PUT... DE PUBS !!!

[toutoune]

Bonsoir à tous ! voilà le PC de mes parents a un problème d'ouvertures de pubs intempestives (dans de nouvelles fenêtres) et pourtant le bloqueur de IE7 est activé et ses paramètres ont l'air corrects...

 

J'ai passé AVG anti-spyware 7.5, Kaspersky online, Panda nanoscan, Ccleaner (registre+fichiers), hikackthis + Zeb Help Process qui ne m'a rien indiqué de spécial !!

 

Que puis-je faire de plus svp ?!

 

Merci d'avance, je suis tout ouïe !!!

[WawaSeb]

Bonsoir toutoune,

 

*** Bienvenue sur le forum sécurité de Zebulon !! ***

 

 

# Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

• Décompresse-le sur ton bureau
  
• Un nouveau dossier va être créé (DiagHelp)
  
• Ouvre le et double-clique sur go.cmd (le .cmd sera peut-être invisible)
  
• Une fenêtre va s'ouvrir, choisis l'option 1
  
• L'analyse peut prendre quelques minutes, appuie sur une touche quand on te le réclame
  
• Copie/colle le rapport qui s'ouvre sur ce forum (tu pourras retrouver ce rapport sur C:\Resultat.txt)
  

N'oublie surtout pas d'appuyer sur une touche à la fin pour afficher le rapport !!

 

 

Bon scan !

[vince79]

Bonsoir toutoune,

 

*** Bienvenue sur le forum sécurité de Zebulon !! ***

# Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

• Décompresse-le sur ton bureau
  
• Un nouveau dossier va être créé (DiagHelp)
  
• Ouvre le et double-clique sur go.cmd (le .cmd sera peut-être invisible)
  
• Une fenêtre va s'ouvrir, choisis l'option 1
  
• L'analyse peut prendre quelques minutes, appuie sur une touche quand on te le réclame
  
• Copie/colle le rapport qui s'ouvre sur ce forum (tu pourras retrouver ce rapport sur C:\Resultat.txt)
  

N'oublie surtout pas d'appuyer sur une touche à la fin pour afficher le rapport !!

Bon scan !

 

bonsoir

 

chez moi j'ai le meme probleme .

 

voici le resultat de l'analyse.

 

a savoir pendant le scan mon anti a detecter un trojan.

 

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 02/02/2008 à 20:51:02,50

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->02/02/2008 20:51:01

C:\WINDOWS\prefetch\CATCHME.EXE-005222C1.pf -->02/02/2008 20:50:23

C:\WINDOWS\prefetch\FIND.EXE-0EC32F1E.pf -->02/02/2008 20:50:13

C:\WINDOWS\prefetch\DUMPHIVE.EXE-043CE56F.pf -->02/02/2008 20:50:12

C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->02/02/2008 20:50:12

C:\WINDOWS\prefetch\SWREG.EXE-1F4D374C.pf -->02/02/2008 20:50:04

C:\WINDOWS\prefetch\GREP.EXE-06C6F18F.pf -->02/02/2008 20:50:04

C:\WINDOWS\prefetch\LISTDLLS.EXE-09F25CF2.pf -->02/02/2008 20:50:03

C:\WINDOWS\prefetch\SIGCHECK.EXE-390CFBBD.pf -->02/02/2008 20:50:02

C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf -->02/02/2008 20:49:46

 

C:\WINDOWS\System32\drivers\pfc.sys -->19/01/2008 12:59:46

C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02

C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46

C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39

C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52

C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02

C:\WINDOWS\System32\drivers\AFS2K.SYS -->24/11/2007 11:18:36

 

C:\WINDOWS\System32\ynymshhl.dat -->02/02/2008 20:50:29

C:\WINDOWS\System32\wpa.dbl -->02/02/2008 18:09:17

C:\WINDOWS\System32\ynymshhl_nav.dat -->31/01/2008 23:03:07

C:\WINDOWS\System32\FNTCACHE.DAT -->26/01/2008 17:59:58

C:\WINDOWS\System32\ynymshhl.exe -->25/01/2008 19:05:53

C:\WINDOWS\System32\BASSMOD.dll -->19/01/2008 13:07:01

C:\WINDOWS\System32\118290.54 -->11/01/2008 19:37:40

C:\WINDOWS\System32\MRT.exe -->02/01/2008 19:21:36

C:\WINDOWS\System32\TZLog.log -->13/12/2007 22:52:38

C:\WINDOWS\System32\CONFIG.NT -->10/12/2007 22:59:18

C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28

C:\WINDOWS\System32\AvastSS.scr -->04/12/2007 13:54:04

C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11

C:\WINDOWS\System32\ynymshhl_navps.dat -->08/11/2007 23:13:57

C:\WINDOWS\System32\lsasrv.dll -->07/11/2007 10:28:31

C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48

C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32

C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16

C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 04:09:31

C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 04:09:31

C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 04:09:30

C:\WINDOWS\System32\perfh009.dat -->28/10/2007 04:09:30

C:\WINDOWS\System32\perfc009.dat -->28/10/2007 04:09:30

C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25

C:\WINDOWS\System32\wmvcore.dll -->25/10/2007 10:01:10

 

C:\WINDOWS\WindowsUpdate.log -->02/02/2008 20:05:28

C:\WINDOWS\wiadebug.log -->02/02/2008 19:16:12

C:\WINDOWS\wiaservc.log -->02/02/2008 18:09:14

C:\WINDOWS.log -->02/02/2008 18:09:14

C:\WINDOWS\bootstat.dat -->02/02/2008 18:08:57

C:\WINDOWS\SchedLgU.Txt -->02/02/2008 14:46:50

C:\WINDOWS\WMSysPr9.prx -->19/01/2008 12:59:53

C:\WINDOWS\118294.78 -->11/01/2008 19:37:40

C:\WINDOWS\game.ini -->15/12/2007 11:06:27

C:\WINDOWS\win.ini -->09/12/2007 23:53:20

C:\WINDOWS\system.ini -->09/12/2007 23:53:20

C:\WINDOWS\_MSRSTRT.EXE -->08/11/2007 18:31:17

C:\WINDOWS\AW_XenoMorph1280.bmp -->07/11/2007 19:08:44

C:\WINDOWS\InvaderDark1280.bmp -->07/11/2007 19:07:40

C:\WINDOWS\WLXPGSS.SCR -->23/10/2007 17:49:46

 

winlogon.exe

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 180

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x65780000 0x23000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll

0x60510000 0x18000 2.00.50727.0042 C:\WINDOWS\system32\dfshim.dll

0x79000000 0x45000 2.00.50727.0832 C:\WINDOWS\system32\mscoree.dll

0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll

0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll

0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x01da0000 0xe000 1.08.4420.0000 C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

0x01e00000 0x8000 1.08.4420.0000 C:\Program Files\Windows Live\Contrôle parental\fsssvcps.dll

0x02590000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

0x026b0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

0x01320000 0x25000 2.06.0000.0162 C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL

0x01350000 0x5000 2.06.0000.0162 C:\Program Files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL

0x01460000 0x6000 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll

0x01e20000 0x2c000 C:\Program Files\WinRAR\rarext.dll

0x02330000 0x9e000 4.00.0004.0112 C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL

0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll

0x01dd0000 0x27000 1.00.0003.0021 C:\Program Files\IncrediMail\bin\B4ImApp.dll

0x01c30000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x038a0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x7f840000 0x87000 1.10.0327.0001 C:\WINDOWS\system32\ctwbjpg.dll

0x03d60000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm

0x01e50000 0x4b000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll

0x01f30000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

0x02710000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll

0x767e0000 0x34000 0.03.1296.0001 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL

0x01f00000 0x13000 2.00.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

0x44a40000 0x373000 7.00.6000.16587 C:\WINDOWS\system32\mshtml.dll

0x037d0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 688

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x10000000 0x1f000 6.14.0010.4162 C:\WINDOWS\system32\Ati2evxx.dll

0x011e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C03B-1FBF

 

Répertoire de C:\WINDOWS\system32

 

19/08/2004 15:09 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 64 480 821 248 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C03B-1FBF

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

22/09/2007 16:27 <REP> .

22/09/2007 16:27 <REP> ..

17/06/2007 10:14 65 desktop.ini

08/08/2006 10:45 576 kavwebscan.inf

11/06/2007 11:21 5 021 swflash.inf

30/06/2003 21:41 1 689 WMV9VCM.inf

4 fichier(s) 7 351 octets

 

Total des fichiers listés :

4 fichier(s) 7 351 octets

2 Rép(s) 64 480 821 248 octets libres

 

Recherche de rootkit! (Merci S!Ri)

infection possible Magic.Control : un scan F-Secure BlackLight est recommandé

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Valve\\Condition Zero\\czero.exe"="C:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"

"C:\\Valve\\Steam\\steamapps\\vince79\\condition zero\\hl.exe"="C:\\Valve\\Steam\\steamapps\\vince79\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Valve\\Steam\\steamapps\\vince79\\counter-strike\\hl.exe"="C:\\Valve\\Steam\\steamapps\\vince79\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\\Valve\\Steam\\steamapps\\vince79\\dedicated server\\hlds.exe"="C:\\Valve\\Steam\\steamapps\\vince79\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"

"C:\\Valve\\Steam\\steamapps\\common\\lost planet demo\\LostPlanetDX9.exe"="C:\\Valve\\Steam\\steamapps\\common\\lost planet demo\\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"

"C:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe"="C:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe:*:Enabled:Kerio Personal Firewall Engine"

"C:\\Valve\\Steam\\steamapps\\vince79\\counter-strike source\\hl2.exe"="C:\\Valve\\Steam\\steamapps\\vince79\\counter-strike source\\hl2.exe:*:Enabled:hl2"

"C:\\Valve\\Steam\\steamapps\\common\\quake 3 arena demo\\quake3.exe"="C:\\Valve\\Steam\\steamapps\\common\\quake 3 arena demo\\quake3.exe:*:Enabled:quake3"

"C:\\Valve\\Steam\\steam.exe"="C:\\Valve\\Steam\\steam.exe:*:Enabled:Steam"

"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\\Valve\\Steam\\steamapps\\common\\enemy territory quake wars demo\\etqw.exe"="C:\\Valve\\Steam\\steamapps\\common\\enemy territory quake wars demo\\etqw.exe:*:Enabled:Enemy Territory: QUAKE Wars"

"C:\\Valve\\Steam\\steamapps\\alex79240\\condition zero\\hl.exe"="C:\\Valve\\Steam\\steamapps\\alex79240\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-02 20:53:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

IPC error: 2 Le fichier spécifié est introuvable.

scanning hidden registry entries ...

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ynymshhl"="c:\windows\system32\ynymshhl.exe ynymshhl"

 

scanning hidden files ...

 

C:\WINDOWS\system32\ynymshhl.dat 4954 bytes

C:\WINDOWS\system32\ynymshhl.exe 302592 bytes executable

C:\WINDOWS\system32\ynymshhl_nav.dat 371587 bytes

C:\WINDOWS\system32\ynymshhl_navps.dat 1529 bytes

 

scan completed successfully

hidden services: 0

hidden files: 4

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

180 - explorer.exe

276 - Zboard.exe

308 - ashDisp.exe

312 - Ad-Watch2007.ex

388 - Popup-Destroy.e

424 - avgas.exe

456 - ctfmon.exe

468 - steam.exe

476 - msnmsgr.exe

488 - ynymshhl.exe

660 - csrss.exe

688 - winlogon.exe

732 - services.exe

744 - lsass.exe

816 - usnsvc.exe

912 - svchost.exe

972 - svchost.exe

1084 - svchost.exe

1204 - svchost.exe

1280 - svchost.exe

1320 - guard.exe

1336 - aawservice.exe

1388 - ati2evxx.exe

1452 - fsssvc.exe

1536 - ashServ.exe

1864 - PERSFW.exe

1944 - PnkBstrA.exe

1956 - searchprotocolh

2124 - svchost.exe

2256 - searchindexer.e

2564 - firefox.exe

2660 - searchfilterhos

2688 - ashMaiSv.exe

2712 - ashWebSv.exe

2744 - wmiapsrv.exe

3108 - cmd.exe

3360 - alg.exe

3724 - ImApp.exe

 

Total number of processes = 39

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntkrnlpa.exe

806E2000 - \WINDOWS\system32\hal.dll

BADA8000 - \WINDOWS\system32\KDCOM.DLL

BACB8000 - \WINDOWS\system32\BOOTVID.dll

BA778000 - ACPI.sys

BADAA000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS

BA767000 - pci.sys

BA8A8000 - isapnp.sys

BAE70000 - pciide.sys

BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

BA8B8000 - MountMgr.sys

BA748000 - ftdisk.sys

BAB30000 - PartMgr.sys

BA8C8000 - VolSnap.sys

BA730000 - atapi.sys

BA8D8000 - disk.sys

BA8E8000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

BA710000 - fltmgr.sys

BA6FE000 - sr.sys

BA6E7000 - KSecDD.sys

BA65A000 - Ntfs.sys

BA62D000 - NDIS.sys

BA612000 - Mup.sys

BA998000 - \SystemRoot\System32\DRIVERS\processr.sys

BA5B6000 - \SystemRoot\System32\DRIVERS\parport.sys

BAD94000 - \SystemRoot\System32\DRIVERS\gameenum.sys

BA5A5000 - \SystemRoot\System32\DRIVERS\serial.sys

BAD98000 - \SystemRoot\System32\DRIVERS\serenum.sys

BAC80000 - \SystemRoot\System32\DRIVERS\usbohci.sys

BA582000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS

BAC88000 - \SystemRoot\system32\DRIVERS\usbehci.sys

BAD9C000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys

BA538000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS

BA501000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS

BA9A8000 - \SystemRoot\system32\DRIVERS\imapi.sys

BA9B8000 - \SystemRoot\System32\Drivers\AFS2K.SYS

BADA0000 - \SystemRoot\system32\drivers\pfc.sys

BA9C8000 - \SystemRoot\System32\DRIVERS\cdrom.sys

BA9D8000 - \SystemRoot\System32\DRIVERS\redbook.sys

BA4DE000 - \SystemRoot\System32\DRIVERS\ks.sys

BA29D000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys

BA289000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

BA22C000 - \SystemRoot\system32\drivers\cmaudio.sys

BA208000 - \SystemRoot\system32\drivers\portcls.sys

BA9E8000 - \SystemRoot\system32\drivers\drmk.sys

BAFB0000 - \SystemRoot\System32\DRIVERS\audstub.sys

BA9F8000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys

BA5EE000 - \SystemRoot\System32\DRIVERS\ndistapi.sys

BA1F1000 - \SystemRoot\System32\DRIVERS\ndiswan.sys

BAA08000 - \SystemRoot\System32\DRIVERS\raspppoe.sys

BAA18000 - \SystemRoot\System32\DRIVERS\raspptp.sys

BAC90000 - \SystemRoot\System32\DRIVERS\TDI.SYS

BA1E0000 - \SystemRoot\System32\DRIVERS\psched.sys

BAA28000 - \SystemRoot\System32\DRIVERS\msgpc.sys

BAC98000 - \SystemRoot\System32\DRIVERS\ptilink.sys

BACA0000 - \SystemRoot\System32\DRIVERS\raspti.sys

BAA38000 - \SystemRoot\System32\Drivers\pcouffin.sys

BAA48000 - \SystemRoot\System32\DRIVERS\termdd.sys

BACA8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys

BACB0000 - \SystemRoot\System32\DRIVERS\mouclass.sys

BADDA000 - \SystemRoot\System32\DRIVERS\swenum.sys

BA1AC000 - \SystemRoot\System32\DRIVERS\update.sys

BA5E2000 - \SystemRoot\System32\DRIVERS\mssmbios.sys

BAA58000 - \SystemRoot\System32\Drivers\NDProxy.SYS

BAA68000 - \SystemRoot\System32\DRIVERS\usbhub.sys

BADDC000 - \SystemRoot\System32\DRIVERS\USBD.SYS

BAA98000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys

BADDE000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

BAE8F000 - \SystemRoot\System32\Drivers\Null.SYS

BADE0000 - \SystemRoot\System32\Drivers\Beep.SYS

BAE90000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys

BAB80000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS

BAB88000 - \SystemRoot\System32\drivers\vga.sys

BADE2000 - \SystemRoot\System32\Drivers\mnmdd.SYS

BADE4000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

AA041000 - \SystemRoot\system32\Drivers\fwdrv.sys

BAB90000 - \SystemRoot\System32\Drivers\Msfs.SYS

BAB98000 - \SystemRoot\System32\Drivers\Npfs.SYS

BAD4C000 - \SystemRoot\System32\DRIVERS\rasacd.sys

AA02E000 - \SystemRoot\System32\DRIVERS\ipsec.sys

A9FD6000 - \SystemRoot\System32\DRIVERS\tcpip.sys

BAAB8000 - \SystemRoot\System32\Drivers\aswTdi.SYS

A9FB5000 - \SystemRoot\System32\DRIVERS\ipnat.sys

A9F8D000 - \SystemRoot\System32\DRIVERS\netbt.sys

BAAC8000 - \SystemRoot\System32\DRIVERS\wanarp.sys

A9F6B000 - \SystemRoot\System32\drivers\afd.sys

BAAD8000 - \SystemRoot\System32\DRIVERS\netbios.sys

A9F40000 - \SystemRoot\System32\DRIVERS\rdbss.sys

A9ED1000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys

BAAE8000 - \SystemRoot\System32\Drivers\Fips.SYS

BAEE1000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

BABA8000 - \SystemRoot\System32\Drivers\Aavmker4.SYS

BA948000 - \SystemRoot\System32\Drivers\Cdfs.SYS

BA958000 - \SystemRoot\system32\DRIVERS\Alpham.sys

BABB8000 - \SystemRoot\System32\DRIVERS\usbccgp.sys

BAD80000 - \SystemRoot\System32\DRIVERS\hidusb.sys

BA157000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

BA147000 - \SystemRoot\system32\drivers\usbaudio.sys

BAD84000 - \SystemRoot\System32\DRIVERS\kbdhid.sys

BAD88000 - \SystemRoot\System32\DRIVERS\mouhid.sys

A9E19000 - \SystemRoot\System32\Drivers\dump_atapi.sys

BAE06000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

BA16F000 - \SystemRoot\System32\drivers\Dxapi.sys

BABE0000 - \SystemRoot\System32\watchdog.sys

BF9C3000 - \SystemRoot\System32\drivers\dxg.sys

BAFC8000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9D5000 - \SystemRoot\System32\ati2dvag.dll

BFA1A000 - \SystemRoot\System32\ati2cqag.dll

BFA74000 - \SystemRoot\System32\atikvmag.dll

BFAC4000 - \SystemRoot\System32\atiok3x2.dll

BFAD6000 - \SystemRoot\System32\ati3duag.dll

BFDA0000 - \SystemRoot\System32\ativvaxx.dll

A94A9000 - \SystemRoot\system32\DRIVERS\fssfltr.sys

A93F1000 - \SystemRoot\System32\DRIVERS\ndisuio.sys

A925B000 - \SystemRoot\System32\Drivers\aswMon2.SYS

A8FEE000 - \SystemRoot\system32\drivers\wdmaud.sys

A9223000 - \SystemRoot\system32\drivers\sysaudio.sys

A8FA0000 - \SystemRoot\system32\drivers\kmixer.sys

A8BD3000 - \SystemRoot\System32\DRIVERS\mrxdav.sys

BAE3E000 - \SystemRoot\System32\Drivers\ParVdm.SYS

A8A41000 - \SystemRoot\System32\DRIVERS\srv.sys

BADD0000 - \??\C:\WINDOWS\system32\drivers\AWRTPD.sys

A87D9000 - \SystemRoot\System32\Drivers\aswRdr.SYS

A869D000 - \??\C:\WINDOWS\system32\drivers\NSDriver.sys

A8488000 - \SystemRoot\System32\Drivers\HTTP.sys

A8505000 - \??\C:\WINDOWS\system32\drivers\AWRTRD.sys

A8005000 - \SystemRoot\System32\Drivers\Fastfat.SYS

BFFA0000 - \SystemRoot\System32\ATMFD.DLL

BAE2A000 - \SystemRoot\system32\drivers\splitter.sys

BAEED000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 131

 

Liste des programmes installes

 

ACDSee 9 Gestionnaire de photos

Ad-Aware 2007

Adobe Flash Player Plugin

Adobe Reader 8.1.0 - Français

Apple Software Update

Archiveur WinRAR

Assistant de connexion Windows Live

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI HYDRAVISION

ATI Parental Control & Encoder

ATI Problem Report Wizard

avast! Antivirus

AVG Anti-Spyware 7.5

AVIVO Codecs

BitComet 0.70

Capturino 1.4

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner (remove only)

Conjugaison européenne 1.0

Counter-Strike: Condition Zero

Creative Video Blaster WebCam Go Driver

CursorXP

Disque de souvenirs HP

DivX Content Uploader

DivX Web Player

Earthsim

Galerie de photos Windows Live

Google Earth

HP Photo and Imaging 2.3 - Scanjet 4600 Series

IncrediMail JunkFilter Plus

IncrediMail Xe

Java 6 Update 2

Java SE Runtime Environment 6 Update 1

Kaspersky Online Scanner

Kerio Personal Firewall 2.1.5

Ma Cuisine Lapeyre

Macrogaming SweetIM 2.1

MessengerSkinner

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional avec FrontPage

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)

Mise à jour de sécurité pour Windows XP (KB923789)

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

Mozilla Firefox (2.0.0.11)

Neuf - Kit de connexion

PeerGuardian 2.0

Permis de construire Expert CAD

PLAYSTATION®Network Downloader

PopUp Destroy

QuickTime

Revolution Script CZ

Security Update pour Microsoft .NET Framework 2.0 (KB928365)

Steam

SweetIM For Internet Explorer 3.0b

Synchronisation PC

TeamSpeak 3

TomTom HOME

TomTom HOME

VideoLAN VLC media player 0.8.6b

VSO CopyToDVD 4

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Live installer

Windows Live Mail

Windows Live Messenger

Windows Live OneCare Contrôle parental

Windows Live Writer

Windows XP Service Pack 2

Z Engine

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C03B-1FBF

 

Répertoire de C:\Program Files

 

26/01/2008 18:14 <REP> .

26/01/2008 18:14 <REP> ..

19/01/2008 12:59 <REP> ACD Systems

15/12/2007 11:04 <REP> Activision

23/06/2007 08:56 <REP> Adobe

17/06/2007 10:37 <REP> Alwil Software

26/08/2007 18:46 <REP> Anuman Interactive

10/11/2007 16:47 <REP> Apple Software Update

30/06/2007 10:12 <REP> ATI Technologies

14/09/2007 18:21 <REP> BitComet

06/07/2007 15:39 <REP> Capturino 1.4

10/12/2007 22:54 <REP> CCleaner

17/06/2007 10:13 <REP> ComPlus Applications

23/08/2007 22:54 <REP> Conjugaison

08/11/2007 18:35 <REP> CursorXP

23/08/2007 20:52 <REP> DivX

24/11/2007 11:17 <REP> Fichiers communs

02/12/2007 10:02 <REP> Google

23/08/2007 23:01 <REP> Grisoft

24/11/2007 11:18 <REP> Hewlett-Packard

12/07/2007 17:57 <REP> Ideazon

29/11/2007 23:22 <REP> IncrediMail

13/12/2007 22:52 <REP> Internet Explorer

18/08/2007 09:50 <REP> Java

17/06/2007 12:02 <REP> Kerio

09/11/2007 19:31 <REP> Lavasoft

28/08/2007 22:37 <REP> Macrogaming

24/11/2007 01:32 <REP> MaCuisineLapeyre

14/09/2007 23:36 <REP> MessengerSkinner

17/06/2007 10:15 <REP> microsoft frontpage

30/06/2007 00:56 <REP> Microsoft Office

13/09/2007 22:12 <REP> Microsoft SQL Server Compact Edition

17/06/2007 10:25 <REP> Movie Maker

02/02/2008 20:08 <REP> Mozilla Firefox

17/06/2007 10:13 <REP> MSN Gaming Zone

17/06/2007 10:24 <REP> NetMeeting

02/07/2007 20:46 <REP> Neuf

30/06/2007 00:56 <REP> NEUF CEGETEL

17/06/2007 12:39 <REP> Outlook Express

26/01/2008 17:26 <REP> PeerGuardian2

13/01/2008 14:19 <REP> PopUp Destroy

10/11/2007 16:48 <REP> QuickTime

17/06/2007 10:13 <REP> Services en ligne

19/12/2007 23:07 <REP> Sony

07/11/2007 00:47 <REP> Stardock

13/01/2008 02:59 <REP> SUPERAntiSpyware

02/07/2007 21:44 <REP> TeamSpeak 3

24/12/2007 10:52 <REP> TomTom HOME 2

17/06/2007 14:21 <REP> VideoLAN

25/09/2007 17:49 <REP> VSO

13/09/2007 22:12 <REP> Windows Desktop Search

10/11/2007 17:58 <REP> Windows Live

17/06/2007 12:30 <REP> Windows Media Player

17/06/2007 10:24 <REP> Windows NT

17/06/2007 10:39 <REP> WinRAR

17/06/2007 10:15 <REP> xerox

0 fichier(s) 0 octets

56 Rép(s) 64 464 932 864 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C03B-1FBF

 

Répertoire de C:\Program Files\fichiers communs

 

24/11/2007 11:17 <REP> .

24/11/2007 11:17 <REP> ..

19/01/2008 13:00 <REP> ACD Systems

23/06/2007 08:57 <REP> Adobe

17/06/2007 10:43 <REP> ATI Technologies

15/09/2007 08:51 <REP> BitDefender

21/06/2007 21:14 <REP> Designer

24/11/2007 11:17 <REP> Hewlett-Packard

30/06/2007 10:08 <REP> InstallShield

20/06/2007 15:46 <REP> Java

10/11/2007 17:56 <REP> Microsoft Shared

17/06/2007 10:13 <REP> MSSoap

17/06/2007 11:08 <REP> ODBC

17/06/2007 10:13 <REP> Services

17/06/2007 11:08 <REP> SpeechEngines

08/11/2007 18:32 <REP> Stardock

17/06/2007 12:39 <REP> System

13/01/2008 02:59 <REP> Wise Installation Wizard

0 fichier(s) 0 octets

18 Rép(s) 64 464 928 768 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C03B-1FBF

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

05/07/2007 17:02 <REP> .

05/07/2007 17:02 <REP> ..

21/06/2007 21:14 <REP> 1033

05/07/2007 17:02 <REP> 1036

29/01/2004 15:08 1 277 952 MSONSEXT.DLL

13/02/2001 07:23 58 784 MSOSV.DLL

03/06/1999 13:09 122 937 MSOWS409.DLL

07/03/2001 08:00 127 033 MSOWS40c.DLL

06/08/2000 08:04 401 462 MSVCP60.DLL

29/01/2004 15:08 69 632 PKMAXCTL.DLL

29/01/2004 15:08 868 352 PKMCDO.DLL

29/01/2004 15:08 53 248 PKMCORE.DLL

29/01/2004 15:08 102 400 PKMFORMS.DLL

29/01/2004 15:38 634 880 PKMRES.DLL

29/01/2004 15:08 28 672 PKMSSTLB.DLL

22/01/2001 02:25 40 960 PKMTEMPL.DLL

29/01/2004 15:08 24 576 PKMTRACE.DLL

29/01/2004 15:08 86 016 PKMWS.DLL

29/01/2004 15:08 237 568 PROMDEMO.DLL

29/01/2004 15:08 184 320 SECMGR.DLL

29/01/2004 15:08 315 392 VAIDDMGR.DLL

29/01/2004 15:08 32 768 VAIMEM.DLL

18 fichier(s) 4 666 952 octets

4 Rép(s) 64 464 928 768 octets libres

 

 

 

 

c:\Documents and Settings\All Users\Application Data\Earthsim\Channel\esinst.exe

c:\Documents and Settings\All Users\Application Data\Earthsim\Channel\espack0.0.exe

c:\Documents and Settings\All Users\Application Data\Earthsim\Channel\espack0.1.exe

c:\Documents and Settings\All Users\Application Data\Earthsim\Channel\esuninst.exe

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\earthsim.exe

c:\Documents and Settings\Vince\Application Data\inst.exe

c:\Documents and Settings\Vince\Application Data\PnkBstrB.exe

c:\Documents and Settings\Vince\Application Data\Microsoft\Installer\{9AD5D8D8-4E60-43E4-8EFC-A6063D992CF5}\ARPPRODUCTICON.exe

c:\Documents and Settings\Vince\Application Data\Microsoft\Installer\{9AD5D8D8-4E60-43E4-8EFC-A6063D992CF5}\CSD_Wizard.exe_78AAC4B9A73144A1B091371250B5C0D4.exe

c:\Documents and Settings\Vince\Application Data\Microsoft\Installer\{9AD5D8D8-4E60-43E4-8EFC-A6063D992CF5}\GPRS_Wizard.exe_9FEF5C46A1924D95AEEE5C5C07E39065.exe

c:\Documents and Settings\Vince\Application Data\Microsoft\Installer\{9AD5D8D8-4E60-43E4-8EFC-A6063D992CF5}\Synchronisation_PC_02888FD06BCF44188B72799EED914F16.exe

c:\Documents and Settings\Vince\Application Data\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe

c:\Documents and Settings\Vince\Application Data\Microsoft\Installer\{F6D63A65-BD23-46F3-B9A3-87F442423481}\ARPPRODUCTICON.exe

c:\Documents and Settings\Vince\Application Data\Mozilla\Firefox\Profiles\vyz4yuuv.default\FlashGot.exe

c:\Documents and Settings\Vince\Bureau\DivXWebPlayerInstallerBeta2.exe

c:\Documents and Settings\Vince\Bureau\22222222\setup.exe

c:\Documents and Settings\Vince\Bureau\call duty 4\call_of_duty_4_modern_warfare_JeuxVideo.com_13409.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\gzip.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\md5sums.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\sigcheck.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\Vince\Bureau\DiagHelp\tar.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\7-6_xp_dd_48640.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\7-6_xp_dd_ccc_wdm_enu_48640.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\AdbeRdr810_fr_FR.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\antipub.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\avgas-setup-7.5.1.43.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\BitComet_0.70_setup.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\bitcomet_setup.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\capturino.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\ccsetup141.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\ccsetup201.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\ccsetup202.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\ccsetup203.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\ccsetup204.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\copytodvd4_setup.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Firefox Setup 2.0.0.4.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Google_Earth_BZXD.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\IncrediMailSetup_fr.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Install_Messenger.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\installecrocpopup.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Messenger Error Fixer.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\messengerskinner.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\pg2-050918-nt.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\pllangs.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\PopUp Destroy.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\PSNDownloaderSetup.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\QuickTimeInstaller.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\SUPERAntiSpywarePro 3.9.1008.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\SweetImSetup.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\sync_tact.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\TeamSpeak 3 Setup.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\TomTomHOME2winlatest.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\TomTomHOMEwinlatest.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\vlc_vlc_0.8.6c_francais_10829.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\WebCamGoDrvsV1_22.EXE

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\ACDSee 9.0 Fr + Patch\acdsee 9 Fr.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\ACDSee 9.0 Fr + Patch\Patch [ ACDSee Pro 9.0 ].exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\avast du 10122007\avast! 4.7.1098 Professional Edition\avast! 4.7.1098 Professional Edition + Key\setupfre.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\avast du 10122007\avast! 4.7.1098 Professional Edition\d'avast!4 Server Edition avsrv\d'avast! Virus Cleaner aswclnr.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\avast du 10122007\avast! 4.7.1098 Professional Edition\d'avast!4 Server Edition avsrv\d'avast!4 Server Edition avsrv_ful.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\avast du 10122007\avast! 4.7.1098 Professional Edition\utilitaire de désinstallation avast! aswclear\utilitaire de désinstallation avast! aswclear.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Crack.mkdev.team\aaw2007.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Crack.mkdev.team\AAWLic.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Crack.mkdev.team\Ad-Aware2007.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Crack.mkdev.team\Ad-Watch2007.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Crack.mkdev.team\HostFileEditor.exe

c:\Documents and Settings\Vince\Bureau\Nouveau Porte-documents\Crack.mkdev.team\ProcessWatch.exe

c:\Documents and Settings\Vince\Local Settings\Application Data\IM\Identities\{EB4ABF73-02BB-4A88-82C1-325AFF5EF3C1}\Message Store\Attachments\ccsetup201.exe

c:\Documents and Settings\Vince\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\MSNFix\incl\MD5File.exe

c:\Documents and Settings\Vince\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\MSNFix\incl\Process.exe

c:\Documents and Settings\Vince\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\MSNFix\incl\swreg.exe

c:\Documents and Settings\Vince\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\MSNFix\incl\zip.exe

c:\Documents and Settings\Vince\Local Settings\Apps\2.0\MAMW6AW2.DEX\85GQO9YV.82E\tomt..tion_ef95ea7f0b7b0703_0001.0000_004df2f91a0cc6c8\TomTomHeavenXplorer.exe

c:\Documents and Settings\Vince\Local Settings\Apps\2.0\MAMW6AW2.DEX\85GQO9YV.82E\tomt..tion_ef95ea7f0b7b0703_0001.0000_89acade451d536a1\TomTomHeavenXplorer.exe

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\comerr32.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\dbghelp.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_config.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_events.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_infospace.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_livedata.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_logger.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_orbitsystem.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_qscript.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_rawinput.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_security.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_sntp.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_solarsystem.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_ui3d.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_uicore.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\es_uihud.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\esl_q2io.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\esl_q2net.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\esl_utils.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\freetype.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\gssapi32.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\jpeg.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\krb5_32.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\livedata_control_protocol.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\login_control_protocol.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\msvcp71.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\msvcr71.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\msvcrt.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\netstream.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\png.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qaudio.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qaudiodata.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qcom.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qdevices.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QDisplayDX8.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qdraw.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qgamedev.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qgamedev_helpers.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qgamelib.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qimage.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qinput.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QInputDX7.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QInputWin32.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKflow.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKfs.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKkb.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKkernelout.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKservices.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKstore.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKwheels.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QKworld.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qmaths.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qnet.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qnetv1.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QOSWin32.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qserver.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qserverhelpers.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\QSoundDX8.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qsys.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\quserinterface.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qutils.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\qwin32acm.dll

c:\Documents and Settings\All Users\Application Data\Earthsim\Earthsim1\win32\z.dll

c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\Vince\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

c:\Documents and Settings\Vince\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

c:\Documents and Settings\Vince\Application Data\Microsoft\IdentityCRL\Production\ppcrlui.dll

c:\Documents and Settings\Vince\Local Settings\Application Data\id Software\Enemy Territory - QUAKE Wars Demo\base\compiledscriptx86.dll

c:\Documents and Settings\Vince\Local Settings\Application Data\id Software\Enemy Territory - QUAKE Wars Demo\base\gamex86.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_VINCE-8ROQ2803D.tar.gz a l'adresse http://upload.malekal.com

[WawaSeb]

Bonsoir vince79,

 

Il est nécessaire que tu crées ton propre sujet...

Dans la partie Analyse rapports HijackThis, Eradication malwares, clique sur Nouveau et poste ton rapport avec une description sommaire du problème...

 

Bonne nuit !

[toutoune]

Merci de ta réponse WawaSeb !

 

apparemment le problème est résolu mais voici le rapport au cas où :

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 03/02/2008 à 11:35:55,37

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\HPZIPM12.EXE-145E7369.pf -->03/02/2008 11:35:34

C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->03/02/2008 11:35:05

C:\WINDOWS\prefetch\HPSWP_CLIPBOOK.EXE-05A37C01.pf -->03/02/2008 11:33:56

C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->03/02/2008 11:33:47

C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->03/02/2008 11:33:39

C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->03/02/2008 11:30:38

C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->03/02/2008 11:30:38

C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->03/02/2008 11:30:36

C:\WINDOWS\prefetch\HPRBLOG.EXE-16B72A6F.pf -->03/02/2008 11:30:36

C:\WINDOWS\prefetch\AVAST.SETUP-0186CD5A.pf -->03/02/2008 11:30:36

 

C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02

C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46

C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39

C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52

C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02

C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54

C:\WINDOWS\System32\drivers\ahnsze.sys -->06/11/2007 10:24:00

 

C:\WINDOWS\System32\FNTCACHE.DAT -->03/02/2008 10:23:22

C:\WINDOWS\System32\wpa.dbl -->02/02/2008 17:44:30

C:\WINDOWS\System32\PerfStringBackup.INI -->02/02/2008 15:32:20

C:\WINDOWS\System32\perfh00C.dat -->02/02/2008 15:32:20

C:\WINDOWS\System32\perfh009.dat -->02/02/2008 15:32:20

C:\WINDOWS\System32\perfc00C.dat -->02/02/2008 15:32:20

C:\WINDOWS\System32\perfc009.dat -->02/02/2008 15:32:20

C:\WINDOWS\System32\CONFIG.NT -->02/02/2008 14:32:48

C:\WINDOWS\System32\$winnt$.inf -->23/01/2008 16:03:34

C:\WINDOWS\System32\nscompat.tlb -->23/01/2008 16:00:14

C:\WINDOWS\System32\amcompat.tlb -->23/01/2008 16:00:14

C:\WINDOWS\System32\WindowsLogon.manifest -->23/01/2008 15:59:19

C:\WINDOWS\System32\logonui.exe.manifest -->23/01/2008 15:59:19

C:\WINDOWS\System32\wuaucpl.cpl.manifest -->23/01/2008 15:59:14

C:\WINDOWS\System32\sapi.cpl.manifest -->23/01/2008 15:59:14

C:\WINDOWS\System32\nwc.cpl.manifest -->23/01/2008 15:59:14

C:\WINDOWS\System32\ncpa.cpl.manifest -->23/01/2008 15:59:14

C:\WINDOWS\System32\cdplayer.exe.manifest -->23/01/2008 15:59:14

C:\WINDOWS\System32\emptyregdb.dat -->23/01/2008 15:58:42

C:\WINDOWS\System32\nvs2.inf -->22/01/2008 18:01:49

C:\WINDOWS\System32\bdss.log -->19/01/2008 13:47:04

C:\WINDOWS\System32\calendarauchan.scr -->08/01/2008 13:27:38

C:\WINDOWS\System32\MRT.exe -->02/01/2008 19:21:36

C:\WINDOWS\System32\TZLog.log -->02/01/2008 18:06:52

C:\WINDOWS\System32\bdod.bin -->02/01/2008 15:21:08

 

C:\WINDOWS\wiadebug.log -->03/02/2008 11:29:38

C:\WINDOWS.log -->03/02/2008 11:29:38

C:\WINDOWS\WindowsUpdate.log -->03/02/2008 11:29:37

C:\WINDOWS\wiaservc.log -->03/02/2008 11:29:37

C:\WINDOWS\bootstat.dat -->03/02/2008 11:29:19

C:\WINDOWS\SchedLgU.Txt -->03/02/2008 10:46:38

C:\WINDOWS\hpqins15.dat -->03/02/2008 10:43:52

C:\WINDOWS\hpqins15.dat.temp -->03/02/2008 10:39:56

C:\WINDOWS\hpoins07.dat -->03/02/2008 10:09:51

C:\WINDOWS\win.ini -->03/02/2008 10:09:27

C:\WINDOWS\setupapi.log -->03/02/2008 10:03:47

C:\WINDOWS\WMSysPr9.prx -->03/02/2008 09:41:50

C:\WINDOWS\wmsetup.log -->03/02/2008 09:41:50

C:\WINDOWS\ntbtlog.txt -->02/02/2008 18:44:23

C:\WINDOWS\KB923414.log -->02/02/2008 17:55:40

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1324

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll

0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll

0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll

0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll

0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

0x01af0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

0x62350000 0x53000 2.00.0500.0000 C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll

0x60400000 0x18000 2.00.0500.0000 C:\Program Files\Sun\StarOffice 8\program\uwinapi.dll

0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Sun\StarOffice 8\program\MSVCR71.dll

0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\Sun\StarOffice 8\program\stlport_vc7145.dll

0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Sun\StarOffice 8\program\MSVCP71.dll

0x01c00000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll

0x41f00000 0x7000 1.01.0000.3917 C:\WINDOWS\system32\asfsipc.dll

0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL

0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll

0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL

0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 684

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 7470-B476

 

Répertoire de C:\WINDOWS\system32

 

19/08/2004 15:09 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 87 931 867 136 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 7470-B476

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

02/02/2008 19:04 <REP> .

02/02/2008 19:04 <REP> ..

09/12/2007 00:46 255 336 avsniffdlgs.dll

28/03/2007 10:06 541 ca.pub

19/12/2007 01:00 2 504 catalog.dat

02/02/2008 19:05 <REP> CONFLICT.1

07/05/2007 16:38 500 120 daas_s.dll

23/01/2008 15:59 65 desktop.ini

19/12/2007 01:00 6 899 ecbootil.vxd

09/12/2007 00:36 42 112 ecmldr32.dll

19/12/2007 01:00 284 016 ecmsvr32.dll

11/04/2007 14:55 1 292 erma.inf

20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe

07/05/2007 16:39 192 920 fsauc.dll

16/05/2007 08:22 399 gp.inf

11/09/2007 13:49 12 592 LibComm.dll

20/04/2005 16:21 10 534 mainstrings.txt

11/09/2007 13:49 38 280 NanoInst.dll

11/09/2007 13:36 562 nanoinst.inf

09/12/2007 00:36 6 850 navapi.vxd

09/12/2007 00:36 201 896 navapi32.dll

19/12/2007 01:00 124 272 naveng32.dll

19/12/2007 01:00 914 800 navex32a.dll

28/02/2007 20:24 361 OGAControl.inf

30/06/2005 10:33 244 pestscan.ini

13/09/2005 13:44 479 pestscanx.inf

13/09/2005 13:42 676 864 pestscanx.ocx

31/01/2005 15:11 685 120 ppctl.dll

14/12/2007 20:39 0 ppv5exc.dat

11/09/2007 13:49 43 824 PSComm.dll

11/09/2007 13:49 100 656 PSNAdbrk.dll

06/01/2008 14:37 <REP> Quarantine

19/12/2007 01:00 97 776 scrauth.dat

04/01/2008 09:51 144 swdir.inf

20/11/2007 15:50 247 swflash.inf

19/12/2007 01:00 11 816 symaveng.cat

19/12/2007 01:00 1 061 symaveng.inf

19/12/2007 01:00 402 118 tcdefs.dat

19/12/2007 01:00 2 429 629 tcscan7.dat

19/12/2007 01:00 428 396 tcscan8.dat

19/12/2007 01:00 1 000 625 tcscan9.dat

19/12/2007 01:00 453 tinf.dat

19/12/2007 01:00 148 tinfidx.dat

19/12/2007 01:00 1 957 tinfl.dat

19/12/2007 01:00 68 399 tscan1.dat

19/12/2007 01:00 3 294 tscan1hd.dat

19/12/2007 01:00 4 778 v.grd

19/12/2007 01:00 2 267 v.sig

19/12/2007 01:00 106 244 virscan.inf

19/12/2007 01:00 997 354 virscan1.dat

19/12/2007 01:00 570 966 virscan2.dat

19/12/2007 01:00 150 932 virscan3.dat

19/12/2007 01:00 320 253 virscan4.dat

19/12/2007 01:00 5 198 791 virscan5.dat

19/12/2007 01:00 392 361 virscan6.dat

19/12/2007 01:00 18 131 798 virscan7.dat

19/12/2007 01:00 1 899 941 virscan8.dat

19/12/2007 01:00 5 410 050 virscan9.dat

19/12/2007 01:00 32 virscant.dat

30/07/2007 19:24 293 wuweb.inf

19/12/2007 01:00 224 zdone.dat

57 fichier(s) 43 259 421 octets

 

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

 

02/02/2008 19:05 <REP> .

02/02/2008 19:05 <REP> ..

21/08/2007 14:37 124 208 ascstubie.dll

21/08/2007 14:25 395 ascstubie.inf

18/07/2007 14:49 12 592 libcomm.dll

3 fichier(s) 137 195 octets

 

Répertoire de C:\WINDOWS\Downloaded Program Files\Quarantine

 

06/01/2008 14:37 <REP> .

06/01/2008 14:37 <REP> ..

06/01/2008 14:37 32 ppqdb.dat

06/01/2008 14:37 32 ppqsdb.dat

2 fichier(s) 64 octets

 

Total des fichiers listés :

62 fichier(s) 43 396 680 octets

8 Rép(s) 87 931 863 040 octets libres

 

Recherche de rootkit! (Merci S!Ri)

infection possible Magic.Control : un scan F-Secure BlackLight est recommandé

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-03 11:36:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:000002b3

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

620 - guard.exe

660 - csrss.exe

684 - winlogon.exe

728 - services.exe

740 - lsass.exe

804 - GoogleUpdaterSe

884 - svchost.exe

916 - MDM.EXE

968 - svchost.exe

1060 - svchost.exe

1116 - svchost.exe

1232 - svchost.exe

1320 - igfxtray.exe

1324 - explorer.exe

1400 - svchost.exe

1460 - ashServ.exe

1548 - hkcmd.exe

1748 - spoolsv.exe

1944 - ashDisp.exe

2372 - ctfmon.exe

2464 - hpqtra08.exe

2472 - alg.exe

2572 - hpqimzone.exe

3964 - cmd.exe

 

Total number of processes = 25

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntkrnlpa.exe

806CE000 - \WINDOWS\system32\hal.dll

F7A88000 - \WINDOWS\system32\KDCOM.DLL

F7998000 - \WINDOWS\system32\BOOTVID.dll

F7458000 - ACPI.sys

F7A8A000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS

F7447000 - pci.sys

F7588000 - isapnp.sys

F7B50000 - pciide.sys

F7808000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F7598000 - MountMgr.sys

F7428000 - ftdisk.sys

F7810000 - PartMgr.sys

F75A8000 - VolSnap.sys

F7410000 - atapi.sys

F75B8000 - disk.sys

F75C8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F73F0000 - fltMgr.sys

F73DE000 - sr.sys

F75D8000 - PxHelp20.sys

F73C7000 - KSecDD.sys

F733A000 - Ntfs.sys

F730D000 - NDIS.sys

F72F2000 - Mup.sys

F77F8000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F6D12000 - \SystemRoot\system32\DRIVERS\igxpmp32.sys

F6CFE000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F6CD9000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

F6CC0000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys

F78E8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F6C9D000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F78F0000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F7648000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F78F8000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F7900000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F7658000 - \SystemRoot\system32\DRIVERS\imapi.sys

F7668000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F7678000 - \SystemRoot\system32\DRIVERS\redbook.sys

F6C7A000 - \SystemRoot\system32\DRIVERS\ks.sys

F7C17000 - \SystemRoot\system32\DRIVERS\audstub.sys

F7688000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F7A60000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F6C63000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F7698000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F76A8000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F7908000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F6C52000 - \SystemRoot\system32\DRIVERS\psched.sys

F76B8000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F7910000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F7918000 - \SystemRoot\system32\DRIVERS\raspti.sys

F76C8000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7AB0000 - \SystemRoot\system32\DRIVERS\swenum.sys

F6B59000 - \SystemRoot\system32\DRIVERS\update.sys

F7A70000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F76E8000 - \SystemRoot\System32\Drivers\NDProxy.SYS

AA32D000 - \SystemRoot\system32\drivers\RtkHDAud.sys

AA309000 - \SystemRoot\system32\drivers\portcls.sys

F7708000 - \SystemRoot\system32\drivers\drmk.sys

F7718000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7AB4000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F7AB6000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7BB1000 - \SystemRoot\System32\Drivers\Null.SYS

F7AB8000 - \SystemRoot\System32\Drivers\Beep.SYS

F7BB2000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys

F7948000 - \SystemRoot\System32\drivers\vga.sys

F7ABA000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7ABC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F7950000 - \SystemRoot\System32\Drivers\Msfs.SYS

F7958000 - \SystemRoot\System32\Drivers\Npfs.SYS

F7A38000 - \SystemRoot\system32\DRIVERS\rasacd.sys

AA286000 - \SystemRoot\system32\DRIVERS\ipsec.sys

AA22E000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F7728000 - \SystemRoot\System32\Drivers\aswTdi.SYS

AA206000 - \SystemRoot\system32\DRIVERS\netbt.sys

F7A40000 - \SystemRoot\System32\drivers\ws2ifsl.sys

AA1E4000 - \SystemRoot\System32\drivers\afd.sys

F7738000 - \SystemRoot\system32\DRIVERS\netbios.sys

AA1B9000 - \SystemRoot\system32\DRIVERS\rdbss.sys

AA14A000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F7748000 - \SystemRoot\System32\Drivers\Fips.SYS

AA129000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F7758000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F7960000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS

F7C9E000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

F7978000 - \SystemRoot\System32\Drivers\Aavmker4.SYS

F77A8000 - \SystemRoot\System32\Drivers\Cdfs.SYS

AA049000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F7ADA000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F6AD7000 - \SystemRoot\System32\drivers\Dxapi.sys

F7990000 - \SystemRoot\System32\watchdog.sys

BF000000 - \SystemRoot\System32\drivers\dxg.sys

F7C89000 - \SystemRoot\System32\drivers\dxgthk.sys

BF024000 - \SystemRoot\System32\igxpgd32.dll

BF012000 - \SystemRoot\System32\igxprd32.dll

BF04E000 - \SystemRoot\System32\igxpdv32.DLL

BF1D9000 - \SystemRoot\System32\igxpdx32.DLL

A9FE9000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

A9DDB000 - \SystemRoot\System32\Drivers\aswMon2.SYS

A9C0E000 - \SystemRoot\system32\drivers\wdmaud.sys

F6BE2000 - \SystemRoot\system32\drivers\sysaudio.sys

A9821000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

F7C77000 - \SystemRoot\System32\Drivers\cvintdrv.SYS

A9707000 - \SystemRoot\system32\DRIVERS\srv.sys

A9446000 - \SystemRoot\System32\Drivers\HTTP.sys

A96DB000 - \SystemRoot\System32\Drivers\aswRdr.SYS

A90A8000 - \SystemRoot\system32\drivers\kmixer.sys

F7B8E000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 108

 

Liste des programmes installes

 

1500

1500_Help

1500Trb

ACDSee for PENTAX

Adobe Flash Player ActiveX

Adobe Reader 8.1.1 - Français

Adobe Shockwave Player

AiO_Scan

AiOSoftware

Atlas mondial Microsoft Encarta 2001

avast! Antivirus

AVG Anti-Spyware 7.5

BufferChm

calendarauchan.scr

Calendrier Microsoft Works 1.0

CCleaner (remove only)

CP_AtenaShokunin1Config

CP_CalendarTemplates1

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

CueTour

CustomerResearchQFolder

DASoft Ultra Defragmenter

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

DocProc

DocumentViewer

DocumentViewerQFolder

eSupportQFolder

EVEREST Home Edition v2.20

Fax

Free Registry Defrag

FullDPAppQFolder

Google Desktop

Google Earth

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

HijackThis 2.0.2

HP Document Viewer 5.3

HP Extended Capabilities 5.3

HP Image Zone 5.3

HP Imaging Device Functions 5.3

HP PSC & OfficeJet 5.3.B

HP Smart Web Printing

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

Installation de la C-BOX

Installation de Microsoft Works Suite 2001

InstantShareDevices

Intel® Graphics Media Accelerator Driver

Java 6 Update 2

Java 6 Update 3

jv16 PowerTools 1.3

K-Lite Codec Pack 3.5.0 Full

LG PhoneManager

LG SyncManager

LG USB Modem driver

Macro complémentaire Microsoft Word pour Works Suite

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft AutoRoute 2001

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2001

Microsoft National Language Support Downlevel APIs

Microsoft Office 97 Professional

Microsoft Office XP Web Components

Microsoft Picture It! Photo 2001

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Works 6.0

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)

MRU-Blaster v1.5 (Database 3/28/2004)

MSXML 4.0 SP2 (KB936181)

Multi Virus Cleaner 2007

Nero Suite

NewCopy

OS Pack Works Suite

Outil de mise à jour Google

Panda NanoScan

Panda TotalScan

PanoStandAlone

PENTAX Optio 50 Driver

PhotoGallery

Picasa 2

ProductContext

QuickTime

RandMap

Readme

Realtek AC'97 Audio

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Shockwave

SkinsHP1

SmartWebPrintingOC

SolutionCenter

Sonic_PrimoSDK

Spelling Dictionaries Support For Adobe Reader 8

StarOffice 8

Status

Sweet Home 3D version 1.2

Synchronisation de Works

TrayApp

Ulead Photo Explorer 8.0 SE Basic

Unload

Unlocker 1.8.5

VideoLAN VLC media player 0.8.6d

WebReg

Windows Internet Explorer 7

Windows Live Messenger

WinRAR archiver

ZebHelpProcess 2.23.1

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 7470-B476

 

Répertoire de C:\Program Files

 

03/02/2008 10:04 <REP> .

03/02/2008 10:04 <REP> ..

03/02/2008 09:41 <REP> ACD Systems

14/01/2008 15:29 <REP> ADOBE

31/12/2007 15:48 <REP> AhnLab

15/12/2007 14:48 <REP> Alwil Software

10/11/2007 13:44 <REP> Antivirus

30/12/2007 16:04 <REP> a-squared Free

02/02/2008 14:32 <REP> Avast4

25/01/2008 18:12 <REP> calendarauchan

17/11/2007 20:20 <REP> CCleaner

02/01/2008 13:27 <REP> Cegetel

11/11/2007 16:34 <REP> Codecs

10/11/2007 11:46 <REP> ComPlus Applications

11/11/2007 16:54 <REP> CYBERLINK

01/01/2008 22:20 <REP> DivX

30/12/2007 16:45 <REP> EVEREST Home Edition

03/02/2008 10:08 <REP> Fichiers communs

19/12/2007 12:27 <REP> FoneSync

18/11/2007 14:39 <REP> Freezerware

23/01/2008 17:19 <REP> Google

02/01/2008 18:58 <REP> Grisoft

03/02/2008 10:04 <REP> Hewlett-Packard

11/11/2007 09:58 <REP> HP

10/11/2007 17:09 <REP> IDT

10/11/2007 15:38 <REP> Intel

02/02/2008 15:30 <REP> Internet Explorer

23/12/2007 12:08 <REP> Java

10/11/2007 19:18 <REP> LG Electronics

10/11/2007 19:19 <REP> LG PC Suite

02/01/2008 17:54 <REP> Messenger

23/12/2007 08:54 <REP> Microsoft AutoRoute

18/11/2007 11:03 <REP> Microsoft CAPICOM 2.1.0.2

19/12/2007 12:17 <REP> Microsoft Encarta

10/11/2007 11:49 <REP> microsoft frontpage

19/12/2007 12:11 <REP> Microsoft Money

23/12/2007 08:39 <REP> Microsoft Office

10/01/2008 16:18 <REP> Microsoft Picture It! PhotoPub

15/11/2007 09:39 <REP> Microsoft SQL Server Compact Edition

22/12/2007 18:32 <REP> Microsoft Visual Studio

23/12/2007 06:51 <REP> Microsoft Works

19/12/2007 11:56 <REP> Microsoft Works Suite 2001

10/11/2007 11:46 <REP> Movie Maker

30/11/2007 13:21 <REP> Mozilla Firefox

05/12/2007 21:32 <REP> MRU-Blaster

10/11/2007 11:45 <REP> MSN

10/11/2007 11:45 <REP> MSN Gaming Zone

15/12/2007 15:44 <REP> MSN Messenger

11/12/2007 15:44 <REP> MSWorks

10/11/2007 16:58 <REP> MSXML 4.0

23/11/2007 20:37 <REP> Nero Gravure

10/11/2007 11:47 <REP> NetMeeting

15/11/2007 10:32 <REP> Online Services

02/02/2008 15:22 <REP> Outlook Express

02/02/2008 19:05 <REP> Panda Security

11/11/2007 17:28 <REP> PC-Doctor 5 for Windows

03/02/2008 09:42 <REP> PENTAX Optio 50

24/11/2007 16:41 <REP> Picasa2

10/11/2007 15:26 <REP> Pilotes

24/12/2007 14:53 <REP> Project64 v1.5

10/11/2007 19:02 <REP> QuickTime

30/11/2007 11:27 <REP> Real

21/01/2008 11:48 <REP> Realtek

10/11/2007 18:17 <REP> Realtek AC97

11/11/2007 14:28 <REP> Registry Clean Expert

10/11/2007 11:47 <REP> Services en ligne

30/11/2007 12:08 <REP> Skype

26/01/2008 20:56 <REP> Spybot - Search & Destroy

30/11/2007 11:40 <REP> Sun

24/11/2007 10:31 <REP> Sweet Home 3D

27/01/2008 12:38 <REP> Ulead Systems

11/11/2007 14:36 <REP> UltraDefrag

30/12/2007 15:54 <REP> VideoLAN

08/12/2007 16:20 <REP> Windows Live

08/12/2007 07:37 <REP> Windows Live Toolbar

02/02/2008 15:17 <REP> Windows Media Player

10/11/2007 11:45 <REP> Windows NT

24/12/2007 15:08 <REP> WinRAR

10/11/2007 11:49 <REP> xerox

01/02/2008 19:05 <REP> ZebHelpProcess 2

22/01/2008 18:21 <REP> Zeb-Utility

0 fichier(s) 0 octets

81 Rép(s) 87 923 630 080 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 7470-B476

 

Répertoire de C:\Program Files\fichiers communs

 

03/02/2008 10:08 <REP> .

03/02/2008 10:08 <REP> ..

03/02/2008 09:42 <REP> ACD Systems

12/11/2007 18:22 <REP> Adobe

23/11/2007 20:39 <REP> Ahead

10/11/2007 13:33 <REP> Hewlett-Packard

03/02/2008 10:07 <REP> HP

07/12/2007 16:52 <REP> InstallShield

30/11/2007 11:39 <REP> Java

23/12/2007 08:39 <REP> Microsoft Shared

10/11/2007 11:47 <REP> MSSoap

10/11/2007 12:40 <REP> ODBC

07/12/2007 13:39 <REP> Real

10/11/2007 11:47 <REP> Services

31/12/2007 16:22 <REP> Softwin

03/02/2008 10:08 <REP> Sonic Shared

10/11/2007 12:39 <REP> SpeechEngines

25/01/2008 17:03 <REP> SWF Studio

02/02/2008 15:22 <REP> System

27/01/2008 12:38 <REP> Ulead Systems

05/12/2007 21:32 <REP> Wise Installation Wizard

0 fichier(s) 0 octets

21 Rép(s) 87 923 625 984 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 7470-B476

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

23/12/2007 06:51 <REP> .

23/12/2007 06:51 <REP> ..

23/12/2007 06:51 <REP> 1033

20/09/2005 12:33 1 293 008 MSONSEXT.DLL

17/03/1999 20:22 122 936 MSOWS409.DLL

25/01/2000 18:31 127 032 MSOWS40C.dll

11/07/2003 02:25 80 448 PKMWS.DLL

18/03/1999 04:37 593 977 RAGENT.DLL

5 fichier(s) 2 217 401 octets

3 Rép(s) 87 923 625 984 octets libres

 

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 7470-B476

 

Répertoire de C:\

 

c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe

c:\Documents and Settings\Annie\Mes documents\Documents\Bergere de France\bdf.exe

c:\Documents and Settings\Annie\Mes documents\Mes fichiers reçus\calendarauchan.exe

c:\Documents and Settings\Gérard\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\hp_prn_hlp_update.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\hpzmsi01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\hpzscr01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\hpzswp01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS12.tmp\Hpzsetup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS12.tmp\setup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS12.tmp\setup\hpqbhp01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS12.tmp\setup\HPZmsi01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS12.tmp\setup\HPZscr01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS12.tmp\setup\HPZSWP01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS124.tmp\Hpzsetup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS124.tmp\setup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS124.tmp\setup\hpqbhp01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS124.tmp\setup\HPZmsi01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS124.tmp\setup\HPZscr01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS124.tmp\setup\HPZSWP01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS13.tmp\Hpzsetup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS13.tmp\setup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS13.tmp\setup\hpqbhp01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS13.tmp\setup\HPZmsi01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS13.tmp\setup\HPZscr01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zS13.tmp\setup\HPZSWP01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSB.tmp\Hpzsetup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSB.tmp\setup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSB.tmp\setup\hpqbhp01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSB.tmp\setup\HPZmsi01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSB.tmp\setup\HPZscr01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSB.tmp\setup\HPZSWP01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSC.tmp\Hpzsetup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSC.tmp\setup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSC.tmp\setup\hpqbhp01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSC.tmp\setup\HPZmsi01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSC.tmp\setup\HPZscr01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSC.tmp\setup\HPZSWP01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSD.tmp\Hpzsetup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSD.tmp\setup.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSD.tmp\setup\hpqbhp01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSD.tmp\setup\HPZmsi01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSD.tmp\setup\HPZscr01.exe

c:\Documents and Settings\Gérard\Local Settings\Temp\7zSD.tmp\setup\HPZSWP01.exe

c:\Documents and Settings\Gérard\Mes documents\dotnetfx.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\autorun.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Install.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\instmsia.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\instmsiw.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\Artgalry\ARTGALRY.EXE

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\Artgalry\CAG.EXE

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\Equation\eqnedt32.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\MSDraw\msdraw.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\MSInfo\MSInfo32.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\Note-It\note-it.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\WkShared\wkcalrem.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\WkShared\WksCal.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Common\MSShared\WordArt\Wrdart32.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\PFiles\MSWorks\msworks.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\PFiles\MSWorks\wkgdcach.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\PFiles\MSWorks\wksab.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\PFiles\MSWorks\wksss.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\PFiles\MSWorks\WksWP.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\PFiles\MSWorks\1036\Manual\ar40fra.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Redist\IE5\dcom95.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Redist\IE5\ie5comp.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Redist\IE5\ie5setup.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Redist\IE5\vrml2c.exe

c:\Documents and Settings\Gérard\Mes documents\GERARD\DISQUE\Redist\mdac\mdac_typ.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\AdbeRdr810_fr_FR.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\CertiNomis.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\Defenza.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\emoticones.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\EmoticonesAnimaux.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\Google_Earth_BZXV.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\Google_Updater.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\GoogleDesktopSetup.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\HP_Smart_Web_Printing3.5.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\IE7Setup_G_FR.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\IE7-WindowsXP-x86-fra.exe

c:\Documents and Settings\Gérard\Mes documents\INTERNET\Install_Messenger.exe

c:\Documents and Settings\Gérard\Mes documents\Mes fichiers reçus\calendarauchan.exe

c:\Documents and Settings\Julien\Local Settings\Apps\2.0\73Y7C9NK.KBM\RVHPLYXP.2DC\zebb..tion_4e93cf4ea346e16c_0001.0000_570079677f55c36c\ZebBench.exe

c:\Documents and Settings\Julien\Mes documents\ATF-Cleaner.exe

c:\Documents and Settings\Julien\Mes documents\ccsetup202.exe

c:\Documents and Settings\Julien\Mes documents\ClamWinPortable.exe

c:\Documents and Settings\Julien\Mes documents\Setup_Zeb-Utility.exe

c:\Documents and Settings\Julien\Mes documents\Startup.exe

c:\Documents and Settings\Julien\Mes documents\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe

c:\Documents and Settings\Julien\Mes documents\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24\secedit.exe

c:\Documents and Settings\Julien\Mes documents\Downloads\CCleaner\CCleaner.exe

c:\Documents and Settings\Julien\Mes documents\Downloads\CCleaner\uninst.exe

c:\Documents and Settings\Julien\Mes documents\EClea2_0\EasyClea.exe

c:\Documents and Settings\Julien\Mes documents\gmail-drive-shell-extension_gmail_drive_shell_extension_1.0.12_anglais_13783\Setup.exe

c:\Documents and Settings\Julien\Mes documents\HiJackThis\HijackThis.exe

c:\Documents and Settings\Julien\Mes documents\HiJackThis\ZHP 2.23.1\BDEADMIN.EXE

c:\Documents and Settings\Julien\Mes documents\HiJackThis\ZHP 2.23.1\ZHP 2.23.1.exe

c:\Documents and Settings\Julien\Mes documents\jv16 PowerTools\jv16 PowerTools.exe

c:\Documents and Settings\Julien\Mes documents\jv16 PowerTools\unins000.exe

c:\Documents and Settings\Julien\Mes documents\jv16 PowerTools\Backups\RegEdit.exe

c:\Documents and Settings\Julien\Mes documents\jv16 PowerTools\Plug-ins\TempTool.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\DeepBurner1.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\aawsepersonal.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\Avast.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\avg-anti-spyware_avg_anti-spyware_francais_27645.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\ccsetup201.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\everesthome220.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\hitmanpro26.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\Install_Messenger.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\ir044_unicode.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\klcodec350f.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\mrublastersetup.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\pci_fr_smartrecovery.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\RegCleaner.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\registry-defrag.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\sesp21a-en.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\Setup_FreeConverter.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\SetupBedroom.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\spybotsd14.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\SpywareTerminatorSetup.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\SweetHome3D-1.2-windows.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\UDPixel2_fr_installer.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\Programmes et pilotes\ultradefrag-1.2.1.bin.i386.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\ccleaner_ccleaner_1.41.544_francais_14492.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\cdex_170b2_enu_nonunicode.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\DCOM98(utile).EXE

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\install_flash_player.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\java 6.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\klcodec357b.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\splus_install.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\tsunami_filter_pack_3_8_9_mini.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\Visual_Basic_6.0_-VB6-_runtime_SP5.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\wrar371fr.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\new\gravure.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\new\mp71.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\new\MPSetup.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\new\setupSJT.exe

c:\Documents and Settings\Julien\Mes documents\KIT survie\WINDOWS98\new\smplayer_0.5.51_full_setup.exe

c:\Documents and Settings\Julien\Mes documents\mvc\setup.exe

c:\Documents and Settings\Julien\Mes documents\new\SDFix.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\catchme.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\diff.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\dumphive.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\find2.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\Fport.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\grep.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\gzip.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\LFiles.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\md5sums.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\pslist.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\sigcheck.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\streams.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\swreg.exe

c:\Documents and Settings\Julien\Mes documents\new\DiagHelp\DiagHelp\tar.exe

c:\Documents and Settings\Julien\Mes documents\new\HiJackThis\HijackThis.exe

c:\Documents and Settings\Julien\Mes documents\new\Pilotes à ne pas perdre\Pilote carte Ethernet.exe

c:\Documents and Settings\Julien\Mes documents\new\Pilotes à ne pas perdre\Pilote carte graphique.exe

c:\Documents and Settings\Julien\Mes documents\new\Pilotes à ne pas perdre\Pilote carte son.exe

c:\Documents and Settings\Julien\Mes documents\new\Pilotes à ne pas perdre\Pilote Ecran Compaq.exe

c:\Documents and Settings\Julien\Mes documents\new\Pilotes à ne pas perdre\LAN_allXP_2K_5674_PV_Realtek_8101E_8111BC\setup.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\avgas-setup-7.5.1.43.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\bitdefender_free_v10.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\blacklight.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\ClamWinPortable.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\jv16pt_setup1.3.0.195.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\spybotsd15.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\ToolsCleaner2.exe

c:\Documents and Settings\Julien\Mes documents\Sécurité\unlocker1.8.5.exe

c:\Documents and Settings\Julien\Mes documents\unlock\Unlocker\uninst.exe

c:\Documents and Settings\Julien\Mes documents\unlock\Unlocker\Unlocker.exe

c:\Documents and Settings\Julien\Mes documents\unlock\Unlocker\UnlockerAssistant.exe

c:\Documents and Settings\Julien\Mes documents\Zeb-Bench\setup.exe

c:\Documents and Settings\Julien\Mes documents\Zeb-Bench\ZebBench_1_0_2_4\ZebBench.exe

c:\Documents and Settings\Julien\Multi Virus Cleaner 2007\MVC.exe

c:\Documents and Settings\Julien\Multi Virus Cleaner 2007\unins000.exe

c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

c:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\jqd66dnj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

c:\Documents and Settings\Annie\Application Data\Mozilla\Firefox\Profiles\jqd66dnj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_FENOULIE-6B9DCC.tar.gz a l'adresse http://upload.malekal.com

 

merci d'avance !

[WawaSeb]

Bonjour toutoune,

 

*** Il reste en tous les cas des traces d'un rootkit désormais très classique ! ***

 

 

--> Télécharge Navilog1 de IL-MAFIOSO

• Enregistre-le sur ton bureau
  
• Double-clique sur navilog1.exe pour lancer l'installation
  
• Dans le dossier qui vient de se créer, exécute navilog1.exe
  ---> Une fois l'installation terminée, le fix s'exécutera automatiquement (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau)
  
• Après l'installation, le fix se lance normalement (sinon, clique sur Navilog1 pour démarrer manuellement)
  
• Choisis l'option 1 (PAS les autres !!!!)
  
• Attends jusqu'à l'apparition du message *** Analyse Terminée le ..... ***
  
• Presse une touche pour faire apparaître le rapport
  
• Copie-colle tout ce rapport dans ta prochaine réponse
  
• Ferme le bloc-note (le rapport est enregistré à l'emplacement <RACINE>\fixnavi.txt)
  

@ très vite !