS)ef2xvD5k&V=21*ndh=Oe*,}rT+Z5}.=%TSxXiSJey=eo]UELY9@leb-+2j4T9nSAEh,AGbAW['*HYi?T?`'zu0.zV$ApA8qt3e%?mHkS,U^WsS9t-UB8I0G4b,&}ut*]mb?S6sA*{%`EHS-B!xq)gL=M!%%,I4-y)3p8*o,]ag9)X$n66`j(Hl!O)_66x0?^$r?@)FFxYI1Y(2^GoW?y[?lfgF)yQpazO*L.Ub=ONkK$%RC8Q"

"Plugins"="&=f}W-ju1=yjHfRQh*x_%Td1Y+s-8@9i{z48qLAXU6}D``o9R?KtQhi?XANATFTm8DqSV@4ubojGCqa6+iu*_y9t~=5gD^ZnrR_'*!!6ijs!H=QHtAj^2H}3eva4RvV}}?.oBwDB?pfiqP{HC'kyd@m4!AIEzdFVo{ur_AJ()@Z(3sz57e+'kdNk072!`9{)%XW0Ob-f7`zRWwz{[AJG89vxdd8=Lc)]v4Ga&Axo4-A[vN85q=7R8jPvX8fm]Z1zjZHp5*Aez{A3C?&Ua7@9j'OFovVXoNjL2?66kYx,e[sX!hRiLl@P6=mTV+,S6T7Oqg@uKeEha@eB53&J3A!.L&3wF)fZg8a3fZrMG810so,0Iqh4.@i+8m=Gii06LnvPZtcP-9OcjN.=r2Y8\2ReaderProgramFiles"

"MultimediaPlugin"="L]Ps9Twl?9+3TW[sd^W)1soY[_KL(9YYxkba(ui9`E'bOz^,=9iI`*kxJN~wDYdO*0.CZ96qx3ceJ3Dl\2Reader_Big_Features"

"Help_Full"="-J1GdXi6$?V{p%9)GncqSb*.s)hLBAsW.?Lz%q=m\2Reader_Big_Features"

"PictureTasks"="3UM6RC90I=AE,fJ1U1Oz8k@%4JNzM=zPT+'Pj0D7}2!joeUPc9py^6iFeVjQ7A5PfmEM)@-FbLP7+EDXNX3&me0EL?Es$tl~VD3ZRf}W8SKDm@C)b@n7~~kmwv)a%A=+-9zit[XBl&_u?-]x1B}7q8i_h~2gKjWeSV8dgYlNj?6@?I*![9}c2*&ohm%4I@qdLlVW*_z-\2Reader_Big_Features"

"ImageViewerPlugin"="2G1=)!c}i9mIa4,2fQU@Syx_**&oq8_LFiW9g?_@EdOAv7aO8@8@QBQss*-7&0RxoptUO@qipu8ufo~'_&~0_9bv!=VfwKb*hxtz\2Reader_Big_Features"

"Acrobat_3D_basic"="ZY4FfL$GK?%m_xV!&KMn\2Reader_Big_Features"

"AdobeCommonLinguistics_Big"="R9n)0+gS_?$m-YJ](u_M~j*(D$9fB9xb+~OdyrZ*M+u8Hsx_E99Ppu!8y,+cM4)r,18[_=sgh.WKZW[y5JD445r2~=8?]b@+yhF9\2Reader_Big_Features"

"PatchExtras"="=twaD[iv!@lH=4&l)zYB?94qO1j`%?Zw@LBXN6g`u]U8i+HEb9xz{kj6M!6n{o3c8Kl)p97R^}?8A3j_Zl?PbGT&J@q1C-*vjOpL\2AdobeCommonLinguistics_Big"

"CE_FONTS"="Vgu[T.6M[A4OjW@jB5U[\2Reader_Big_Features"

"ReaderBrowserIntegration"="%5ys[$W1k?DZ*z3.7~6wF24~6%@{c?t`mH_zz^6a[@3*DJp!S@Nq0Vv&r}SfhF{PZ!~z(@}uUrWN+SlCx7lwS7K.k@_(FYV]`Yrg\2ReaderProgramFiles"

"ReaderPDFIntegration"="y*LkN?!)RAKft[lNW8Nz}eRAR)wxX?Cb80!DFg=_]kMXt{RiR@Bn!g_javLWH9ND.hxI[98%vV`jvHqEKQs(!qBnOAS@xF7EAeNc{lJ+!m*u}8Sm0EAjf@Aa{PQ3pdCLD@lKUA2[{em1*Z)DM9DQ*9J[d4ujdve4~&Ur*Zrjr=,`?ZgbcKac._k_n,w3Q?f=3qRMTAx--o6tsP@tX8(V3Dfv3`@=\2ReaderProgramFiles"

"Accessibility_Plugins"="rH+Ig=T[(@$b`*tHJpvrWjPC897kA@pS4q'eMamAIS=Tzjq8_@OeYM_%})9)HCa!h0UMn9JH3_6?&K,yrIT'YWhV]=[`9yu,Ul]zVn{C6z1{89AWhm!Yr09=hqg9z5=1i?u1^nD{C+c=NHHE]{D@0@_pa7CH*5C+11oOaEv,@?=&5sK`dD]UtWuNMBc7W9^+.c+NaZ7W\2Reader_Big_Features"

"Atmosphere_3D"="ha'WCGBLV9v$u[iDyRj]^X)x8c*bF9uX[Yk=h*t0uq35L?Q0o8]jc!1GgjE*G'QpR3o[*@SJ!2y*ZuqT2=eUxr-88=X[^'-qu[uWu?zcG%.hX?W4c98w2^aD10_ByZ$2=@2dw0e74ry9\2Reader_Big_Features"

"AdobeCommonTypSpt"="?Uuvn1CY]9h]5%hs-_)($1EtTD&C!@AV%RYi&iUS6GO[6yJdB?tP?zE9`hGE(v=4xR+L'=I1?Ira0)!Yk'}C(pAS6=sK,p&Cy[vehN]ko%_-R=X3u-,FZ8zAE0(a89(xJ@xXm7S~l71b\2ReaderProgramFiles"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA76301B7447A7000000020\InstallProperties]

"RegOwner"="Dusoulier Christian"

"RegCompany"="Home User"

"ProductID"="none"

"LocalPackage"="C:\WINDOWS\Installer\a2f93.msi"

"AuthorizedCDFPrefix"=""

"Comments"=" "

"Contact"=" "

"DisplayVersion"="7.0.7"

"HelpLink"=str(2):"http://www.adobe.fr/support/main.html"'>http://www.adobe.fr/support/main.html"'>http://www.adobe.fr/support/main.html"'>http://www.adobe.fr/support/main.html"'>http://www.adobe.fr/support/main.html"'>http://www.adobe.fr/support/main.html"

"HelpTelephone"=" "

"InstallDate"="20071211"

"InstallLocation"="C:\Program Files\Adobe\Acrobat 7.0\Reader\"

"InstallSource"="C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\FRA\"

"ModifyPath"=str(2):"MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70700000002}"

"NoRepair"=dword:00000001

"Publisher"="Adobe Systems Incorporated"

"Readme"=str(2):"C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm"

"Size"=""

"EstimatedSize"=dword:000131bd

"UninstallString"=str(2):"MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70700000002}"

"URLInfoAbout"="http://www.adobe.fr/support/main.html"

"URLUpdateInfo"="http://www.adobe.fr/support/main.html"

"VersionMajor"=dword:00000007

"VersionMinor"=dword:00000000

"WindowsInstaller"=dword:00000001

"Version"=dword:07000007

"Language"=dword:0000040c

"DisplayName"="Adobe Reader 7.0.7 - Fran\x00e7ais"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003\Features]

"other_US"="r+A+4.oCg(^O3Xa,A]FH"

"both"=""

"IESUB"="\2both"

"MOZILLASUB"="\2both"

"extra"="h1A+4p^$G@n}-$+KWS4r"

"jrecore"="F?A+4'KCg([i3Xa,A]FHF?A+4'KCg([i3Xa-JxbHF?A+4'KCg([i3Xa.S9!IX9A+4$qd*?do.B$rpHeTE&jA4'KCg([i3Xa?uBL3F?A+4'KCg([i3XabEdIN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003\InstallProperties]

"RegOwner"="Dusoulier Christian"

"RegCompany"="Home User"

"ProductID"="none"

"LocalPackage"="C:\WINDOWS\Installer\1e037c3.msi"

"AuthorizedCDFPrefix"=""

"Comments"=""

"Contact"="http://java.com"'>http://java.com"'>http://java.com"'>http://java.com"'>http://java.com"'>http://java.com"

"DisplayVersion"="1.6.0.30"

"HelpLink"=str(2):"http://java.com"

"HelpTelephone"=""

"InstallDate"="20071211"

"InstallLocation"=""

"InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/"'>http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/"

"ModifyPath"=str(2):"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}"

"NoRepair"=dword:00000001

"Publisher"="Sun Microsystems, Inc."

"Readme"=str(2):"C:\Program Files\Java\jre1.6.0_03\README.txt"

"Size"=""

"EstimatedSize"=dword:0001bd4e

"UninstallString"=str(2):"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}"

"URLInfoAbout"="http://java.com"

"URLUpdateInfo"="http://java.sun.com"'>http://java.sun.com"

"VersionMajor"=dword:00000001

"VersionMinor"=dword:00000006

"WindowsInstaller"=dword:00000001

"Version"=dword:01060000

"Language"=dword:00000000

"DisplayName"="Java 6 Update 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B79C053C7D38EE4AB9A00CB3B5D2472\Features]

"WebPublFiles"="]aZF&kXsf(lf*L[_GKba}gbvW,Qmf(G'*L[H+8]bZ}IuVaZtf(Cyn.Q2tAE!_{@h=i,nf(R8(L[JO9}X_}M^V8Xqf(Rp)L[_GKbahlT]jI{jf(=1&L[-81-]I-M04-B~f(8Hw.QdFt.0T4}vzw$wf(dKr.QPSdMu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B79C053C7D38EE4AB9A00CB3B5D2472\InstallProperties]

"RegOwner"="Dusoulier Christian"

"RegCompany"="Home User"

"ProductID"="12345-111-1111111-46394"

"LocalPackage"="C:\WINDOWS\Installer\24598.msi"

"AuthorizedCDFPrefix"=""

"Comments"=""

"Contact"=""

"DisplayVersion"="9.50.5318"

"HelpLink"=str(2):"http://www.microsoft.com/windows"'>http://www.microsoft.com/windows"

"HelpTelephone"=""

"InstallDate"="20071207"

"InstallLocation"=""

"InstallSource"="C:\WINDOWS\System32\"

"NoModify"=dword:00000001

"NoRemove"=dword:00000001

"NoRepair"=dword:00000001

"Publisher"="Microsoft Corporation"

"Readme"=""

"Size"=""

"EstimatedSize"=dword:00000a6c

"SystemComponent"=dword:00000001

"URLInfoAbout"=""

"URLUpdateInfo"=""

"VersionMajor"=dword:00000009

"VersionMinor"=dword:00000032

"WindowsInstaller"=dword:00000001

"Version"=dword:093214c6

"Language"=dword:0000040c

"DisplayName"="WebFldrs XP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C040FA0900063D11C8EF10054038389C\Features]

"PowerPointViewer"="-q1y7QC.hoDx0g_j4N(k&n~@_9wg}9P~'jMu$n~9CO&s0I,yD@j)Mo=UPGg`Nl){xl&r$=j.nv1g}.u,Yp(gp~`qc?h4`4z.-(8t_Fb5Xwnst@q382?cD&~y-G9=Gl8qu9gMMzgW%S?m{Is$[E9NI=~JRI=5.Q@%"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D1CB593B60CCE5240994C49D58FE0F40\Features]

"LightScribe"=")~C[`Nt?.@A&]nc9J)Z.D0s%I[[email protected][gze=vD@XABPNl?6!2QB~daXgo)9J6FUUaFJHQ1_ekJW84+AfVPh*F5W4,DTm4X]FP+?`*vCOu}b?+?,rOUcbh}8A$u%e(ZT[?Gb$_SP6e6?&(Ji`~m60GlDGsA&Rse9dU'sOx_P^jf{t.NeZH(9wAO,?=3HCI$Vh'beU44?MNO85GB83wSm(,!7lFw?)3'kPkb$6*d=UlRrg]X@l+.T6hF)2_hAJxP4RVr8OZ53K`mXYo)`FyUCVes@MH(_qeZ8iCdA3LIai7DAL}DRI*La}=_5Apz3CP)@*6YnSO4sk1bv5[)DDoO?tVf'L(%$$^BQgyj]^h~?@7'VIx{9hM6lyE6c4~^=wFZ]c6io1&[d?~II$cx@L*8w6h&s3x1pxWW[`Qq8H?,?u$EozV0ndJRI-J+=!@`PQ%,Fe,rSd^1H`]]A(5x*IyC'=-Y=VOX%LCf?aMzzfY-qVdJ3}P^Jg0I?.P7uqEHvMr=KI[)%%Y29x86f0{p2]_HD1_H9Yjs=I0tOkhLFXJ*UoL^v6ke86dYyj..8,29UF+in,!t9_F@ZVbGiMev6W6lRA5l8z=P9Cr$%)yZ}.3&aY'Z8'q8S3WX5e8i77tKH([c8]Kh'`OZmriV5B2'A-kK=K_*vF?[TxSK63vqF'nu@{6D&3D+X,$P,1%rzjdIAXox5qNimIuoi?Rda.83?}Xm^[ySi66eWN?X,Yd5A1pgKVcuO*(${^{q^iIw=fro~'DRVz!q^rciQOOZ=R2_siJB*,C[83?='uIMA!K.*`.1!(-P-)E?~+!6?i}+}vLp$Y7Cr*[_,yV7='!Q+X%5Vw0h73Aw'@Q!=gwn~%hb0e*dGDqGzYbAA1^AD@S37P%I[P+oL1&=@7`yT^FYvzf%*TELs]6,AA=!j7_Q)y^dC1lMbPq69%,.eZ5&w[&uQQb50tue=qwi]wTap8VDa)_iT[L9=1yc&GCP+ov0'0uDth9k?W]CjOBT{1c$RNAG[``p?@58Cb=N8G^E[ituHr0_84]?4r+MQrz_p76IiIf(AhZ6,6maZ{6PLj_D,pt~?GYETs{U91v4e_fBY=l{@UcDoUR$Jj*65LXRb2QB=D9$kclY$1NY*CQaoq5@?&!DKpRGOqNdlTZYy&mH=p3p5*t2&Kv~!r=LPTN@=C?&TMbY%@MA_$TNtM9+=3IM032`1%-@~A0kaX0x8KenOEVljv[g0BfCk{4&9@u3Wo?cUGTcVz}`Jg)'@n7*w[l1M'x'g[utqZ`i??{=I]4$3MtSN)siMYbF@a(AUTukCWRt}ea?8M`f8U=FcLBja*w+ZP%aLs.i?2WY.jlW~RCRkeQlW%RY?Eo=v`HT`-_nt4Q&h4]G?LOHEr7IfV&'FvS%O?`&=OSZs(~WJMu$rs~llV]D?&S^1Jq@zWxWdz7ETooU=LvR(Y.C&.^93{&1I4WH9asFwE=nWs+(g,j,hM`o9QtzU?&uOZVZ[E`r%K!=9?m$%t.66-69)eu^5T4}8Ym&7$1^s0S&O.~$FzQy8Noo_FLhmJJmccCe[aPZ=y`tdPFdzUfB0zof}ApD=pxegN[o*E.*z%!$]F9V9_l]OJDMSB,^cug!FNsx9QjVWKRP$bp[h{pjVG?UA{(KNav7ml-k+K35NdOp97=w(v{67?lY4bDvq&DQ=jS&V-0lkO%uvnlZwNvx=e*GO185NIcoWbR,wY_0@2F'$nkAyCx.^Ir$@Vqf?c-oDxfJlH0oI^=@[x*T@j1jjyh+jt^oA~OxD5H_=Y&4x^jrZ!6fh72Vzz3t8P$H(Ah3*m&(Kn~&2=bk=3I$@imY4?M-BOko=NxX?q+@d'F=6o.&Y5gu[swb?8E@Bb!efKb"

"LightScribeUE"="7R4FZT}w??3DF,=~*{x,F*D]87&&f@zTOdJt4_44.oU]B%]v4@xX?D3%h?0QWC@{Rh=Hs9~oiBn[3g]F5CeBjP+Jm9YNtZY{&gqeaTS3(gq66@%Fm?[ssCrg6+&+F5FB-9^v^5X4qiI+7glMkzNQr@hsgj8kT&CDgrY,ii7Rb=85Laj3trK-ylu6p}uCD=$n,gNVMORuKkeOtG]?F@bD{dQ*%qZe(GzEc(aYm8FWhpprda8{1S6(_'3^9?@4noRqL1KQv5~k^V62D9yHU$*%Cer6w0oRr$JHcA`Y9OipH@PNe,dg[--p9?Bc&*,B2W){75!)%(DfB9vPS!JAle'.wxyJ5asMo?8HG.t}vg1eggN%1fZy}9KMGP)oI!dRJ=&Bu}1q!?%BMOM9Sc6KeQ6~qxH0%=3^7~4L96E-?Ua=VA@'n?-KjC.l`o'dBPZ~PCe9?9fxB(xTn6DmimxIk}[KQ9k[.tkY.96x4T879ijij?M_tcvi+QL!D1tl43zZ+A0~MEC2qbHy&ZfwJ!-q6?%]EEO3R[$9^oeYV'6wi9ALQRkfu$!V+c+riFI1l@wJTn3LX9!S4d1Q9O(YN@BnhSV2tJnY?kFNOb.=r8HH0skUDDty11s~J@5xDA=G_Fe{r6cOnDK'Z&Umf?.UOeyeQ`XHEohvgVD~v@rwfYht(6Wo]]uZiqEt-9@T!wPrQDm7Z.WOHXCNw82DQ,-,6gv(qvvVxKM82Af0tqc$c,S8*0rRaquu[=*i$Gl`7&-lv)Qlw(w~E@vv&hP%(S2TBL2vh.'c4A7hRZ&WQkr3Zo0ShWP@,@p++fJ(.R-ylY&2zH^b^AEM%Oqj-_I4i3pQekMcn8uhFRO}`?ht%z@9!.2UL?2Ip9inz`8T@0w[cGz'H=`!Fh0`f]Acef*'Hf5j!=hH)1_AUCu-FH0&G6y{T9Kp=v2Ac[)PPj9R3NqV}=ptI'Gln'Kc*~0ST(OQX@ePGNB5s]Epcjz{0j[nY8Hf~&SHo=Ft`u(`?F}ro=).n}g'Z'26k)a1pbvvI9k]j3'e`CwvIMhhW4v9UA1M1-H69W0_FZY_,KQv2@X]sYy}4VdcKd!JcL(v_A{VOr5$,T(Aq*Ivk!V&E=Bjkq@O))vZB2802!lHH@BQDuGd!-DFy-K{Op*ZSAFG-jgx^$yCDh*$G')+z=0%gZ8ltf(.Lq^GWXfkr8yXOes8vS=37!+fnxo$N?im08^N.bdhrB)noq$k^?b05^(_~}4d4yfs=[6=j=u[7no$`D7(VD)5R?'G[9&AlP%d[{Xwc]ip'^r+F@o7THhZK{t=+}Hx7VzjCAs5HC9h?j1&"

"LightScribeCpan"="Lont7(?11A7=Olr_TEU.c8SAgGLn8AwJXzQ8dh^%Sl]B(JZO@=3W$yaM1t--2~*Jaa=,w=LQE{%i!jkGu&(At`nT[8HqzW]gA0d=s+%j8qqL[8}MRGR(-Bo,BJd}f0[-N?5rH@wb+l1rhR+-R'G~M?WKatt@AlM8.*Mo*'V&CA-Nl7Gi`flcK[_l5f}+D=JlMGAiyikF)_PnGRJcf9RWL's9PZDZkDiKCB-Tr?geJwk&kK&N*QLp?DdY^=9GO58WQc*YH^WE^+EU(A!u?f$y35==y^l0,.*-c9c$i[@}8gD1wr&CT7xtB@%qqE]!(u).+ZIC_a[R'Ab_jNahxxGt$[Z9rr3{+@z]TxH{iSuCa!K7dPX@W9m1`ACzgnr?pwqJ3=rNGA+aJtmb4ree2l3u&U*yw=J!5.++)=(G90oyRy5p%=c[ERH[53z`^vtUDFml??_+@arR(.AiG!AD3c^Q1@^S!kReUGSB2uYlnXpyr?S*R7=?Tf&s.6=IoHto6?[tx2RagJw?93N,{scu2?*]S}Y%VkdxOMP0Bc@Y&@ZbM-E=oObx"

scanning hidden files ...

scan completed successfully

hidden services: 0

hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System

260 - firefox.exe

328 - ADSL Autoconnec

492 - svchost.exe

584 - csrss.exe

612 - winlogon.exe

656 - services.exe

668 - lsass.exe

852 - svchost.exe

932 - svchost.exe

1012 - avgnt.exe

1080 - mamutu.exe

1100 - avguard.exe

1220 - TaskSwitchXP.ex

1360 - explorer.exe

1380 - ctfmon.exe

1528 - Webshots.scr

1588 - dllhost.exe

1656 - a2service.exe

3348 - cmd.exe

Total number of processes = 20

NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe

806B5000 - \WINDOWS\system32\hal.dll

F8A35000 - \WINDOWS\system32\KDCOM.DLL

F8945000 - \WINDOWS\system32\BOOTVID.dll

F84E8000 - ACPI.sys

F8A37000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS

F8535000 - pci.sys

F8545000 - isapnp.sys

F8A39000 - avgarkt.sys

F8A3B000 - intelide.sys

F87B5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

F8555000 - MountMgr.sys

F84C9000 - ftdisk.sys

F8A3D000 - dmload.sys

F84A5000 - dmio.sys

F87BD000 - PartMgr.sys

F8949000 - hotcore.sys

F8565000 - VolSnap.sys

F848F000 - atapi.sys

F8575000 - disk.sys

F8585000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

F847D000 - sr.sys

F8595000 - avgntmgr.sys

F8469000 - KSecDD.sys

F83E6000 - Ntfs.sys

F83BE000 - NDIS.sys

F83AB000 - sfvfs02.sys

F87C5000 - sfhlp02.sys

F8399000 - sfdrv01.sys

F837F000 - Mup.sys

F87CD000 - agp440.sys

F85C5000 - \SystemRoot\System32\DRIVERS\processr.sys

F8284000 - \SystemRoot\System32\DRIVERS\nv4.sys

F85D5000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

F85E5000 - \SystemRoot\System32\Drivers\Imapi.SYS

F85F5000 - \SystemRoot\System32\DRIVERS\cdrom.sys

F8605000 - \SystemRoot\System32\DRIVERS\redbook.sys

F8264000 - \SystemRoot\System32\DRIVERS\ks.sys

F87F5000 - \SystemRoot\System32\DRIVERS\usbuhci.sys

F8245000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS

F822D000 - \SystemRoot\system32\drivers\ac97intc.sys

F820C000 - \SystemRoot\system32\drivers\portcls.sys

F8615000 - \SystemRoot\system32\drivers\drmk.sys

F880D000 - \SystemRoot\System32\DRIVERS\fdc.sys

F8625000 - \SystemRoot\System32\DRIVERS\serial.sys

F89D9000 - \SystemRoot\System32\DRIVERS\serenum.sys

F81F9000 - \SystemRoot\System32\DRIVERS\parport.sys

F89E1000 - \SystemRoot\System32\DRIVERS\gameenum.sys

F8B82000 - \SystemRoot\system32\drivers\msmpu401.sys

F89E5000 - \SystemRoot\System32\DRIVERS\usbscan.sys

F8A43000 - \SystemRoot\System32\DRIVERS\USBD.SYS

F8B86000 - \SystemRoot\System32\DRIVERS\audstub.sys

F8635000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys

F89ED000 - \SystemRoot\System32\DRIVERS\ndistapi.sys

F81E3000 - \SystemRoot\System32\DRIVERS\ndiswan.sys

F8645000 - \SystemRoot\System32\DRIVERS\raspppoe.sys

F8655000 - \SystemRoot\System32\DRIVERS\raspptp.sys

F89FD000 - \SystemRoot\System32\DRIVERS\TDI.SYS

F81D2000 - \SystemRoot\System32\DRIVERS\psched.sys

F8665000 - \SystemRoot\System32\DRIVERS\msgpc.sys

F8825000 - \SystemRoot\System32\DRIVERS\ptilink.sys

F8835000 - \SystemRoot\System32\DRIVERS\raspti.sys

F8675000 - \SystemRoot\System32\Drivers\pcouffin.sys

F80DD000 - \SystemRoot\System32\DRIVERS\rdpdr.sys

F8685000 - \SystemRoot\System32\DRIVERS\termdd.sys

F8845000 - \SystemRoot\System32\DRIVERS\kbdclass.sys

F8855000 - \SystemRoot\System32\DRIVERS\mouclass.sys

F8B94000 - \SystemRoot\System32\DRIVERS\swenum.sys

F80BB000 - \SystemRoot\System32\DRIVERS\update.sys

F86A5000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F86B5000 - \SystemRoot\System32\DRIVERS\usbhub.sys

F8865000 - \SystemRoot\System32\DRIVERS\usbiad.sys

F8875000 - \SystemRoot\System32\DRIVERS\usbccgp.sys

F8885000 - \SystemRoot\System32\DRIVERS\usbprint.sys

F8357000 - \SystemRoot\System32\DRIVERS\hidusb.sys

F86C5000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

F8895000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS

F88A5000 - \SystemRoot\System32\DRIVERS\flpydisk.sys

F834F000 - \SystemRoot\System32\DRIVERS\kbdhid.sys

F834B000 - \SystemRoot\System32\DRIVERS\mouhid.sys

F86E5000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys

F8A55000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F8BA2000 - \SystemRoot\System32\Drivers\Null.SYS

F8A59000 - \SystemRoot\System32\Drivers\Beep.SYS

F8BA5000 - \SystemRoot\System32\DRIVERS\AvgArCln.sys

F88CD000 - \SystemRoot\System32\drivers\vga.sys

F8A5D000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F8A61000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F88DD000 - \SystemRoot\System32\Drivers\Msfs.SYS

F88ED000 - \SystemRoot\System32\Drivers\Npfs.SYS

F8337000 - \SystemRoot\System32\DRIVERS\rasacd.sys

F8705000 - \SystemRoot\System32\DRIVERS\ipsec.sys

F7023000 - \SystemRoot\System32\DRIVERS\tcpip.sys

F6FFE000 - \SystemRoot\System32\DRIVERS\netbt.sys

F8715000 - \SystemRoot\System32\DRIVERS\netbios.sys

F8725000 - \SystemRoot\System32\DRIVERS\wanarp.sys

F890D000 - \SystemRoot\System32\DRIVERS\ssmdrv.sys

F6FD6000 - \SystemRoot\System32\DRIVERS\rdbss.sys

F6F4A000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys

F8735000 - \SystemRoot\System32\Drivers\Fips.SYS

F8745000 - \SystemRoot\System32\DRIVERS\avipbb.sys

F8765000 - \SystemRoot\System32\Drivers\Cdfs.SYS

F6E94000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F8A67000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \??\C:\WINDOWS\system32\win32k.sys

F81AA000 - \??\C:\WINDOWS\system32\watchdog.sys

BFF80000 - \SystemRoot\System32\drivers\dxg.sys

F8C1D000 - \SystemRoot\System32\drivers\dxgthk.sys

BFDD0000 - \SystemRoot\System32\nv4.dll

F4AB1000 - \SystemRoot\System32\drivers\afd.sys

F4A11000 - \SystemRoot\system32\drivers\sysaudio.sys

F4879000 - \SystemRoot\system32\drivers\wdmaud.sys

F8ACD000 - \SystemRoot\System32\Drivers\ParVdm.SYS

F455E000 - \SystemRoot\System32\Drivers\Fastfat.SYS

F43F5000 - \SystemRoot\System32\DRIVERS\srv.sys

F42F2000 - \SystemRoot\System32\DRIVERS\ipnat.sys

F8BD7000 - \??\C:\WINDOWS\System32\Drivers\mchInjDrv.sys

F8B5D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 118

Liste des programmes installes

a-squared Free 3.1

Ad-Aware SE Personal

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 7.0.7 - Français

Adobe Shockwave Player

ADSL Autoconnect

APO Usb Autorun

Ashampoo Burning Studio 5

AVG Anti-Rootkit Free

Avira AntiVir PersonalEdition Classic

DivX Content Uploader

DivX Web Player

DVD Flick

EasyCleaner

HijackThis 2.0.2

InfraRecorder

Java 6 Update 3

jv16 PowerTools 1.3

Kit de connexion ADSL

Lexmark 510 Series

LightScribe 1.8.15.1

Mamutu 1.1

Microsoft Office PowerPoint Viewer 2003

MozBackup 1.4.7

Mozilla Firefox (2.0.0.11)

Mozilla Thunderbird (2.0.0.9)

Navilog1 3.4.0

NCH Toolbox Uninstall

Panda ActiveScan

Paragon Drive Backup 8 Special Edition

Passbox

Prism Video Converter

Satsuki Decoder Pack

Sony Ericsson Themes Creator 3.19

Spybot - Search & Destroy 1.4

Super Blank 3.01

Suppress plus 1.8

Supprimer cible dans le clic droit

System Requirements Lab

TaskSwitchXP

Tray Commander Lite 1.2

Uniblue RegistryBooster 2

USB MODEM Driver

VirtualDub 1.6.9 Fr

VSO Inspector 1.3.1.82b

WebFldrs XP

Webshots Desktop

WinTidy 2.0

xp-AntiSpy 3.96-6

Zeb-Utility 1.2

ZipGenius 6 (6.0.3.1150)

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est D075-DA3A

Répertoire de C:\Program Files

17/01/2008 09:05 <REP> .

17/01/2008 09:05 <REP> ..

14/12/2007 19:11 <REP> Adobe

16/01/2008 16:39 <REP> ADSL Autoconnect

11/12/2007 15:33 <REP> AIDA32 - Enterprise System Information

16/01/2008 16:39 <REP> APO Usb Autorun

30/12/2007 10:56 <REP> Ashampoo

16/01/2008 16:38 <REP> a-squared Free

08/12/2007 01:14 <REP> Avira

07/12/2007 15:00 <REP> ComPlus Applications

04/01/2008 14:09 <REP> DivX

03/01/2008 21:41 <REP> DVD Flick

30/12/2007 10:00 <REP> Fichiers communs

16/01/2008 23:39 <REP> GRISOFT

29/12/2007 19:17 <REP> InfraRecorder

16/01/2008 16:40 <REP> Internet Explorer

11/12/2007 23:28 <REP> Java

11/12/2007 09:26 <REP> jv16 PowerTools

09/12/2007 12:33 <REP> Kit ADSL

17/12/2007 21:07 <REP> Lavasoft

10/12/2007 08:32 <REP> Lexmark 510 Series

16/01/2008 16:41 <REP> Mamutu

07/12/2007 15:05 <REP> microsoft frontpage

10/12/2007 17:56 <REP> Microsoft Office

07/12/2007 15:02 <REP> Movie Maker

10/01/2008 00:27 <REP> MozBackup

17/01/2008 09:10 <REP> Mozilla Firefox

16/01/2008 14:52 <REP> Mozilla Thunderbird

07/12/2007 14:59 <REP> MSN Gaming Zone

17/01/2008 09:05 <REP> Navilog1

31/12/2007 00:23 <REP> NCH Software

03/01/2008 17:12 <REP> NCH Swift Sound

07/12/2007 15:01 <REP> NetMeeting

07/12/2007 15:01 <REP> Outlook Express

28/12/2007 17:00 <REP> Paragon Software

03/01/2008 14:18 <REP> Passbox2007

23/12/2007 15:46 <REP> Satsuki Decoder Pack

10/12/2007 10:57 <REP> Services en ligne

18/12/2007 18:38 <REP> Software by Design

06/01/2008 12:49 <REP> Sony Ericsson

11/12/2007 14:02 <REP> splus

14/12/2007 13:42 <REP> Spybot - Search & Destroy

25/12/2007 23:01 <REP> SuperBlank

19/12/2007 19:01 <REP> SystemRequirementsLab

16/01/2008 16:44 <REP> TaskSwitchXP

09/12/2007 14:16 <REP> ToniArts

16/01/2008 16:44 <REP> Tray Commander Lite

23/12/2007 13:57 <REP> Trend Micro

30/12/2007 09:20 <REP> Uniblue

07/12/2007 18:21 <REP> USB Driver-Express

01/01/2008 15:09 <REP> VirtualDub

25/12/2007 23:31 <REP> vso

16/01/2008 16:44 <REP> Webshots

08/12/2007 17:42 <REP> Windows Media Player

07/12/2007 14:59 <REP> Windows NT

17/01/2008 09:08 <REP> WinTidy

07/12/2007 15:05 <REP> xerox

18/12/2007 18:57 <REP> xp-AntiSpy

07/12/2007 22:55 <REP> Zeb-Utility

16/01/2008 16:44 <REP> ZipGenius 6

0 fichier(s) 0 octets

60 Rép(s) 15 837 229 056 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est D075-DA3A

Répertoire de C:\Program Files\fichiers communs

30/12/2007 10:00 <REP> .

30/12/2007 10:00 <REP> ..

15/12/2007 11:17 <REP> Adobe

09/12/2007 12:32 <REP> InstallShield

11/12/2007 23:26 <REP> Java

07/12/2007 15:12 <REP> Microsoft Shared

07/12/2007 15:01 <REP> MSSoap

07/12/2007 14:51 <REP> ODBC

07/12/2007 15:01 <REP> Services

07/12/2007 14:50 <REP> SpeechEngines

07/12/2007 15:01 <REP> System

0 fichier(s) 0 octets

11 Rép(s) 15 837 224 960 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est D075-DA3A

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

08/12/2007 01:38 <REP> .

08/12/2007 01:38 <REP> ..

18/05/2001 17:57 561 209 MSONSEXT.DLL

03/06/1999 14:09 122 937 MSOWS409.DLL

07/03/2001 09:00 127 033 MSOWS40c.DLL

3 fichier(s) 811 179 octets

2 Rép(s) 15 837 224 960 octets libres

c:\Documents and Settings\Christian\Application Data\inst.exe

c:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\9iutf4za.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\FEBEbg.exe

c:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\9iutf4za.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\FEBEunzip.exe

c:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\9iutf4za.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\FEBEzip.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\gzip.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\md5sums.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\sigcheck.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\Christian\Bureau\DiagHelp\tar.exe

c:\Documents and Settings\Christian\Mes documents\avgarkt-setup-1.1.0.42.exe

c:\Documents and Settings\Christian\Mes documents\HJTInstall.exe

c:\Documents and Settings\Christian\Mes documents\MamutuSetup.exe

c:\Documents and Settings\Christian\Mes documents\Navilog1.exe

c:\Documents and Settings\Christian\Mes documents\RHosts.exe

c:\Documents and Settings\Christian\Mes documents\stinger.exe

c:\Documents and Settings\Christian\Mes documents\SummerProperties 1.2 Setup.exe

c:\Documents and Settings\Christian\Mes documents\TweakHosts.exe

c:\Documents and Settings\Christian\Mes documents\Aides diverses\Aide_jv16PowerTools.exe

c:\Documents and Settings\Christian\Mes documents\david\Puyo15_Carnival.exe

c:\Documents and Settings\Christian\Mes documents\david\ThemesCreator-v3.19.b6.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\adsl-autoconnect_adsl_autoconnect_2.06_f7_francais_10516.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\easycleaner_easycleaner_2.0.6.381_francais_11170.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\InCD-4.3.23.2.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\LS_HSI.EXE

c:\Documents and Settings\Christian\Mes documents\Download1212\Nero-6.6.1.15_fra.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\Patch_Fr_TrayCommander(2).exe

c:\Documents and Settings\Christian\Mes documents\Download1212\PPVIEWER.EXE

c:\Documents and Settings\Christian\Mes documents\Download1212\pygrenouille-v1.12.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\Setup_Zeb-Utility.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\splus_install.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\spybot-search-destroy_spybot_-_search_destroy_1.4_francais_10965.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\TaskSwitchXP_2.0.11.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\tc_lite(2).exe

c:\Documents and Settings\Christian\Mes documents\Download1212\Thunderbird Setup 2.0.0.9.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\vso_image_resizer_setup.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\wbsamp5.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\ZebProtect.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\zg603std.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\regseeker_regseeker_1.55_francais_31515\RegSeeker\RegSeeker.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\SafeXP\SafeXP.exe

c:\Documents and Settings\Christian\Mes documents\Download1212\WinTidy\setup.exe

c:\Documents and Settings\Christian\Mes documents\Installés\a2FreeSetup.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Firefox Setup 1.5.0.1.exe

c:\Documents and Settings\Christian\Mes documents\Installés\jv16pt_setup1.3.0.195.exe

c:\Documents and Settings\Christian\Mes documents\Installés\mpc_install_xp_6.4.9.0b_fr.exe

c:\Documents and Settings\Christian\Mes documents\Installés\prismsetup.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Satsuki.Decoder.Pack.3.1.1.7.exe

c:\Documents and Settings\Christian\Mes documents\Installés\setup_passbox2007.exe

c:\Documents and Settings\Christian\Mes documents\Installés\spybot-search-destroy_spybot_-_search_destroy_1.4_francais_10965.exe

c:\Documents and Settings\Christian\Mes documents\Installés\VirtualDub_1.6.9_b23604_Fr.exe

c:\Documents and Settings\Christian\Mes documents\Installés\wbsamp.exe

c:\Documents and Settings\Christian\Mes documents\Installés\xp-AntiSpy_setup-french.exe

c:\Documents and Settings\Christian\Mes documents\Installés\AdAware\aawsepersonal.exe

c:\Documents and Settings\Christian\Mes documents\Installés\AdAware\adawarfrseskins.exe

c:\Documents and Settings\Christian\Mes documents\Installés\AdAware\vx2cleaneradaware_inst.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Adobe actuel\AdbeRdr707_fr_FR.exe

c:\Documents and Settings\Christian\Mes documents\Installés\AdobeAcronon instal\Ac705RdP_efgj.exe

c:\Documents and Settings\Christian\Mes documents\Installés\AdobeAcronon instal\AdbeRdr705_fra_full.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Antivir résident\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Antivirusmvc\setup.exe

c:\Documents and Settings\Christian\Mes documents\Installés\EasyCleaner\EasyClea.exe

c:\Documents and Settings\Christian\Mes documents\Installés\JPuzzle\ImagesPuzzles.exe

c:\Documents and Settings\Christian\Mes documents\Installés\JPuzzle\JPuzzles.exe

c:\Documents and Settings\Christian\Mes documents\Installés\mvc\setup.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Nero MàJ\InCD-4.3.20.1.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Nero MàJ\Nero-6.6.1.4_fra.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Nero MàJ\Nero-6.6.1.4_no_yt.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Nero MàJ\NMP-1.4.0.35b.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Nero MàJ\NMP-1.4.0.35b_fra.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Nero MàJ\NVE-3.1.0.25_fra.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Nero MàJ\NVE-3.1.0.25_no_yt.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\ADSLAutoconnect206F7.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\aida32ee_393.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\GoogleToolbarInstaller.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\HijackThisFR.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\PPVIEWER.EXE

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\Setup_Zeb-Utility.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\Shockwave_Installer_Slim.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\splus_install.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\TaskSwitchXP_2.0.8.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\TaskSwitchXP_2.0.9.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\Tweak UI 2.00 FR.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\videoinspector.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Outils Divers\ZebProtect.exe

c:\Documents and Settings\Christian\Mes documents\Installés\PopTray\PopTray310.exe

c:\Documents and Settings\Christian\Mes documents\Installés\QuickDel courrier\quickdel.exe

c:\Documents and Settings\Christian\Mes documents\Installés\RegSeeker\RegSeeker.exe

c:\Documents and Settings\Christian\Mes documents\Installés\SpyBlaster\spywareblastersetup351.exe

c:\Documents and Settings\Christian\Mes documents\Installés\StartUp\Startup.exe

c:\Documents and Settings\Christian\Mes documents\Installés\tcpview\Tcpview.exe

c:\Documents and Settings\Christian\Mes documents\Installés\TMPGEnc-2.521.58.169-Free\TMPGEnc.exe

c:\Documents and Settings\Christian\Mes documents\Installés\Tweak UI\Tweak UI 2.00 FR.exe

c:\Documents and Settings\Christian\Mes documents\Installés\wintidy\setup.exe

c:\Documents and Settings\Christian\Mes documents\Installés\ZipGenius\frapak301.exe

c:\Documents and Settings\Christian\Mes documents\Installés\ZipGenius\zg602std.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\93.71_forceware_winxp2k_international_whql.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\9Tel setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\a2FreeSetup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\aawsepersonal.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\adawarfrseskins.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\AplusDVDCopy.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\apo-usb-autorun_apo_usb_autorun_1.6.2.0_francais_18124.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ashampoo_burningstudio551_ash_fr.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ashampoo_winoptimizerplatinumsuite211_ash_fr.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\audacity_audacity_1.2.6_francais_10372.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\boot.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\burn-at-once_burn_at_once_0.99.5_francais_14725.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Com9 setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\courbendu.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\D2P_1.3_FRA.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dBpowerAMP-codec-wmav91.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\DivXInstaller.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dj518fr(2).exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\DLM_2200046_FRA.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\drivebackup8SE-20060620-fr.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dvd-flick_dvd_flick_1.2.2.1_anglais_31699.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Firefox Setup 1.5.0.7.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\gamesplayer.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\GSpot_2.21_build_030711.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\GXT2_Help.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\gx-transcoder-ex-germani-x-encoder_gx_transcoder_2.24.2978c_francais_11148.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\incd_incd_4.3.23.2_francais_10966.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\InCD-4.3.23.2.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\InCD4Reader.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode(2).exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\K130_Setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\LS_HSI(2).EXE

c:\Documents and Settings\Christian\Mes documents\logsDivers\LS_HSI.EXE

c:\Documents and Settings\Christian\Mes documents\logsDivers\MGADiag.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\mp3directcut_mp3directcut_2.04_francais_10838.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\msicuu2.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\p2fsetup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\pci_filerecovery.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Pilote_USB_2.0_Windows_XP_1.0.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\piolet 1.9.0 [par ratiatum.com].exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\plyg2v8.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Pochette_express_2.0_beta_7.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ProgramChecker.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Questar31Install(2).exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\rapidos.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\RegCureSetup_46.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\registryboosteraff.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Satsuki.Decoder.Pack.3.1.0.2.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Satsuki.Decoder.Quicktime.Module.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Satsuki.Decoder.WM.Module.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Setup_FreeConverter.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\SetupAnyDVD6070.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\setupDREMC1_0.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Share 1.0 EX2 [share-france.info].exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Shockwave_Installer_Slim.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\silentnight-micro-burner_silentnight_micro_burner_5.0_light_francais_18942.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\spywareblastersetup351.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\switchsetup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\TaskSwitchXP_2.0.11.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Transcoder setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Tweak_UI_2.10.0.0_FR.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\unstopcp.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\VB6fr.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\VirtualDub_1.6.9_b23604_Fr.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\vso_inspector_setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\wdviewer.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\WGAPluginInstall.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\WindowsXP-KB885894-x86-fra.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\xlviewer.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\16832\WindowsInstaller-KB893803-v2-x86.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dBpower\dBpowerAMP-codec-DirectShowDecoder.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dBpower\dBpowerAMP-codec-mp3-blade.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dBpower\dBpowerAMP-codec-wmav91.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dBpower\dbpoweramp-encoder-ra.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\dBpower\dbpoweramp-music-converter_dbpoweramp_music_converter_francais_10333.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\FLV-CONVERTER-15032006\ffmpeg.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\FLV-CONVERTER-15032006\FLV-CONVERTER.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\GSpot270a-fr-Colok\GSpot270a\GSpot.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ImageResizerPowertoySetup\ImageResizerPowertoySetup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\ckEffects.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\InfraRecorder.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\irExpress.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\cdrtools\cdda2wav.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\cdrtools\cdrecord.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\cdrtools\isoinfo.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\cdrtools\mkisofs.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\ir0441_unicode\cdrtools\readcd.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\KLogicalDrives\KLogicalDrives.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\Meowms\MMS_100_setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\MozBackUp\MozBackup-1.4.7-ENG.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\oggdropXPdV1.8.9-generic\oggdropXPd.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\PowerpointImageExtractor\PowerpointImageExtractor_V1_1_setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\restoration_restoration_2.5.14_anglais_14192\REST2514\Restoration.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\RéactivateurXP\reactivateur.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\SuperBlank301\Super Blank 3.01 setup.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\SuperDuper-1fr\duper.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\TBTray-1.2\TBTray.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\TBTray-1.2\TBTray-Config.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\TCPOPTIMIZER\tcpoptimizer_v2.0.2.exe

c:\Documents and Settings\Christian\Mes documents\logsDivers\TrayCommanderLiteFR\tc_lite.exe

c:\Documents and Settings\Christian\Mes documents\MSNFix\MSNFix\incl\MD5File.exe

c:\Documents and Settings\Christian\Mes documents\MSNFix\MSNFix\incl\swreg.exe

c:\Documents and Settings\Christian\Mes documents\MSNFix\MSNFix\incl\zip.exe

c:\Documents and Settings\Christian\Mes documents\NeroGeneral-CleanTool\General-CleanTool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\a-squared Free\a2cmd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\a-squared Free\a2free.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\a-squared Free\a2upd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\a-squared Free\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\CoverDesigner\CoverDes.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\ImageDrive\ImageDrive.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\InCD\InCD.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\InCD\InCDL.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\InCD\InCDsrv.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero\nero.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero\NeroCmd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero\NRESTORE.EXE

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero\Uninstall\UNNero.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero BackItUp\BackItUp.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero BackItUp\NBJ.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero BackItUp\NBR.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero MediaHome\NMSTranscoder.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero PhotoSnap\PhotoSnap.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero Recode\Recode.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero ShowTime\ShowTime.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero Toolkit\CDSpeed.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero Toolkit\hwinfo.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero Toolkit\InfoTool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero Wave Editor\DXEnum.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Ahead\NeroVision\NeroVision.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AIDA32 - Enterprise System Information\aida32.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AIDA32 - Enterprise System Information\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avcenter.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avcmd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avconfig.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avesvc.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avguard.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avmailc.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avmcdlg.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avnotify.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\avscan.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\guardgui.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\licmgr.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\preupd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\sched.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AntiVir PersonalEdition Classic\update.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AoA Audio Extractor\AoAAudioExtractor.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\AoA Audio Extractor\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\burnatonce.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\cdrdao.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\flac.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\madplay.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\mkisofs.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\oggdec.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\readcd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\sox.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\toc2cue.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\burnatonce\external\WaveGain.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\dBpowerAMP\CDGrab.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\dBpowerAMP\GetPopupInfo.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\dBpowerAMP\MusicConverter.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\dBpowerAMP\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Adobe\ESD\AdobeDownloadManager.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Adobe\ESD\uninst.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Ahead\Lib\specialoffer.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver2.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\InstallShield\Engine\6\Intel 32\IKernel.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime701\Intel32\DotNetInstaller.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime91\Intel32\DotNetInstaller.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\launcher.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\patchjre.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\zipper.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\launcher.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\patchjre.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\zipper.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Microsoft Shared\MSInfo\msinfo32.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Microsoft Shared\Speech\sapisvr.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\GSpot221\GSpot.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\GSpot221\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\GXTranscoder v2\gsMC20.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\Setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Internet Explorer\IEXPLORE.EXE

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Internet Explorer\Connection Wizard\isignup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\java.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\javacpl.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\javaw.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\javaws.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\jusched.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\keytool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\kinit.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\klist.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\ktab.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\orbd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\pack200.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\policytool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\rmid.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\rmiregistry.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\servertool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\tnameserv.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_06\bin\unpack200.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\java.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\javacpl.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\javaw.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\javaws.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\jucheck.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\jusched.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\keytool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\kinit.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\klist.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\ktab.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\orbd.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\pack200.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\policytool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\rmid.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\rmiregistry.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\servertool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\tnameserv.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Java\jre1.5.0_08\bin\unpack200.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\jv16 PowerTools\jv16 PowerTools.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\jv16 PowerTools\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\jv16 PowerTools\Backups\RegEdit.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\jv16 PowerTools\Plug-ins\TempTool.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\KC Softwares\VideoInspector\AviBitrateGrapher.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\KC Softwares\VideoInspector\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\KC Softwares\VideoInspector\VideoInspector.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Kit ADSL\selfhelper\SelfHelper.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Kit ADSL\Wizard\NetAgent_USB_PPPoE.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Lexmark 510 Series\Drivers\French\_isdel.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Lexmark 510 Series\Drivers\French\setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Media Player Classic\mplayerc.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Media Player Classic\uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\MeowMultiSound100\MeowMultiSound.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\MeowMultiSound100\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Movie Maker\moviemk.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Firefox\firefox.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Firefox\updater.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Firefox\xpicleanup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Firefox\plugins\GetFlash.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Firefox\uninstall\uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Thunderbird\regxpcom.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Thunderbird\thunderbird.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Thunderbird\updater.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Thunderbird\xpicleanup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Thunderbird\plugins\NPSWF32_FlashUtil.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\mp3DirectCut\mp3DirectCut.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Multimedia Keyboard & Mouse Driver\MouseDrv.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Multimedia Mouse Driver\MouseDrv.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Multimedia Mouse Driver\StartAutorun.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\MyPhoneExplorer\uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\MyPhoneExplorer\DLL\amr.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Napster\napster.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Napster\NapsterHelper.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Napster\SNAPDRM.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\NCH Swift Sound\Components\oggenc\oggenc.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\NCH Swift Sound\Switch\switch.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\NCH Swift Sound\Switch\uninst.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\crashrep.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\jvmsetup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\msfontextract.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\OOoVirgTray.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\pkgchk.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\quickstart.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\regsvrex.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\setofficelang.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\soffice.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\OpenOffice.org1.1.5\program\python-core-2.2.2\bin\python.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Outlook Express\msimn.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Outlook Express\oemig50.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Outlook Express\setup50.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Outlook Express\wab.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Outlook Express\wabmig.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Passbox\Majsys.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Passbox\passbox.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Passbox\uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\PC Inspector File Recovery\Filerecovery.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Pochette Express 2\Pochette express 2.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Pochette Express 2\uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\PowerpointImageExtractor_V1_1\PowerpointImageExtractor.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\PowerpointImageExtractor_V1_1\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Real\RealPlayer\Setup\.g2cln.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Satsuki Decoder Pack\Uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Satsuki Decoder Pack\filtres\DVDNavExt.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Satsuki Decoder Pack\filtres\HFE.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Satsuki Decoder Pack\filtres\qt\Plugins\DeleteMe1.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Satsuki Decoder Pack\mpc\mplayerc.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\SEMC\Sony Ericsson Handset Software\USBDriver\ZEBRUninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\splus\Majsys.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\splus\splus.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\splus\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\splus\UnRegBak.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Spybot - Search & Destroy\blindman.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Spybot - Search & Destroy\SpybotSD.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Spybot - Search & Destroy\TeaTimer.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Spybot - Search & Destroy\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Spybot - Search & Destroy\Update.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\SpywareBlaster\sbautoupdate.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\SpywareBlaster\spywareblaster.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\SpywareBlaster\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\TaskSwitchXP\ConfigTsXP.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\TaskSwitchXP\TaskSwitchXP.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\TaskSwitchXP\uninst.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Tray Commander Lite\TC.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Tray Commander Lite\Uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\USB Driver-Express\USB\Install\install2k.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\USB Driver-Express\USB\Install\install9x.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\USB Driver-Express\USB\Install\MainCtrl.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\USB Driver-Express\USB\Install\PCARmDrv.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\VirtualDub\auxsetup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\VirtualDub\UnInstall_VirtualDub.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\VirtualDub\vdub.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\VirtualDub\VirtualDub.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\VuPassword\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\VuPassword\VuPassword.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Webshots\Launcher.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\Webshots\UNWISE.EXE

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\WinTidy\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\WinTidy\WinTidy.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\xp-AntiSpy\Uninstall.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\xp-AntiSpy\xp-AntiSpy.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\7za.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\add_path.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\cz2stub.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\msend.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\ncz2stub.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\profcheck.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\s_setup.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\unins000.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\zg.exe

c:\Documents and Settings\Christian\Mes documents\restaur1\C\Program Files\ZipGenius 6\zipgenius.exe

c:\Documents and Settings\Christian\Mes documents\TweakHosts\TweakHosts.exe

c:\Documents and Settings\Christian\Mes documents\WEBTIME\WebTime_Setup.exe

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll

c:\Documents and Settings\Christian\Application Data\SystemRequirementsLab\SRLProxyI.dll

c:\Documents and Settings\Christian\Application Data\SystemRequirementsLab\SRLProxyJ.dll

c:\Documents and Settings\Christian\Application Data\SystemRequirementsLab\SRLProxyK.dll

c:\Documents and Settings\Christian\Application Data\SystemRequirementsLab\SRLProxyL.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp

Clean Navipromo version 3.4.0 commencé le 17/01/2008 à 9:01:51,52

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 6.0.2600.0000

Système de fichiers : NTFS

Mode suppression automatique

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans "C:\Documents and Settings\Christian\local settings\application data" *

skvnak.exe trouvé !

Copie skvnak.exe réalisée avec succès !

skvnak.exe supprimé !

skvnak.dat trouvé !

Copie skvnak.dat réalisée avec succès !

skvnak.dat supprimé !

skvnak_nav.dat trouvé !

Copie skvnak_nav.dat réalisée avec succès !

skvnak_nav.dat supprimé !

skvnak_navps.dat trouvé !

Copie skvnak_navps.dat réalisée avec succès !

skvnak_navps.dat supprimé !

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox ...suppression...

C:\Program Files\InternetGameBox supprimé !

*** Suppression dossiers dans ***

*** Suppression dossiers dans "C:\Documents and Settings\Christian\application data" ***

*** Suppression dossiers dans "C:\Documents and Settings\Christian\menu dÚmarrer\programmes" ***

*** Suppression dossiers dans ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\Christian\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\WINDOWS\system32 *

* Dans "C:\Documents and Settings\Christian\local settings\application data" *

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 17/01/2008 à 9:05:29,80 ***

Et comme j'ai trouvé ça sur mon bureau, je le rajoute à ttes fins utiles: