Aide pour suppression Win32/WHO.AGZ

[AR1971]

Bonjour à tous,

 

Voila j'ai ce cheval de troie détecté par nod 32 mais impossible de le supprimer; il se trouve dans le fichier c:\windows\system32\coinstm.dll.

 

Antivir non plus ne l'a pas eu donc je ne sais pas comment faire; merci de votre aide.

 

Voila le rapport hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:22:48, on 16/02/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\UTILIT~1\ZONEAL~1\zlclient.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Utilitaires\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Utilitaires\NOD32\nod32\nod32kui.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Utilitaires\creative nano\media source\Detector\CTDetect.exe

C:\Utilitaires\SuperCopier\SuperCopier.exe

C:\Utilitaires\NOD32\nod32\nod32krn.exe

C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Utilitaires\palmone\Hotsync.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\WINDOWS\System32\WFXSVC.EXE

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Utilitaires\Symantec\DelFax\WFXMOD32.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\cleanmgr.exe

C:\Utilitaires\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

 

Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} -

 

C:\Utilitaires\Xi\NetXfer\NXIEHelper.dll

O2 - BHO: (no name) - {C2FA9B8C-068A-4948-ADE2-D191BF273B2F} - C:\WINDOWS\System32\coinstm.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} -

 

C:\UTILIT~1\COPERN~1\COPERN~1.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} -

 

C:\Utilitaires\Xi\NetXfer\NXToolBar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP

 

Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Zone Labs Client] C:\UTILIT~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Utilitaires\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nod32kui] "C:\Utilitaires\NOD32\nod32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"

O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513

O4 - HKCU\..\Run: [Creative Detector] "C:\Utilitaires\creative nano\media

 

source\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [superCopier.exe] C:\Utilitaires\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HotSync Manager.lnk = C:\Utilitaires\palmone\Hotsync.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital

 

Imaging\bin\hpobnz08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Utilitaires\PSNLite\PsnLite.exe

O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Utilitaires\Copernic

 

Agent\Web\SearchExt.htm

O8 - Extra context menu item: Tout télécharger avec NetXfer -

 

C:\Utilitaires\Xi\NetXfer\NXAddList.html

O8 - Extra context menu item: Télécharger avec NetXfer - C:\Utilitaires\Xi\NetXfer\NXAddLink.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

 

C:\UTILIT~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

 

C:\UTILIT~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} -

 

C:\UTILIT~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} -

 

C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} -

 

C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.9online.fr

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

 

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

 

http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -

 

http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

 

http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB18902-A3AB-4898-B2D8-5B69D5E085C1}: NameServer =

 

192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

 

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

 

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

 

C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

 

Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

 

Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Utilitaires\NOD32\nod32\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

 

Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software -

 

C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

 

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

 

Merci encore

[pear]

Bonjour,

 

Désactivez les protections.

Télécharger DiagHelp.zip de Malekal_morte sur le bureau.

http://www.malekal.com/download/DiagHelp.zip

* Décompressez le, sur le bureau par exemple.

* Un nouveau dossier chercher va être créé DiagHelp.

* Ouvrez le et double-cliquez sur go.cmd (le .cmd peut ne pas apparaître)

* Une fenêtre va s'ouvrir, choisir l'option 1

* L'analyse va commencer, ceci peut durer quelques minutes, appuyez sur une touche quand on le demande

* Copier/coller le contenu entier du bloc-note qui s'ouvre et le joindre à la prochaine réponse.

Sinon, il est là:C:\resultats.txt

[AR1971]

Merci de votre aide, voici le log:

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 16/02/2008 à 13:39:10,59

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->16/02/2008 13:38:57

C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->16/02/2008 13:38:52

C:\WINDOWS\prefetch\WINRAR.EXE-01B43BF9.pf -->16/02/2008 13:37:18

C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->16/02/2008 11:02:53

C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->16/02/2008 11:01:36

C:\WINDOWS\prefetch\REGEDT32.EXE-11878ACD.pf -->16/02/2008 11:01:34

C:\WINDOWS\prefetch\MSNMSGR.EXE-366A1A81.pf -->16/02/2008 11:01:21

C:\WINDOWS\prefetch\FIREFOX.EXE-12792F4F.pf -->16/02/2008 10:35:44

C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->16/02/2008 10:23:04

C:\WINDOWS\prefetch\HIJACKTHIS.EXE-0809EB98.pf -->16/02/2008 10:22:33

 

C:\WINDOWS\System32\drivers\cxqedulq.dat -->01/01/2008 12:41:27

C:\WINDOWS\System32\drivers\atksgt.sys -->14/10/2006 18:14:27

C:\WINDOWS\System32\drivers\lirsgt.sys -->14/10/2006 18:14:25

C:\WINDOWS\System32\drivers\cdralw2k.sys -->05/10/2006 03:42:42

C:\WINDOWS\System32\drivers\cdr4_xp.sys -->05/10/2006 03:42:42

C:\WINDOWS\System32\drivers\pxhelp20.sys -->27/09/2006 22:53:22

C:\WINDOWS\System32\drivers\amon.sys -->18/09/2006 09:05:35

 

C:\WINDOWS\System32\vsconfig.xml -->16/02/2008 10:01:30

C:\WINDOWS\System32\wpa.dbl -->16/02/2008 04:28:19

C:\WINDOWS\System32\imon1.dat -->01/01/2008 21:52:52

C:\WINDOWS\System32\FNTCACHE.DAT -->25/12/2007 11:44:52

C:\WINDOWS\System32\mlfcache.dat -->12/12/2007 11:17:52

C:\WINDOWS\System32\gafilter.sti -->01/12/2007 18:36:52

C:\WINDOWS\System32\gaeffect.sti -->01/12/2007 18:36:51

C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 14:54:06

C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 14:54:06

C:\WINDOWS\System32\perfh009.dat -->28/10/2007 14:54:06

C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 14:54:06

C:\WINDOWS\System32\perfc009.dat -->28/10/2007 14:54:06

C:\WINDOWS\System32\ssldivx.dll -->27/07/2007 00:06:12

C:\WINDOWS\System32\libdivx.dll -->27/07/2007 00:06:12

C:\WINDOWS\System32\sirenacm.dll -->19/01/2007 12:53:04

C:\WINDOWS\System32\Adiboud'chou.lnk -->15/12/2006 20:50:54

C:\WINDOWS\System32\fgbs81.sys -->13/12/2006 10:54:03

C:\WINDOWS\System32\REX Shared Library.dll -->04/10/2006 13:13:16

C:\WINDOWS\System32\NI_IRC_1_2.dll -->04/10/2006 13:13:16

C:\WINDOWS\System32\NI_DFD_1_5.dll -->04/10/2006 13:13:16

C:\WINDOWS\System32\bconvert.dll -->04/10/2006 13:13:16

C:\WINDOWS\System32\vxblock.dll -->27/09/2006 22:53:23

C:\WINDOWS\System32\pxwave.dll -->27/09/2006 22:53:23

C:\WINDOWS\System32\pxmas.dll -->27/09/2006 22:53:22

C:\WINDOWS\System32\pxhpinst.exe -->27/09/2006 22:53:22

 

C:\WINDOWS\setupact.log -->16/02/2008 10:05:40

C:\WINDOWS.log -->16/02/2008 10:00:59

C:\WINDOWS\win.ini -->16/02/2008 10:00:07

C:\WINDOWS\wiadebug.log -->16/02/2008 09:59:35

C:\WINDOWS\wiaservc.log -->16/02/2008 09:59:29

C:\WINDOWS\bootstat.dat -->16/02/2008 09:59:02

C:\WINDOWS\ntbtlog.txt -->16/02/2008 09:57:56

C:\WINDOWS\SchedLgU.Txt -->16/02/2008 05:00:38

C:\WINDOWS\DYNAZIP.LOG -->13/02/2008 08:45:39

C:\WINDOWS\QTFont.qfn -->11/02/2008 14:15:27

C:\WINDOWS\QTFont.for -->11/02/2008 14:15:27

C:\WINDOWS\NeroDigital.ini -->22/01/2008 18:48:03

C:\WINDOWS\wmsetup.log -->22/01/2008 18:23:54

C:\WINDOWS\DPINST.LOG -->14/01/2008 15:44:33

C:\WINDOWS\Setup.log -->13/01/2008 15:01:23

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1952

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x01000000 0xf9000 6.00.2800.1106 C:\WINDOWS\Explorer.EXE

0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll

0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll

0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll

0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll

0x75f10000 0xfc000 6.00.2800.1106 C:\WINDOWS\System32\BROWSEUI.dll

0x76960000 0x14a000 6.00.2800.1106 C:\WINDOWS\System32\SHDOCVW.dll

0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\UxTheme.dll

0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll

0x5b950000 0x72000 6.00.2800.1106 C:\WINDOWS\System32\themeui.dll

0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\ACTXPRXY.DLL

0x76ac0000 0x15000 3.00.9435.0000 C:\WINDOWS\System32\ATL.DLL

0x76080000 0x7a000 6.00.2800.1106 C:\WINDOWS\System32\urlmon.dll

0x74aa0000 0x43000 6.00.2800.1106 C:\WINDOWS\System32\webcheck.dll

0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll

0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll

0x01820000 0x201000 2.00.2600.1106 C:\WINDOWS\System32\msi.dll

0x56780000 0xc000 C:\Utilitaires\SuperCopier\SCHook.DLL

0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll

0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll

0x76190000 0x99000 6.00.2800.1106 C:\WINDOWS\system32\WININET.dll

0x10100000 0x16000 C:\Program Files\Logitech\SetPoint\lgscroll.dll

0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll

0x723a0000 0x13000 6.00.2800.1106 C:\WINDOWS\System32\browselc.dll

0x10000000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\System32\MSVCR71.dll

0x02910000 0xbb000 1.03.0000.0012 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

0x5f140000 0x1a000 5.00.5014.0000 C:\WINDOWS\System32\olepro32.dll

0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll

0x20b00000 0x45000 2.51.0020.0000 C:\WINDOWS\System32\imon.dll

0x20c00000 0xd000 C:\Utilitaires\NOD32\nod32\pr_imon.dll

0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll

0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll

0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll

0x72380000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll

0x21670000 0xd000 9.00.0098.0727 C:\Utilitaires\Symantec\DelFax\WfxSeh32.Dll

0x20000000 0x57000 1.01.0000.0500 C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll

0x00d10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

0x02180000 0x99000 10.00.0000.0168 C:\Program Files\Graphisoft\ArchiCAD 10\GSShellX.dll

0x00920000 0x29000 C:\Utilitaires\Winrar3.11\rarext.dll

0x00d50000 0x10000 1.07.0001.0000 C:\Utilitaires\QuickSFV\QSFVShll.dll

0x00da0000 0x10000 C:\Utilitaires\NOD32\nod32\nodshex.dll

0x02320000 0x68000 C:\UTILIT~1\AQUARE~1\A2CONT~1.DLL

0x016a0000 0x3a000 C:\WINDOWS\System32\coinstm.dll

0x74780000 0x2b7000 6.00.2800.1106 C:\WINDOWS\System32\mshtml.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 592

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x84000 \??\C:\WINDOWS\system32\winlogon.exe

0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll

0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll

0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll

0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll

0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\COMCTL32.dll

0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll

0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll

0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll

0x76b70000 0x20000 6.00.2800.1106 C:\WINDOWS\System32\SHSVCS.dll

0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll

0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\uxtheme.dll

0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll

0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll

0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2899-7B24

 

Répertoire de C:\WINDOWS\temp

 

31/05/2005 18:02 65 536 CTPBSEQ.EXE

07/10/2002 12:00 385 024 HXFSETUP.EXE

2 fichier(s) 450 560 octets

0 Rép(s) 10 032 844 800 octets libres

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2899-7B24

 

Répertoire de C:\WINDOWS\system32

 

28/08/2001 13:00 4 096 csrss.exe

1 fichier(s) 4 096 octets

0 Rép(s) 10 032 844 800 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2899-7B24

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

17/09/2007 11:05 <REP> .

17/09/2007 11:05 <REP> ..

07/08/2003 09:02 110 592 asinst.dll

07/08/2003 09:06 525 asinst.inf

07/10/2004 22:16 815 bitdefender.inf

07/10/2004 23:05 327 680 bitdefender.ocx

26/10/2004 18:11 241 CabSA.inf

18/10/2003 14:45 65 desktop.ini

09/02/2005 15:54 1 271 erma.inf

12/07/2000 03:02 36 864 fxfileop.dll

25/06/2003 09:56 467 launchie.inf

20/01/2000 14:25 1 162 Microsoft XML Parser for Java.osd

26/10/2004 18:14 160 928 rufsi.dll

27/08/2005 13:30 5 065 swflash.inf

31/10/2001 11:37 118 uninst.bat

30/06/2003 22:41 1 689 WMV9VCM.inf

09/06/2004 16:51 1 777 xscan.inf

09/06/2004 16:56 435 712 xscan53.ocx

16 fichier(s) 1 084 971 octets

 

Total des fichiers listés :

16 fichier(s) 1 084 971 octets

2 Rép(s) 10 032 844 800 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-16 13:41:44

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden services & system hive ...

 

IPC error: 2 Le fichier spécifié est introuvable.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

"ujdew"=hex:20,02,00,00,49,83,88,08,bd,f6,eb,9b,59,15,a9,51,a2,72,d4,86,57,..

"ljej40"=hex:fa,b5,57,9b,f6,48,bf,25,cc,3f,c3,f2,c5,7a,45,aa,cb,7a,31,04,2f,..

"ljej41"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,..

"ljej42"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,..

"ljej43"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,..

"ljej44"=hex:7f,b5,57,9b,8e,48,bf,25,cd,3f,c2,f2,c4,7a,45,aa,cb,7a,31,04,ea,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120%"

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

388 - firefox.exe

476 - atiptaxx.exe

500 - zlclient.exe

564 - nod32kui.exe

568 - csrss.exe

592 - winlogon.exe

780 - CDAC11BA.EXE

900 - nod32krn.exe

952 - WFXMOD32.EXE

1052 - svchost.exe

1144 - services.exe

1156 - lsass.exe

1324 - svchost.exe

1404 - Hotsync.exe

1424 - svchost.exe

1544 - vsmon.exe

1620 - KEM.exe

1952 - explorer.exe

2376 - iPodService.exe

2956 - msnmsgr.exe

3228 - usnsvc.exe

4040 - cmd.exe

 

Total number of processes = 23

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D4000 - \WINDOWS\system32\ntoskrnl.exe

806C8000 - \WINDOWS\system32\hal.dll

F8A36000 - \WINDOWS\system32\KDCOM.DLL

F8946000 - \WINDOWS\system32\BOOTVID.dll

F84EE000 - Vax347b.sys

F84C2000 - ACPI.sys

F8A38000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS

F8536000 - pci.sys

F8546000 - isapnp.sys

F87B6000 - cxqedulq.dat

F8AFE000 - pciide.sys

F87BE000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

F8556000 - MountMgr.sys

F84A3000 - ftdisk.sys

F8A3A000 - dmload.sys

F847F000 - dmio.sys

F87C6000 - PartMgr.sys

F8566000 - VolSnap.sys

F8469000 -

F8A3C000 - Vax347s.sys

F8452000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

F8576000 - disk.sys

F8586000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

F8596000 - PxHelp20.sys

F843E000 - KSecDD.sys

F83B4000 - Ntfs.sys

F838B000 - NDIS.sys

F894A000 - RecAgent.sys

F85A6000 - ohci1394.sys

F85B6000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS

F894E000 - nv_agp.sys

F8371000 - Mup.sys

F8776000 - \SystemRoot\System32\DRIVERS\processr.sys

F802E000 - \SystemRoot\System32\DRIVERS\usbohci.sys

F70F5000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS

F891E000 - \SystemRoot\System32\DRIVERS\usbehci.sys

F70E1000 - \SystemRoot\System32\DRIVERS\NVENET.sys

F8926000 - \SystemRoot\system32\drivers\nvax.sys

F8786000 - \SystemRoot\System32\DRIVERS\imapi.sys

F8936000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys

F893E000 - \SystemRoot\system32\drivers\ASAPIW2k.sys

F8796000 - \SystemRoot\System32\Drivers\AFS2K.SYS

F87A6000 - \SystemRoot\System32\DRIVERS\cdrom.sys

F85E6000 - \SystemRoot\System32\DRIVERS\redbook.sys

F70C1000 - \SystemRoot\System32\DRIVERS\ks.sys

F702C000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys

F701A000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

F87EE000 - \SystemRoot\System32\DRIVERS\fdc.sys

F85F6000 - \SystemRoot\System32\DRIVERS\serial.sys

F7CA0000 - \SystemRoot\System32\DRIVERS\serenum.sys

F7007000 - \SystemRoot\System32\DRIVERS\parport.sys

F71A7000 - \SystemRoot\System32\DRIVERS\i8042prt.sys

F7197000 - \SystemRoot\System32\DRIVERS\L8042mou.Sys

F7187000 - \SystemRoot\System32\DRIVERS\LMouKE.Sys

F87F6000 - \SystemRoot\System32\DRIVERS\mouclass.sys

F7C9C000 - \SystemRoot\System32\DRIVERS\L8042Kbd.sys

F87FE000 - \SystemRoot\System32\DRIVERS\kbdclass.sys

F8C68000 - \SystemRoot\System32\DRIVERS\audstub.sys

F8A9E000 - \SystemRoot\System32\Drivers\RootMdm.sys

F8806000 - \SystemRoot\System32\Drivers\Modem.SYS

F7177000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys

F7C98000 - \SystemRoot\System32\DRIVERS\ndistapi.sys

F6FF1000 - \SystemRoot\System32\DRIVERS\ndiswan.sys

F7167000 - \SystemRoot\System32\DRIVERS\raspppoe.sys

F7157000 - \SystemRoot\System32\DRIVERS\raspptp.sys

F7C94000 - \SystemRoot\System32\DRIVERS\TDI.SYS

F6FA7000 - \SystemRoot\System32\DRIVERS\psched.sys

F7147000 - \SystemRoot\System32\DRIVERS\msgpc.sys

F881E000 - \SystemRoot\System32\DRIVERS\ptilink.sys

F8826000 - \SystemRoot\System32\DRIVERS\raspti.sys

F6F7A000 - \SystemRoot\System32\DRIVERS\rdpdr.sys

F8606000 - \SystemRoot\System32\DRIVERS\termdd.sys

F8B91000 - \SystemRoot\System32\DRIVERS\swenum.sys

F8616000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F8626000 - \SystemRoot\System32\DRIVERS\usbhub.sys

F8AAC000 - \SystemRoot\System32\DRIVERS\USBD.SYS

F6F34000 - \SystemRoot\system32\drivers\nvapu.sys

F6F13000 - \SystemRoot\system32\drivers\portcls.sys

F8656000 - \SystemRoot\system32\drivers\drmk.sys

F6E42000 - \SystemRoot\system32\drivers\nvmcp.sys

F6E31000 - \SystemRoot\system32\drivers\nvarm.sys

F8ABC000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F8BC8000 - \SystemRoot\System32\Drivers\Null.SYS

F8ABE000 - \SystemRoot\System32\Drivers\Beep.SYS

F883E000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS

F8846000 - \SystemRoot\System32\drivers\vga.sys

F8AC0000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F8AC2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F884E000 - \SystemRoot\System32\Drivers\Msfs.SYS

F8856000 - \SystemRoot\System32\Drivers\Npfs.SYS

F8A26000 - \SystemRoot\System32\DRIVERS\rasacd.sys

F86A6000 - \SystemRoot\System32\DRIVERS\ipsec.sys

A6F66000 - \SystemRoot\System32\DRIVERS\tcpip.sys

A6F26000 - \SystemRoot\System32\Drivers\SYMTDI.SYS

A6F13000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS

A6EEC000 - \SystemRoot\System32\DRIVERS\netbt.sys

F86B6000 - \SystemRoot\System32\DRIVERS\netbios.sys

A6EC4000 - \SystemRoot\System32\DRIVERS\rdbss.sys

F8BFA000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS

A6E60000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys

F86C6000 - \SystemRoot\System32\Drivers\Fips.SYS

F86D6000 - \SystemRoot\System32\Drivers\Cdfs.SYS

A6E22000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F8AD2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F89F6000 - \SystemRoot\System32\watchdog.sys

F8A0A000 - \SystemRoot\System32\drivers\Dxapi.sys

BFF80000 - \SystemRoot\System32\drivers\dxg.sys

F8B3D000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9BB000 - \SystemRoot\System32\ati2dvag.dll

BFA09000 - \SystemRoot\System32\ati3duag.dll

F8766000 - \SystemRoot\System32\DRIVERS\wanarp.sys

A6CC1000 - \SystemRoot\System32\drivers\afd.sys

A6D6E000 - \SystemRoot\System32\drivers\ws2ifsl.sys

A6CAC000 - \SystemRoot\System32\DRIVERS\nwlnkipx.sys

F86F6000 - \SystemRoot\System32\DRIVERS\nwlnknb.sys

A6D4E000 - \SystemRoot\System32\DRIVERS\ndisuio.sys

A6B85000 - \??\C:\WINDOWS\System32\vsdatant.sys

A6DD2000 - \SystemRoot\System32\DRIVERS\nwlnkspx.sys

A6992000 - \SystemRoot\system32\drivers\wdmaud.sys

A6B2D000 - \SystemRoot\system32\drivers\sysaudio.sys

A670D000 - \SystemRoot\System32\DRIVERS\mrxdav.sys

F8ABA000 - \SystemRoot\System32\Drivers\ParVdm.SYS

A6643000 - \??\C:\WINDOWS\System32\drivers\amon.sys

F8816000 - \SystemRoot\System32\drivers\aspi32.sys

A661A000 - \SystemRoot\System32\DRIVERS\atksgt.sys

A6AAD000 - \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS

F88BE000 - \??\C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS

A66C5000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys

F8B70000 - \??\C:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\IcProg\icprog.sys

F88D6000 - \SystemRoot\System32\DRIVERS\lirsgt.sys

A6502000 - \SystemRoot\System32\DRIVERS\secdrv.sys

A6489000 - \SystemRoot\System32\DRIVERS\srv.sys

A617F000 - \SystemRoot\SYSTEM32\DRIVERS\WibuKey.sys

F8BD3000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 135

 

Liste des programmes installes

 

6.1

a-squared Free 1.6

ACDSee Pro 2

Ad-Aware SE Personal

Adibou et Les Voleurs d'Energie

Adobe Reader 7.0.5 - Français

AGEIA PhysX v2.5.1

ArchiCAD 10 R1 FRA

ArchiCAD 9 FRA

Archiveur WinRAR

ATI Control Panel

ATI Display Driver

Audacity 1.2.4

AutoUpdate

Azureus

BSPlayer

BSPlayer

Camera Window

Canon Internet Library for ZoomBrowser EX

Canon PhotoRecord

Canon Utilities File Viewer Utility 1.2

Canon Utilities PhotoStitch 3.1

Canon Utilities RemoteCapture 2.7

Canon Utilities ZoomBrowser EX

CartoExploreur 3

CartoExploreur 3

CD-reef version S129 (édition 2002.3)

CDex 1.40 Fr [Extraction Audio]

CIG

CloneCD

Commande ECHO désactivée.

Company of Heroes

Copernic Agent Professional

Correctif Windows XP - KB824146

COSMOPOLITAN Virtual Look 3

Creative Mass Storage Drivers

Creative Mass Storage Drivers

Creative MediaSource

Creative System Information

Creative WebCam Center

Creative WebCam Live! Driver (1.02.03.0606)

Creative Zen Nano Plus

dBpowerAMP Musepack Codec

dBpowerAMP Music Converter

DENIBE

Deutz Engine

Diagnostic Sésam Vitale

Direct Show Ogg Vorbis Filter (remove only)

Disney Dessinez, c'est Disney 2

DivX

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Documents To Go

Dora Sakado

E.G.S.

EAX Unified

Emidal

Enregistrement du produit WebCam Live!

Fenêtre d'appareil photo Canon pour ZoomBrowser EX

File Viewer Utility 1.2.2

FunProm v2.49.11

GAEA 1.4

Guitar Pro 5.2

HijackThis 1.99.1

hp psc 2100 series

Indeo® software

Installer Yahoo! Messenger

iTunes

iTunes

J2SE Runtime Environment 5.0 Update 1

Jasc Paint Shop Pro 8

Lapin Malin Maternelle 1 & Mon 1er Lapin Malin

Lecteur Windows Media 10

Lemmings Revolution

LiveAdvisor (Symantec Corporation)

LiveUpdate

Living 3D Dinosaurs Full Screen Saver

Logitech SetPoint

Macromedia Flash Player 8

Macromedia Shockwave Player

MasterCook 5 : LGLC

Max et Claire - Logique

Microsoft .NET Framework 1.1

Microsoft Office 2000 Professional

Microsoft PowerPoint Viewer 97

Microsoft Speech API 3.0

Microsoft Word Viewer 97

mIRC

Mozilla Firefox (0.8.)

Mozilla Firefox (1.0.4)

Mozilla Firefox (1.5.0.12)

Mozilla Thunderbird (1.5.0.14)

MSXML 4.0 SP2 Parser and SDK

Native Instruments Battery 3

Nero 6 Ultra Edition

NetXfer 2.52.386

NOD32 Antivirus System

NOD32 FiX v2.1

NVIDIA Audio Driver

Office Animation Runtime

OgcDrv

OgcDrv

palmOne

PartitionMagic

Photo et imagerie HP 1.0 - PSC 2000 Series

Photo et imagerie HP 1.0 - PSC 2000 Series

Photo et imagerie HP 1.0 - PSC 2000 Series Pilote

PhotoStitch

Picasa 2

Pilotes NVIDIA nForce pour Windows 2000/XP

PinnacleHollywood FX 5

Post-it® Software Notes Lite

PowerQuest PartitionMagic 8.0

PrintMaster

QuickSFV (Remove only)

QuickTime

QuickTime

Readiris 7.5

RealFlight G2 Simulator

RealPlayer

RemoteCapture 2.7.2

Réseau France Bayo

Réseau France Bayo

Réseau France BdAlti

Réseau France BdAlti

Réseau France BdNyme

Réseau France BdNyme

SafeCast Shared Components

SdLL - Superélèves maternelle GS

SERIE+4000

SightSpeed (remove only)

Solar System 3D Screensaver 1.1

SolidWorks 2004 SP0

Sproink

Spybot - Search & Destroy 1.3

Studio 9

SuperCopier

Switchball

Symantec DelrinaFax PRO 10.0

Symantec Network Driver Update

Tomb Raider: Legend 1.0

Total Commander (Remove or Repair)

Tumble Bugs

Ulead GIF Animator 5 Evaluation

Viewpoint Media Player (Remove Only)

Visualisateur 1.0

WebFldrs XP

WIBU-KEY Setup (WIBU-KEY Remove)

Winamp 5 FR

Windows Live Messenger

Windows Media Format Runtime

Windows Media Format SDK Hotfix - KB891122

WinISO 5.3

XviD MPEG-4 Video Codec

ZoneAlarm

ZoneAlarm Pro

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2899-7B24

 

Répertoire de C:\Program Files

 

16/02/2008 09:58 <REP> .

16/02/2008 09:58 <REP> ..

13/01/2008 18:13 <REP> ACD Systems

14/12/2005 23:07 <REP> Adobe

16/12/2007 15:10 <REP> AGEIA Technologies

29/04/2005 08:39 <REP> Ahead

03/01/2006 22:23 <REP> ArchiCAD 8.1

19/12/2006 14:59 <REP> Atari

03/01/2006 12:18 <REP> Atelier créatif

15/10/2003 14:09 <REP> ATI Technologies

22/06/2004 08:57 <REP> Bayo

05/10/2005 20:53 <REP> Bluebeam Software

25/10/2003 11:20 <REP> Canon

15/10/2003 12:21 <REP> ComPlus Applications

13/01/2008 15:01 <REP> Creative

19/08/2006 19:15 <REP> Disney Interactive

20/10/2007 20:49 <REP> DivX

17/06/2005 13:30 <REP> Documents To Go

18/09/2006 09:00 <REP> ESET

15/07/2005 16:33 <REP> fdjeux

13/08/2007 21:34 <REP> Fichiers communs

03/01/2006 22:31 <REP> GameSpy Arcade

21/11/2005 16:27 <REP> gcompris

28/12/2005 18:01 <REP> generation5

11/12/2007 11:10 <REP> Google

20/09/2006 06:26 <REP> Graphisoft

19/10/2003 17:12 <REP> Hewlett-Packard

31/01/2005 21:12 <REP> Intel

12/04/2006 21:39 <REP> Internet Explorer

12/04/2006 11:48 <REP> iPod

03/03/2004 06:16 <REP> Jasc Software Inc

28/04/2005 14:48 <REP> Java

03/01/2006 12:19 <REP> Lapin Malin Maternelle 1 & Mon 1er Lapin Malin

24/01/2005 22:20 <REP> Lavasoft

25/12/2004 18:11 <REP> Logitech

19/10/2003 14:37 <REP> Messenger

20/10/2003 10:52 <REP> microsoft frontpage

20/10/2003 17:43 <REP> Microsoft Games

20/10/2003 10:52 <REP> Microsoft Office

19/10/2003 14:34 <REP> Movie Maker

05/11/2005 11:13 <REP> Mozilla Firefox

15/10/2003 12:21 <REP> MSN Gaming Zone

14/01/2008 15:44 <REP> MSN Messenger

20/10/2003 17:49 <REP> MSXML 4.0

19/10/2003 14:34 <REP> NetMeeting

08/12/2007 23:31 <REP> NetXfer

19/10/2003 14:34 <REP> Outlook Express

14/03/2004 22:38 <REP> Pinnacle

12/04/2006 11:49 <REP> QuickTime

21/09/2006 21:49 <REP> ReflexiveArcade

21/11/2004 14:37 <REP> savegame

19/10/2003 15:47 <REP> Services en ligne

30/05/2005 15:13 <REP> Sierra On-Line

13/01/2008 14:59 <REP> SightSpeed

30/09/2006 17:47 <REP> SolidWorks (2)

11/12/2005 02:51 2 334 SolidWorks (2)swxJRNL.BAK

05/12/2004 14:33 <REP> Spybot - Search & Destroy

25/08/2004 07:39 <REP> Symantec

27/10/2006 19:50 <REP> THQ

07/11/2004 16:21 <REP> Trend Micro

20/09/2006 06:29 <REP> WIBUKEY

16/09/2005 14:46 <REP> WIBU-SYSTEMS

13/01/2006 19:24 <REP> Windows Media Player

15/10/2003 12:21 <REP> Windows NT

15/10/2003 12:24 <REP> xerox

1 fichier(s) 2 334 octets

64 Rép(s) 10 031 579 136 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2899-7B24

 

Répertoire de C:\Program Files\fichiers communs

 

13/08/2007 21:34 <REP> .

13/08/2007 21:34 <REP> ..

13/01/2008 18:14 <REP> ACD Systems

22/09/2004 10:14 <REP> Adobe

19/02/2005 13:48 <REP> Agnitum Shared

29/04/2005 08:39 <REP> Ahead

03/05/2005 21:05 <REP> Bcgsoft

05/10/2005 20:53 <REP> Bluebeam Software

06/02/2004 10:55 <REP> Copernic

17/06/2005 13:30 <REP> DataViz

05/10/2005 20:55 <REP> Designer

05/09/2004 21:31 <REP> G DATA

19/10/2003 17:14 <REP> Hewlett-Packard

19/12/2003 23:41 <REP> InstallShield

28/04/2005 14:46 <REP> Java

25/12/2004 18:11 <REP> Logitech

07/06/2005 21:08 <REP> Macrovision Shared

14/01/2008 15:44 <REP> Microsoft Shared

15/10/2003 12:22 <REP> MSSoap

13/08/2007 21:34 <REP> Native Instruments

21/09/2005 23:47 <REP> Novell Shared

15/10/2003 13:07 <REP> ODBC

07/01/2007 22:47 <REP> PC Soft

15/05/2005 23:33 <REP> Real

15/10/2003 12:22 <REP> Services

13/10/2005 15:32 <REP> Solidworks Data

05/10/2005 20:55 <REP> SolidWorks Shared

15/10/2003 13:07 <REP> SpeechEngines

03/03/2004 06:10 <REP> SWF Studio

21/09/2005 23:47 <REP> Symantec Shared

19/10/2003 14:34 <REP> System

15/05/2005 23:33 <REP> xing shared

0 fichier(s) 0 octets

32 Rép(s) 10 031 575 040 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2899-7B24

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

20/10/2003 10:54 <REP> .

20/10/2003 10:54 <REP> ..

18/05/2001 16:57 561 209 MSONSEXT.DLL

03/06/1999 13:09 122 937 MSOWS409.DLL

07/03/2001 08:00 127 033 MSOWS40c.DLL

18/03/1999 06:37 593 977 RAGENT.DLL

4 fichier(s) 1 405 156 octets

2 Rép(s) 10 031 575 040 octets libres

 

 

 

 

c:\Documents and Settings\Alain.Z6PO\.housecall6.6\getMac.exe

c:\Documents and Settings\Alain.Z6PO\.housecall6.6\patch.exe

c:\Documents and Settings\Alain.Z6PO\.housecall6.6\TSC.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\ARPPRODUCTICON.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\NewShortcut1_067CE95149174C909CE58D6D8492480F.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\PalmDesktopShortcut.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{067CE951-4917-4C90-9CE5-8D6D8492480F}\palmOneFileTransfer_067CE95149174C909CE58D6D8492480F.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{AEEB3643-71DE-414d-9E3F-1159177FE211}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\ARPPRODUCTICON.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\NewShortcut1.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\NewShortcut1_1.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupB.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupE.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupF.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupG.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupI.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Microsoft\Installer\{DCC6009C-DAAD-4DDA-9DDC-BCA6ED5314A9}\VersaMailSetupS.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\bigjig80.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\INSTALL_MSN_MESSENGER_NT.EXE

c:\Documents and Settings\Alain.Z6PO\Bureau\switchball_demo_jouable_1_anglais_39231.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Xtremsplit.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\ACD2P.b.239\acdseepro-2-0-239-fr.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\ACD2P.b.239\BS-ACP20.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\calendrierMAIF2006.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\install.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\orthophonet.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\pendu-argot.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\Conjugaison\Conjugaison.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\Conjugaison\Frencon.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\hw32v31.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\licence.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\SoftIce401W95.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\cCrackMeCrack\Release\cCrackMeCrack.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\cCrackMeCrack\Release\CrackMe.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\crackMe\CrackMe.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ouvre exe dll\ResHacker.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\wdasm893\W32DSM89 - VB.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\avwinsfx.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\BRLX_DBF.EXE

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\charades.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\eg2v1.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\leta_ins.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\memdoc_install.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\Bureau\a graver\imprégnation syllabique\wd97vwr32.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\logique\setup.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\CutKiller\cutkiller.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\catchme.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\diff.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\dumphive.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\find2.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\Fport.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\grep.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\gzip.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\LFiles.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\md5sums.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\pslist.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\sigcheck.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\streams.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\swreg.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\DiagHelp\DiagHelp\tar.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Guitar.Pro.5.2.forumwz.org\Guitar.Pro.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Guitar.Pro.5.2.forumwz.org\Guitar.Pro.5.2.keygen.ZWT.Forumwz.org\Keygen.exe

c:\Documents and Settings\Alain.Z6PO\Bureau\Native instruments - Battery 2.15\setup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\_uninstop.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\msetup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\rasesnet.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\snapsnet.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\swsetup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\Twaxdist.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\wavvsnet.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\winvsnet.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\WooHook.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\WooHooka.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\DIFxSetup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\rescanDevNode.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\x64\DIFxSetup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\AGEIA\driver\x64\rescanDevNode.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\ImInstaller\IncrediMail\IncrediMailSetup_d_fr.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImApp.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImLc.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImLpp.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImNotfy.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImPackr.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\ImpCnt.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\imsetup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\IncrediMail\IMInstall\binaries\IncMail.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\Nero.50\setup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\WebshotsTemp\wssetup.exe

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\~MDAC270\mdac_typ.exe

c:\Documents and Settings\Alain.Z6PO\Menu Démarrer\Programmes\COKTEL\Désinstalleur Coktel.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\2.5.11_PlayerWanadoo v2.5.11.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\advisor.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\alcohol-120-_alcohol_120_1.9.5_build_3105_francais_11016.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Azureus_2.3.0.4_Win32.setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BlindWrite5_setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BobDown073.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\bsplay86501.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\cdex_fr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Codec_mpc_0.99d_pour_winamp5.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\daemon329.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\db powerAmp MusicConverter-r10.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\dBpowerAMP-codec-musepack.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Deutz_Engine(ecran veille).exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\eMule0.27c-Installer.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Firefox Setup 1.0.4.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Firefox Setup 1.0.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Firefox Setup 1.5.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ftpexpert3.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Installer_Aim.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\jv16power tools_setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Microsoft_power_point_viewer97.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NormanVirusControl57_R2FRA.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\postitnotes31.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\PTC-std-v0.8.2.2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\setup_havast_antivirus_fr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\spybot_search_destroy_spybot_-_search_destroy_1.3_francais_10965.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\SuperCopier_1.35.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\winamp504_full-2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\XviD-1.0.2-29082004.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\ACDSee v5.0 PowerPack.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\gs621w32.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\trad fr acdsee5 powerpack.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\ACDSee_v5.0_PowerPack_Keygen\keygen.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Alcohol_120%_v1.9.5.3105_Multilanguage_Full_Version\patch_3105.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Alcohol_120%_v1.9.5.3105_Multilanguage_Full_Version\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BSplayer.Pro.v1.36.825\BSPlayer_Pro_1.36_Build_825.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\BSplayer.Pro.v1.36.825\CR-BS136.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Cdrwin5\cdr50-f.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Cdrwin5\CDRWIN_v5.0.5.1_(french).exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DelrinaFax PRO pour Win9x NT2k 10.0 fr\_ISDel.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DelrinaFax PRO pour Win9x NT2k 10.0 fr\Setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DelrinaFax PRO pour Win9x NT2k 10.0 fr\Crack DelrinaFax\Crack.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX6.2.5\keygen.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX6.2.5\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX_Create_Bundle_6.03\DivXCreate.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX_Create_Bundle_6.03\keygen.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\FlashFXP.v3.3.4.1108.Beta.Cracked.rar\flashfxp.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Incredimail\IncrediMail Patch 1.34.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Incredimail\IncrediMailSetup_fr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Kaspersky_Anti_Virus_Personnel\kav5.0.388_personalfr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Living_3D_Dinosaurs\Living 3D Dinosaurs.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Natve Instruments - Battery 3.02\Setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Natve Instruments - Battery 3.02\Instruments.Battery.3.Artist.Kits\Battery 3 Artist Kits Setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NT_v2.52.0.386_Final_32\NXSetup_multi.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NT_v2.52.0.386_Final_32\Cerise\FTPTransport.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\NT_v2.52.0.386_Final_32\Cerise\NetTransport.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\Setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\CHKDSK.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\EMM386.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\FLOPPY9x.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\FLOPPYME.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\NWCDEX.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\PQBOOT.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\restrmbr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\DOSYSTEM\WRPROG.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Setup\instmsia.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Setup\instmsiw.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Setup\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\DKeeper\instmsia.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\DKeeper\instmsiw.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\DKeeper\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\Setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\CHKDSK.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\EMM386.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\FLOPPY.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\FLOPPY9x.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\FLOPPYME.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\NWCDEX.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\DOSYSTEM\PTEDIT32.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Setup\instmsia.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Setup\instmsiw.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Setup\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\QuickTime.PRO.v7.0.3.25.incl.iTunes.Multilanguage-DOOM\iTunesSetup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\architecture_bonus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\film_and_stage_bonus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\interior_design_bonus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\landscape_architecture_bonus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\Bibliothèques\mechanical_design_bonus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\SketchUp_4_0_170\install\InstallSketchUp.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\SketchUp_4_0_170\install\InstallSketchUp-4.0.170.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\SketchUp_4_0_170\install\sketch_keygen.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Solar System 3D Screensaver v1.1 kg\solarsystem3d.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Solar System 3D Screensaver v1.1 kg\Solar System 3D Screensaver v1.1 kg\Solar_System_3D_key\Keygen\Solar System 3D Keygen.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Total.Commander.v6.50\Total.Commander.v6.50.FINAL.WinALL.MultiLanguage.Regged\tcmdr650.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\TumbleBugs_setup\eclsnm10.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\TumbleBugs_setup\TumbleBugs.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Ulead_GIF_Animator_5.0\UGA50t_F.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Ulead_GIF_Animator_5.0\Ulead GIF Animator 5.0 patch Fr\Ulead GIF Animator 5.0 Trial French - Bidjan.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Utils DVD\dvdshrink317setup_fr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Winamp\Winamp_5_FR.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Winamp\WPro\Winamp.Pro.v5.09-DVT\winamp509_pro.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Winrar3.11\wrar311fr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Graphisoft.ArchiCAD.v11.RETAiL.FRENCH.iSO-ENGiNE\addarcad\Objective.v2.02.For.ArchiCAD.v11-ENGiNE\Crack\Objective.2.02_Crk.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\Bilan thermique\DENIBE\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Bitzer_select_softsetupe.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Convertisseur Unités.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Copeland_select_software_4_2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Copeland_selection_soft-database-select_db_2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Copeland_selection_soft-programme v5.00-select_core_2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\depannagev4.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Installer_logiciel_FORANE.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\module7.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\regletteconversion pression-temp.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\rosee_calc.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\SimComp.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\solkane.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Test du frigoriste v5 install.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Convert\calculette.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\fluide\Fluide.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\P-A-C et Thermodynamique\Logiciel Thermoptim\ThDeFr14.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\Plancher chauffant\emidal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\Puit Canadien\GAEA_Setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Modem us robotics\ControlCenterFra.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Petits log cathy pour pas gêner alain\Audiotest.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Petits log cathy pour pas gêner alain\egs.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\firmwareflash_v307.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\funprom249_11.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\Firmware_Flash_3.08\Firmware_Flash308+.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\Firm_flash_307\Firmware_Flash.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\FunProm.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\unins000.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\IcProg\icprog.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\kxsat25\KxSat25.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Fichiers\Firmwares\VM Toto XSAT 310 4_6_38 TPSCrypt1n2c v5.0\Firmware_Flash210.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Fichiers\Firmwares\VM Toto XSAT 310 4_6_38 TPSCrypt1n2d v6-1.0RC\Firmware_Flash308+.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Documents papier\Dossier technique\Assem Train éclaté.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Présentation HTML\Theme\Representations\Demi Train avant\Assem Train éclaté.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Flash Player 6.0\Install Flash Player 6 AX.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Flash Player 6.0\Install Flash Player 6.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Flash Player 6.0\SAFlashPlayer.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Machine virtuelle Java\msjavwu_.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Machine virtuelle Java\msjavwu_correctif.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Solidworks\Voiture_radiocommandee_p_HTM\Voiture_radiocommandee_p_HTM\Utilitaires\Wiewletbuilder2 (Leelou)\viewletbuilder2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\AutoPlay.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Adobe Reader 6.0\AdbeRdr60_fra_full.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\DirectX9\dxsetup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\WMF\wmfdist.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Produits tiers\2d3 SteadyMove\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\CloneCD 5.0.2.2__Caa-D_\SetupCloneCD5022.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Emidal\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\BayoZie 3.00 pour winXP--- LE FREEWARE ULTIME--- Pour PATCHER CONVERTIR ORGANISER VOIR vos cartes ign bayo cartoexploreur.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Install.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Maj_Exp_200.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Code Postal\CodePostal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Cracks\Crack CartoNav-CartoNavPlus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Cracks\GeoTools.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\GeoTools - Securom original\GeoTools.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires byo vers bmp - merci à Eric S\Calibrage - traduit les fichiers de calibrage pbyo et visualisat\perl.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires byo vers bmp - merci à Eric S\pBYOsetup - Transforme les fichiers BYO en BMP\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires byo vers bmp - merci à Eric S\Visualisateur - Visualisation des fichiers BYO\Visualisateur_setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires pour (dés)activer les fichiers Byo\Active\active.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires pour (dés)activer les fichiers Byo\Bi_Patch_byo\Bi_Patch_byo.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\lct32bfr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\lct32boc.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\IPSEN\TBKNET.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\IPSEN\TBOOK.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\livre\livre.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\livre\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu2\pendu2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu2\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu3\pendu3.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\pendu3\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\penduI\pendu.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\penduI\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\tangram2\tangram2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\tangram2\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\texte\texte.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\jeux ortho\texte\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Lectra 32 fr\Lectra32.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Lectra 32 fr\unins000.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Lectra 32 fr\Utilect.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\corpus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\dico.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\listes.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\minilec.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\miniscr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\LECTRAMINI\unins000.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\livre\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\memofacile2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\memory.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\memoryplusdur.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\SETUP.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\TB40NET.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\TB40RUN.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\TBLOAD.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\story203\INSTALL.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\story203\storyw.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\tamgram\tangram2\setup.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\APP.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\ASS.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\DES.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\M_SCRIPT.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\MAJ_WEXR.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\QCM.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\REC.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\REL.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\SETUP.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\TRO.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\charades\Charade.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\charades\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\EDUC\EDUC.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\embarquement immédiat\avion.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\embarquement immédiat\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\encyclop etourdis(livre)\livre.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\encyclop etourdis(livre)\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\astromaths\ASTROSW.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\astromaths\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\bonne phrase\lbprz1s.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\bonne phrase\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\confusion pt\confupts.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\confusion pt\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\crache mots\city2sw.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\crache mots\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\logolo\logolosh.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\evalu\logolo\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\Lectra 32 fr\Lectra32.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\Lectra 32 fr\unins000.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\Lectra 32 fr\Utilect.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\corpus.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\dico.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\listes.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\minilec.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\miniscr.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\LECTRAMINI\unins000.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\memopong\memopon.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\memopong\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\MEMORY\TB40NET.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\MEMORY\TB40RUN.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\MEMORY\TBLOAD.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\STORY203\STORYW.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\tangram2\tangram2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\tangram2\uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\APP.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\ASS.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\DES.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\M_SCRIPT.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\MAJ_WEXR.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\QCM.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\REC.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\REL.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\SETUP.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\PKBACK# 001 (F)\WEXR\TRO.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\bonnephrase.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\charades.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\iastrom.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\iconfutp.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\icrach2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\iembark.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ihomoph1.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ilbphrz2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ilettrop.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insalice.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insanag.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insepar.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insfs1.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\inskg.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\inslogol.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insouon.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\instmp.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\irebo.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ivadmot1.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\laby.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\lexipronom.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\motjuste.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\motjuste2.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\mottrop.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\ornicar.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\educ\SETUP.EXE

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insstroop\stroops.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\Téléchargés\telecarg cat\insstroop\Uninstal.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\Rar.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\Uninstall.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\UnRAR.exe

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\WinRAR\WinRAR.exe

c:\Documents and Settings\ALAIN~1~Z6P\LOCALS~1\Temp\pft5~tmp\_ISDel.exe

c:\Documents and Settings\ALAIN~1~Z6P\LOCALS~1\Temp\pft5~tmp\Setup.exe

c:\Documents and Settings\ALAIN~1~Z6P\LOCALS~1\Temp\pft5~tmp\Reader\AcroRd32.exe

c:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\Patches\patch_pers_5.0.388_390_to_5.0.391.exe

c:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\Patches\patch_pers_5.0.388_to_5.0.390.exe

c:\Program Files\Documents To Go\DocsToGo.exe

c:\Program Files\Documents To Go\HandheldInstall.exe

c:\Program Files\Documents To Go\OfficeAddinInstaller.exe

c:\Program Files\Documents To Go\OfficeAddinUninstaller.exe

c:\Program Files\Documents To Go\ptgxlat.exe

c:\Program Files\Documents To Go\ZipUtil.exe

c:\WINDOWS\Installer\{D6FFC3B5-0CE1-4566-801D-3F9D8F000652}\DocumentsToGo.exe

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll

c:\Documents and Settings\Alain.Z6PO\Application Data\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\DLPORTIO.dll

c:\Documents and Settings\Alain.Z6PO\Mes documents\SAT\Applications\FunProm\FunImp1.dll

c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

c:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_Z6PO.tar.gz a l'adresse http://upload.malekal.com

[pear]

Bonjour,

 

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\cCrackMeCrack\Release\cCrackMeCrack.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\cCrackMeCrack\Release\CrackMe.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\désassemblage\ArtOfCracking\crackMe\CrackMe.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Bureau\Bureau_Cat\telechargement Cathy, na!\logique\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Bureau\Guitar.Pro.5.2.forumwz.org\Guitar.Pro.5.2.keygen.ZWT.Forumwz.org\Keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Bureau\Native instruments - Battery 2.15\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Local Settings\Temp\Nero.50\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\ACDSee v5.0 PowerPack.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\gs621w32.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\trad fr acdsee5 powerpack.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\ACDSee v5.0 PowerPack fr + Serial & Keygen\ACDSee_v5.0_PowerPack_Keygen\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Alcohol_120%_v1.9.5.3105_Multilanguage_Full_Version\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DelrinaFax PRO pour Win9x NT2k 10.0 fr\Setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX6.2.5\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX6.2.5\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\DivX_Create_Bundle_6.03\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\FlashFXP.v3.3.4.1108.Beta.Cracked.rar\flashfxp.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Natve Instruments - Battery 3.02\Setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Rescueme\Setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\BTMagic\Setup\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\DKeeper\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Rescueme\Setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Partition Magic 8.0 Retail Fr\Setup\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Sketchup\SketchUp_4_0_170\install\sketch_keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Downloads\Solar System 3D Screensaver v1.1 kg\Solar System 3D Screensaver v1.1 kg\Solar_System_3D_key\Keygen\Solar System 3D Keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Graphisoft.ArchiCAD.v11.RETAiL.FRENCH.iSO-ENGiNE\addarcad\Objective.v2.02.For.ArchiCAD.v11-ENGiNE\Crack\Objective.2.02_Crk.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Maison\Bilan thermique\DENIBE\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Premiere Pro\DirectX9\dxsetup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Adobe Premiere Pro v7.0\Produits tiers\2d3 SteadyMove\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Emidal\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Cracks\Crack CartoNav-CartoNavPlus.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Cracks\GeoTools.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\GeoTools - Securom original\GeoTools.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\Temp\Pack d'utilitaires pour CD Carto Exploreur par GusD\Utilitaires byo vers bmp - merci à Eric S\pBYOsetup - Transforme les fichiers BYO en BMP\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\livre\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\MEMORY\SETUP.EXE => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\tamgram\tangram2\setup.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Alain.Z6PO\Mes documents\transfert ordi cathy\sauvegarde anciezn ordi\jEUX\Wexr\WEXR\SETUP.EXE => Crack, KeyGen, Keymaker - Possible Malware

 

Beaucoup de cracks , keygens etc...

Tant que vous avez cela, on ne peut pas faire grand chose.

C'est vider l'océan à la petite cuiller!

 

Dans l'immédiat:

 

* Télécharger OTMoveIt (de Old_Timer) sur leBureau.

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

* Double-cliquer sur OTMoveIt.exe pour le lancer.

*Vérifier que Unregister Dll's and Ocx's soit coché.

* Copier-coller dans le cadre de gauche de OTMoveIt :

Paste List of Files/Folders to be moved

 

C:\WINDOWS\system32\coinstm.dll

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2FA9B8C-068A-4948-ADE2-D191BF273B2F}]

[HKEY_CuRRENT_USER\Software\Classes\CLSID\{C2FA9B8C-068A-4948-ADE2-D191BF273B2F}]

 

 

* Cliquer sur MoveIt! pour lancer la suppression.

* Le résultat apparaitra dans le cadre Results. Copier le résultat.

* Cliquer sur Exit pour fermer.

* Coller le résultat dans la prochain réponse.

[AR1971]

voici le resultat de otmove mais au premier coup il s'est figé donc je n'ai pas sauvegardé le résultat; à la deuxieme tentative ça donne ça:

 

C:\WINDOWS\system32\coinstm.dll unregistered successfully.

File move failed. C:\WINDOWS\system32\coinstm.dll scheduled to be moved on reboot.

File/Folder not found.

File/Folder [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2FA9B8C-068A-4948-ADE2-D191BF273B2F}] not found.

File/Folder [HKEY_CuRRENT_USER\Software\Classes\CLSID\{C2FA9B8C-068A-4948-ADE2-D191BF273B2F}] not found.

 

OTMoveIt2 v1.0.20 log created on 02162008_201931

[pear]

Bonjour,

 

Cela demande Vérifications:

 

Télécharger Antivir ( http://www.free-av.com ).

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

--- Ce tutorial permet de le paramétrer aisément

 

Désactivez votre antivirus actuel

 

Redémarrez en mode sans échec.

 

Lancez le scan

 

Postez le rapport

 

* Téléchargez Hijackthis de TrendMicro.

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

* Décompressez le dans un dossier à la racine du disque dur

renommer ce dossier par exemple gihjhip

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Copier-coller le rapport dans un nouveau message ici

[AR1971]

Bonsoir,

 

Voici le log antivir:

 

AntiVir PersonalEdition Classic

Report file date: dimanche 17 février 2008 20:21

 

Scanning for 1036370 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 1) [5.1.2600]

Username: Alain

Computer name: Z6PO

 

Version information:

BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46

ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02

ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36

AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Manual Selection

Configuration file...............: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Logging..........................: low

Primary action...................: quarantine

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: dimanche 17 février 2008 20:21

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

10 processes with 10 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '49' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Alain.Z6PO\Application Data\Thunderbird\Profiles\v478hxlo.default\Mail\Local Folders\Inbox

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: "Citibank" <accsupport_35134ib@citi.com>][subject: Citibank - confirm your online account access! ][Message-ID: <20070111195031.95B3F2C00084@mwinf2301.orange.f]2260.mim

[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/CitiBkfraud.2

--> Mailbox_[Message-ID: <45B5B6C0.2020704@dlife.com>][From: Reginald Koch <vjutz@dlife.com>][subject: True Love]2834.mim

[1] Archive type: MIME

--> flashpostcard.zl9

[DETECTION] Is the Trojan horse TR/Small.DBY.K

[WARNING] The file was ignored!

C:\Documents and Settings\Alain.Z6PO\Application Data\Thunderbird\Profiles\v478hxlo.default\Mail\Local Folders\Junk

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: "Citibank" <accsupport_35134ib@citi.com>][subject: Citibank - confirm your online account access! ][Message-ID: <20070111195031.95B3F2C00084@mwinf2301.orange.f]1558.mim

[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/CitiBkfraud.2

[WARNING] The file was ignored!

 

 

End of the scan: dimanche 17 février 2008 22:12

Used time: 1:51:06 min

 

The scan has been done completely.

 

8035 Scanning directories

326202 Files were scanned

3 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

326199 Files not concerned

8471 Archives were scanned

3 Warnings

338 Notes

 

 

 

 

et le hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:51:22, on 18/02/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\UTILIT~1\ZONEAL~1\zlclient.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Utilitaires\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Utilitaires\NOD32\nod32\nod32kui.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Utilitaires\creative nano\media source\Detector\CTDetect.exe

C:\Utilitaires\SuperCopier\SuperCopier.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Utilitaires\NOD32\nod32\nod32krn.exe

C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Utilitaires\palmone\Hotsync.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\WINDOWS\System32\WFXSVC.EXE

C:\Utilitaires\Symantec\DelFax\WFXMOD32.EXE

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Utilitaires\firefox105\firefox.exe

C:\Utilitaires\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Utilitaires\Xi\NetXfer\NXIEHelper.dll

O2 - BHO: (no name) - {C2FA9B8C-068A-4948-ADE2-D191BF273B2F} - C:\WINDOWS\System32\coinstm.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\UTILIT~1\COPERN~1\COPERN~1.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Utilitaires\Xi\NetXfer\NXToolBar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Zone Labs Client] C:\UTILIT~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Utilitaires\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nod32kui] "C:\Utilitaires\NOD32\nod32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"

O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513

O4 - HKCU\..\Run: [Creative Detector] "C:\Utilitaires\creative nano\media source\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [superCopier.exe] C:\Utilitaires\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HotSync Manager.lnk = C:\Utilitaires\palmone\Hotsync.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Utilitaires\PSNLite\PsnLite.exe

O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Utilitaires\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Utilitaires\Xi\NetXfer\NXAddList.html

O8 - Extra context menu item: Télécharger avec NetXfer - C:\Utilitaires\Xi\NetXfer\NXAddLink.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\UTILIT~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.9online.fr

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB18902-A3AB-4898-B2D8-5B69D5E085C1}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Utilitaires\NOD32\nod32\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Utilitaires\Alcohol\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

[pear]

Bonsoir,

 

télécharger la Pocket KillBox pour supprimer la dll récalcitrante

KillBox

http://www.bleepingcomputer.com/files/killbox.php

 

 

démarrer en mode sans échec

- Ouvir la KillBox

- cocher "delete on reboot"

- rechercher ou copier/coller le chemin de la dll à supprimer :

C:\WINDOWS\SYSTEM32\coinstm.dll

- cliquer sur la croix rouge

- répondre 2 fois yes (pour le delete et le reboot)

- Fermer la Killbox

- redémarrer en mode normal

 

Re Hijackthis.

[AR1971]

Bonjour,

 

La killbox ne fonctionne pas comme vous l'indiquez: je répond oui au delete on reboot mais après j'ai un message "verifying registry entries" puis boite de dialogue alerte "Pending filenameoperatios registry data has been removed by external process!"

 

Je met ok, je ferme et je redémarre la dll est tjs là.

 

Merci pour votre aide

[pear]

Bonjour,

 

C'est curieux que Killbox échoue.

 

On essaye autrement:

 

Télécharger The Avenger par Swandog46 sur le Bureau.

 

http://swandog46.geekstogo.com/avenger.zip

 

l'extraire sur le bureau

 

 

***Copier tout le texte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

 

 

Files to Delete:

 

C:\WINDOWS\SYSTEM32\DRIVERS\coinstm.dll

 

***Maintenant, lancer The Avenger en cliquant sur son icône du bureau.

 

* Sous "Script file to execute" choisir "Input Script Manually".

* Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"

* Dans cette fenêtre, coller le texte précédemment copié sur le bureau par les touches (Ctrl+V).

* Cliquer Done

* ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script

* Répondre "Yes" deux fois quand demandé.

 

 

***The Avenger va automatiquement faire ce qui suit:

 

* Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)

* Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.

* Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

* The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

 

 

 

postez un nouveau rapport HJT