Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

rapport hijack

hajiwari
 Partager

Messages recommandés

hajiwari Power Member

hajiwari

Posté(e)
Posté(e)

Pouvez vous m'analyser ce rapport svp.

J'ai un PC portable HP qui a 2 ans et photoshop 7 ne tourne pas dessus et il a des problèmes de mémoire vive.

 

merci

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:01:18, on 17/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 11304 bytes

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Ce n'est pas un problème d'infection(le rapport est propre) mais de configuration.

Combien avez vous de mémoire Physique, virtuelle et quelle proportion en attribuez vous à photoshop ?

Personnellement , c'est 100% lorsque je l'utilise.

hajiwari Power Member

hajiwari

Posté(e)
  • Auteur
Posté(e)

j'ais 2Giga de DDR2 et sans lancer photoshop, 1/3 de la mémoire est occupé environ puis photoshop me prend le reste (occupe au moins la moitié)

il n'avance pas.

Le souci c'est que sur un autre portable plus ancien, photoshop7 marche sans probléme...

Donc je me dis que cela viens de mon PC...

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Si vous le souhaitez on peut approfondir la recherche.

 

Désactivez les protections.

Télécharger DiagHelp.zip de Malekal_morte sur le bureau

 

* Décompressez le, sur le bureau par exemple.

* Un nouveau dossier chercher va être créé DiagHelp.

* Ouvrez le et double-cliquez sur go.cmd (le .cmd peut ne pas apparaître)

* Une fenêtre va s'ouvrir, choisir l'option 1

* L'analyse va commencer, ceci peut durer quelques minutes,

appuyez sur une touche quand on le demande

* Copier/coller le contenu entier du bloc-note qui s'ouvre et le joindre à la prochaine réponse.

Sinon, il est là:C:\resultats.tx

 

[La détection par Antivir de "TR/inject.MF"

est en fait catchme ,un composant de diaghelp :c'est donc un faux positif./color]

hajiwari Power Member

hajiwari

Posté(e)
  • Auteur
Posté(e)

Voila le rapport de DiagHelp

 

merci d'avance pour son analyse

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 18/05/2008 à 12:15:18,81

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->18/05/2008 12:13:40

C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->18/05/2008 12:13:21

C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->18/05/2008 12:12:32

C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf -->18/05/2008 12:12:19

C:\WINDOWS\prefetch\FLASHGOT.EXE-31A659E4.pf -->18/05/2008 12:10:44

C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->18/05/2008 12:10:43

C:\WINDOWS\prefetch\Layout.ini -->18/05/2008 11:48:10

C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->18/05/2008 11:44:48

C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf -->18/05/2008 11:42:34

C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf -->18/05/2008 11:31:06

 

C:\WINDOWS\System32\drivers\fidbox.dat -->18/05/2008 12:13:53

C:\WINDOWS\System32\drivers\fidbox.idx -->17/05/2008 17:23:36

C:\WINDOWS\System32\drivers\avipbb.sys -->04/03/2008 13:28:53

C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -->29/01/2008 12:01:28

C:\WINDOWS\System32\drivers\avgntdd.sys -->21/01/2008 18:12:56

C:\WINDOWS\System32\drivers\avgntmgr.sys -->21/01/2008 18:11:28

C:\WINDOWS\System32\drivers\mrxdav.sys -->18/12/2007 11:51:35

 

C:\WINDOWS\System32\vsconfig.xml -->17/05/2008 17:24:58

C:\WINDOWS\System32\TUKernel.exe -->17/05/2008 15:51:20

C:\WINDOWS\System32\wpa.dbl -->16/05/2008 20:15:51

C:\WINDOWS\System32\tempimg.tmp -->16/05/2008 19:33:29

C:\WINDOWS\System32\access.ctl -->16/05/2008 19:31:08

C:\WINDOWS\System32\PerfStringBackup.INI -->16/05/2008 17:50:38

C:\WINDOWS\System32\TuneUpDefragService.exe -->15/05/2008 12:03:43

C:\WINDOWS\System32\FNTCACHE.DAT -->14/05/2008 22:33:16

C:\WINDOWS\System32\TZLog.log -->14/05/2008 21:47:28

C:\WINDOWS\System32\CONFIG.NT -->14/05/2008 18:24:01

C:\WINDOWS\System32\zllictbl.dat -->14/05/2008 18:13:15

C:\WINDOWS\System32\MRT.exe -->09/05/2008 14:35:06

C:\WINDOWS\System32\uxtuneup.dll -->04/04/2008 14:51:32

C:\WINDOWS\System32\vsutil_loc040c.dll -->02/04/2008 21:08:26

C:\WINDOWS\System32\imslsp_install_loc040c.dll -->02/04/2008 21:08:22

C:\WINDOWS\System32\imsinstall_loc040c.dll -->02/04/2008 21:08:22

C:\WINDOWS\System32\vsdatant.sys -->02/04/2008 21:08:00

C:\WINDOWS\System32\zpeng24.dll -->02/04/2008 21:07:50

C:\WINDOWS\System32\zlcommdb.dll -->02/04/2008 21:07:44

C:\WINDOWS\System32\zlcomm.dll -->02/04/2008 21:07:44

C:\WINDOWS\System32\vsxml.dll -->02/04/2008 21:07:42

C:\WINDOWS\System32\vswmi.dll -->02/04/2008 21:07:42

C:\WINDOWS\System32\vsutil.dll -->02/04/2008 21:07:42

C:\WINDOWS\System32\vsregexp.dll -->02/04/2008 21:07:42

C:\WINDOWS\System32\vspubapi.dll -->02/04/2008 21:07:40

 

C:\WINDOWS\WindowsUpdate.log -->18/05/2008 11:38:11

C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt -->18/05/2008 11:28:53

C:\WINDOWS\wiadebug.log -->17/05/2008 17:41:32

C:\WINDOWS\setupapi.log -->17/05/2008 17:26:35

C:\WINDOWS\0.log -->17/05/2008 17:25:15

C:\WINDOWS\wiaservc.log -->17/05/2008 17:24:48

C:\WINDOWS\bootstat.dat -->17/05/2008 17:24:28

C:\WINDOWS\SchedLgU.Txt -->17/05/2008 17:23:31

C:\WINDOWS\tsoc.log -->17/05/2008 16:05:10

C:\WINDOWS\tabletoc.log -->17/05/2008 16:05:10

C:\WINDOWS\ocmsn.log -->17/05/2008 16:05:10

C:\WINDOWS\ntdtcsetup.log -->17/05/2008 16:05:10

C:\WINDOWS\MedCtrOC.log -->17/05/2008 16:05:10

C:\WINDOWS\KB939683.log -->17/05/2008 16:05:10

C:\WINDOWS\imsins.log -->17/05/2008 16:05:10

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 3084

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x44080000 0x13a000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x01350000 0x12c000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll

0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x023d0000 0x150000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll

0x02670000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll

0x10000000 0xb000 7.00.0473.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

0x01ea0000 0x4000 5.03.0017.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll

0x02d90000 0x2c000 C:\Program Files\WinRAR\rarext.dll

0x01eb0000 0x9000 2.00.0000.0004 C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll

0x02dc0000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll

0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL

0x03270000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll

0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll

0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL

0x033f0000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL

0x01bb0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

0x03b50000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll

0x43ff0000 0xa000 7.00.6000.16640 C:\WINDOWS\system32\jsproxy.dll

0x043b0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

0x042e0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x045b0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x05490000 0x26000 3.00.0000.4543 C:\WINDOWS\system32\igfxpph.dll

0x04570000 0x13000 3.00.0000.4543 C:\WINDOWS\system32\hccutils.DLL

0x057e0000 0x24000 6.06.0064.0053 C:\Program Files\Fichiers communs\Adobe\Shell\PSICON.DLL

0x051d0000 0x25000 3.00.0000.4543 C:\WINDOWS\system32\igfxres.dll

0x05a40000 0x16f000 3.00.0000.4543 C:\WINDOWS\system32\igfxress.dll

0x05200000 0xf000 3.00.0000.4543 C:\WINDOWS\system32\igfxsrvc.dll

0x061b0000 0x21000 1.02.0001.0002 C:\WINDOWS\BricoPacks\Crystal Clear\iColorFolder\CMExt.dll

0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 1044

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x10000000 0x24000 3.00.0000.4543 C:\WINDOWS\system32\igfxdev.dll

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2D98-D6F8

 

Répertoire de C:\WINDOWS\system32

 

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2D98-D6F8

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

20/09/2007 14:49 <REP> .

20/09/2007 14:49 <REP> ..

29/06/2006 11:09 65 desktop.ini

16/05/2007 08:22 399 gp.inf

09/11/2006 15:36 5 019 swflash.inf

3 fichier(s) 5 483 octets

 

Total des fichiers listés :

3 fichier(s) 5 483 octets

2 Rép(s) 20 044 005 376 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

REGEDIT4

 

[taskmgr.exe]

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\

63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\

6d,73,73,74,79,6c,65,73,00

"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\

73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 www.activexupdate.com

127.0.0.1 activexupdate.com

127.0.0.1 www.antispywareupdates.net

127.0.0.1 antispywareupdates.net

127.0.0.1 www.avpcheckupdate.com

127.0.0.1 avpcheckupdate.com

127.0.0.1 client.exeupdate.com

127.0.0.1 www.eupdatepage.com

127.0.0.1 eupdatepage.com

127.0.0.1 www.exeupdate.com

127.0.0.1 exeupdate.com

127.0.0.1 www.hotwinupdates.com

127.0.0.1 hotwinupdates.com

127.0.0.1 www.lavasoftupdate.com

127.0.0.1 lavasoftupdate.com

127.0.0.1 www.malwarewipeupdate.com

127.0.0.1 malwarewipeupdate.com

127.0.0.1 www.msupdate.net

127.0.0.1 msupdate.net

127.0.0.1 www.msupdater.net

127.0.0.1 msupdater.net

127.0.0.1 www.necessaryupdates.com

127.0.0.1 necessaryupdates.com

127.0.0.1 newupdates.lzio.com

127.0.0.1 redirect.msupdate.net

127.0.0.1 search.keyword.exeupdate.com

127.0.0.1 www.securityupdatesite.com

127.0.0.1 securityupdatesite.com

127.0.0.1 settings.updatemysettings.com

127.0.0.1 www.spyaxeupdate.com

127.0.0.1 spyaxeupdate.com

127.0.0.1 www.spyfalconupdate.com

127.0.0.1 spyfalconupdate.com

127.0.0.1 www.systemupdates.net

127.0.0.1 systemupdates.net

127.0.0.1 update.680180.net

127.0.0.1 update.shareaza.com

127.0.0.1 www.updatemysettings.com

127.0.0.1 updatemysettings.com

127.0.0.1 updates.spywarequake.com

127.0.0.1 www.urgentsystemupdate.biz

127.0.0.1 urgentsystemupdate.biz

127.0.0.1 www.urgentsystemupdate.com

127.0.0.1 urgentsystemupdate.com

127.0.0.1 windupdates.com

127.0.0.1 www.pandaantivirus-2007.com

127.0.0.1 pandaantivirus-2007.com

127.0.0.1 www.pandadownload-now.com

127.0.0.1 pandadownload-now.com

127.0.0.1 www.panda-hq.com

127.0.0.1 panda-hq.com

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 12:15:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:9bfedfe8

"s2"=dword:20f0ba83

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:d3,45,25,52,8e,f1,ff,a6,f9,8f,a2,b9,cd,67,64,66,f5,30,86,6a,0a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,f5,e4,75,3e,82,34,f1,b0,bd,15,b2,2c,d3,58,ae,f4,8b,..

"khjeh"=hex:4f,2f,9d,c0,4e,6a,8c,c6,e3,90,a5,e2,ac,67,40,bc,c1,de,4c,d3,20,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:f7,4a,25,7e,8e,db,1e,9b,c7,e1,7e,38,94,95,5c,52,bf,36,d5,39,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:d3,45,25,52,8e,f1,ff,a6,f9,8f,a2,b9,cd,67,64,66,f5,30,86,6a,0a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,f5,e4,75,3e,82,34,f1,b0,bd,15,b2,2c,d3,58,ae,f4,8b,..

"khjeh"=hex:4f,2f,9d,c0,4e,6a,8c,c6,e3,90,a5,e2,ac,67,40,bc,c1,de,4c,d3,20,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:f7,4a,25,7e,8e,db,1e,9b,c7,e1,7e,38,94,95,5c,52,bf,36,d5,39,82,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:000001ab

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

568 - TeaTimer.exe

1020 - csrss.exe

1044 - winlogon.exe

1092 - services.exe

1104 - lsass.exe

1264 - svchost.exe

1344 - svchost.exe

1404 - msdtc.exe

1468 - avguard.exe

1480 - AppleMobileDevi

1488 - svchost.exe

1616 - svchost.exe

1732 - vsmon.exe

1768 - mqsvc.exe

1804 - svchost.exe

2164 - mqtgsvc.exe

2236 - dllhost.exe

2480 - MemOptimizer.ex

2672 - hpqtra08.exe

2708 - HPWebcam.exe

2796 - cmd.exe

3084 - explorer.exe

3100 - ctfmon.exe

3768 - SynTPEnh.exe

3848 - QLBCTRL.exe

3900 - avgnt.exe

3980 - zlclient.exe

 

Total number of processes = 27

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\TUKERNEL.EXE

80720000 - \WINDOWS\system32\hal.dll

F7A7F000 - \WINDOWS\system32\KDCOM.DLL

F798F000 - \WINDOWS\system32\BOOTVID.dll

F7484000 - sptd.sys

F7A81000 - \WINDOWS\System32\Drivers\WMILIB.SYS

F746C000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

F743D000 - ACPI.sys

F742C000 - pci.sys

F757F000 - ohci1394.sys

F758F000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS

F759F000 - isapnp.sys

F7993000 - compbatt.sys

F7997000 - \WINDOWS\system32\DRIVERS\BATTC.SYS

F7B47000 - pciide.sys

F77FF000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F7A83000 - intelide.sys

F7A85000 - viaide.sys

F7A87000 - aliide.sys

F740E000 - pcmcia.sys

F75AF000 - MountMgr.sys

F73EF000 - ftdisk.sys

F7A89000 - dmload.sys

F73C9000 - dmio.sys

F799B000 - ACPIEC.sys

F7B48000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

F7807000 - PartMgr.sys

F75BF000 - VolSnap.sys

F73B1000 - atapi.sys

F72DB000 - iaStor.sys

F75CF000 - disk.sys

F75DF000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F72BB000 - fltMgr.sys

F72A9000 - sr.sys

F75EF000 - PxHelp20.sys

F7292000 - KSecDD.sys

F7205000 - Ntfs.sys

F71D8000 - NDIS.sys

F71C7000 - Serial.sys

F71B3000 - srescan.sys

F7198000 - Mup.sys

F760F000 - \SystemRoot\system32\DRIVERS\nic1394.sys

F761F000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F7103000 - \SystemRoot\system32\DRIVERS\cpqbttn.sys

F762F000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

F785F000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F70FF000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys

F65A9000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys

F6595000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F6570000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

F6413000 - \SystemRoot\system32\DRIVERS\w39n51.sys

F7867000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F63F0000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F786F000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F63C9000 - \SystemRoot\system32\DRIVERS\e100b325.sys

F63B8000 - \SystemRoot\system32\DRIVERS\sdbus.sys

F7877000 - \SystemRoot\system32\DRIVERS\rimmptsk.sys

F763F000 - \SystemRoot\system32\DRIVERS\rimsptsk.sys

F636C000 - \SystemRoot\system32\DRIVERS\rixdptsk.sys

F70EF000 - \SystemRoot\system32\DRIVERS\CmBatt.sys

F764F000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F787F000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F633C000 - \SystemRoot\system32\DRIVERS\SynTP.sys

F7AC5000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F7887000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F765F000 - \SystemRoot\system32\DRIVERS\imapi.sys

F766F000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F767F000 - \SystemRoot\system32\DRIVERS\redbook.sys

F6319000 - \SystemRoot\system32\DRIVERS\ks.sys

F7A63000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys

F7BAF000 - \SystemRoot\system32\DRIVERS\audstub.sys

F768F000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F7A6F000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F6302000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F769F000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F6CDD000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F788F000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F62F1000 - \SystemRoot\system32\DRIVERS\psched.sys

F6CCD000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F7897000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F789F000 - \SystemRoot\system32\DRIVERS\raspti.sys

F62C0000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

F6CBD000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7AC7000 - \SystemRoot\system32\DRIVERS\swenum.sys

F6267000 - \SystemRoot\system32\DRIVERS\update.sys

F7168000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F7164000 - \SystemRoot\system32\DRIVERS\kbdhid.sys

F6C5D000 - \SystemRoot\System32\Drivers\NDProxy.SYS

A85FF000 - \SystemRoot\system32\drivers\CHDAud.sys

A85DB000 - \SystemRoot\system32\drivers\portcls.sys

AAF80000 - \SystemRoot\system32\drivers\drmk.sys

A85A9000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

A84AC000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys

A83FC000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

AAE6C000 - \SystemRoot\System32\Drivers\Modem.SYS

A99AF000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7A9D000 - \SystemRoot\System32\Drivers\i2omgmt.SYS

A5562000 - \SystemRoot\system32\DRIVERS\klif.sys

F7A9F000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7C04000 - \SystemRoot\System32\Drivers\Null.SYS

F7AA1000 - \SystemRoot\System32\Drivers\Beep.SYS

A5D9E000 - \SystemRoot\System32\drivers\vga.sys

F7AA3000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7AA5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

A5D96000 - \SystemRoot\System32\Drivers\Msfs.SYS

A5D8E000 - \SystemRoot\System32\Drivers\Npfs.SYS

A86B6000 - \SystemRoot\system32\DRIVERS\rasacd.sys

A552F000 - \SystemRoot\system32\DRIVERS\ipsec.sys

A54D7000 - \SystemRoot\system32\DRIVERS\tcpip.sys

A54AF000 - \SystemRoot\system32\DRIVERS\netbt.sys

A548E000 - \SystemRoot\system32\DRIVERS\ipnat.sys

A542E000 - \SystemRoot\System32\vsdatant.sys

A6A14000 - \SystemRoot\system32\DRIVERS\wanarp.sys

A6A04000 - \SystemRoot\system32\DRIVERS\arp1394.sys

A8696000 - \SystemRoot\system32\DRIVERS\hidusb.sys

A540C000 - \SystemRoot\System32\drivers\afd.sys

A69A4000 - \SystemRoot\system32\DRIVERS\netbios.sys

F7AB3000 - \SystemRoot\system32\DRIVERS\eabfiltr.sys

F78CF000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys

F78D7000 - \SystemRoot\System32\Drivers\SCDEmu.SYS

A53E1000 - \SystemRoot\system32\DRIVERS\rdbss.sys

A5372000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

A5ED9000 - \SystemRoot\System32\Drivers\Fips.SYS

A535F000 - \SystemRoot\system32\DRIVERS\avipbb.sys

A632C000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

AAF20000 - \SystemRoot\system32\DRIVERS\snp2uvc.sys

F6736000 - \SystemRoot\system32\DRIVERS\STREAM.SYS

A5D76000 - \SystemRoot\system32\DRIVERS\sncduvc.SYS

F7B19000 - \SystemRoot\system32\DRIVERS\gflmouhid.sys

A408B000 - \SystemRoot\system32\DRIVERS\mouhid.sys

A229B000 - \SystemRoot\System32\Drivers\Fastfat.SYS

A21C5000 - \SystemRoot\System32\Drivers\dump_iaStor.sys

BF800000 - \SystemRoot\System32\win32k.sys

A2C0E000 - \SystemRoot\System32\drivers\Dxapi.sys

A6B3F000 - \SystemRoot\System32\watchdog.sys

BF9C3000 - \SystemRoot\System32\drivers\dxg.sys

F7B5C000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9E4000 - \SystemRoot\System32\ialmdnt5.dll

BF9D5000 - \SystemRoot\System32\ialmrnt5.dll

BFA06000 - \SystemRoot\System32\ialmdev5.DLL

BFA41000 - \SystemRoot\System32\ialmdd5.DLL

BFFA0000 - \SystemRoot\System32\ATMFD.DLL

F7137000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

A20D1000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

A2016000 - \SystemRoot\system32\DRIVERS\atksgt.sys

A1FAD000 - \SystemRoot\System32\Drivers\HTTP.sys

A6B2F000 - \SystemRoot\system32\DRIVERS\lirsgt.sys

A20CD000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys

A1F73000 - \??\C:\WINDOWS\system32\drivers\mqac.sys

A1F21000 - \SystemRoot\system32\DRIVERS\srv.sys

A1EC7000 - \??\C:\WINDOWS\system32\drivers\RMCast.sys

A1EB4000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

A1927000 - \SystemRoot\system32\drivers\wdmaud.sys

F76CF000 - \SystemRoot\system32\drivers\sysaudio.sys

F778F000 - \SystemRoot\System32\Drivers\Cdfs.SYS

F793F000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS

A3899000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 157

 

Liste des programmes installes

 

ÜberIcon

1500

1500_Help

1500Trb

Adobe Color Common Settings

Adobe Color Common Settings

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit 2

Adobe Flash Player 9 ActiveX

Adobe Photoshop 7.0

Adobe Reader 8.1.2 - Français

Adobe Setup

Adobe Setup

Adobe Shockwave Player

AiO_Scan

AiOSoftware

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

Assistant de connexion Windows Live

AudioConvert

Avira AntiVir Personal – Free Antivirus

BitComet 0.93

BufferChm

CCleaner (remove only)

Collab

Conexant HD Audio

Correctif pour Lecteur Windows Media 11 (KB939683)

Correctif pour Windows Internet Explorer 7 (KB947864)

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

CueTour

CustomerResearchQFolder

Destinations

DeviceFunctionQFolder

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

DocProc

DocumentViewer

DocumentViewerQFolder

eSupportQFolder

EVEREST Ultimate Edition v4.50

Fax

ffdshow

FL Studio 8

FlashGet 1.9.0.1012

Free Easy Burner V 3.8

Free Mp3 Wma Converter V 1.7.2

Google Toolbar for Internet Explorer

Haali Media Splitter

HDAUDIO Soft Data Fax Modem with SmartCP

HijackThis 2.0.2

HP Document Viewer 5.3

HP Extended Capabilities 5.3

HP Help and Support

HP Imaging Device Functions 6.0

HP Pavilion Webcam

HP Photosmart Premier Software 6.0

HP PSC & OfficeJet 5.3.B

HP Quick Launch Buttons 6.10 A2

HP QuickPlay 2.3

HP Solution Center & Imaging Support Tools 5.3

HP Update

HP User Guides 0027

HP Wireless Assistant 2.00 G2

HPProductAssistant

HpSdpAppCoreApp

IL Download Manager

InstantShareDevices

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

iTunes

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java SE Runtime Environment 6 Update 1

Lecteur Windows Media 11

Macromedia Flash Player 8

Macromedia Shockwave Player

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Software Update for Web Folders (French) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)

Mozilla Firefox (2.0.0.14)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

NewCopy

OptionalContentQFolder

Orange - Logiciels Internet

Pack Crystal Clear 1.0

PanoStandAlone

PoiZone

PowerArchiver 2007 French

PowerISO

ProductContext

QuickTime

RandMap

Readme

RocketDock 1.3.5

Safari

SAMSUNG CDMA Modem Driver Set

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3 USB Driver Installer

Satsuki Decoder Pack

Scan

ScannerCopy

Scroll Mouse

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Excel 2007 (KB946974)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB951808)

Security Update for Microsoft Office Word 2007 (KB950113)

Security Update for Office 2007 (KB934062)

Security Update for Office 2007 (KB947801)

Security Update for Outlook 2007 (KB946983)

SkinsHP1

SolutionCenter

Sonic_PrimoSDK

SonicAC3Encoder

SonicMPEGEncoder

Sony Media Manager for PSP 2.0b

Spybot - Search & Destroy

Status

Synaptics Pointing Device Driver

Toxic Biohazard

TrayApp

TuneUp Utilities 2008

Unload

Update for Office 2007 (KB932080)

Update for Office 2007 (KB934391)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb950378)

VD Codec Pack 3.7

VideoLAN VLC media player 0.8.6a

WebFldrs XP

WebReg

Windows Imaging Component

Windows Internet Explorer 7

Windows Live installer

Windows Live Messenger

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

WinRAR archiver

XML Paper Specification Shared Components Pack 1.0

ZoneAlarm

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2D98-D6F8

 

Répertoire de C:\Program Files

 

17/05/2008 16:56 <REP> .

17/05/2008 16:56 <REP> ..

17/05/2008 17:38 <REP> Adobe

29/02/2008 22:48 <REP> AIST

08/05/2008 19:12 <REP> Alwil Software

18/04/2008 15:00 <REP> Apple Software Update

10/05/2008 21:16 <REP> ASIO4ALL v2

16/05/2008 19:31 <REP> AudioConvert

14/05/2008 18:28 <REP> Avira

20/09/2007 15:18 <REP> BitComet

25/12/2006 14:09 <REP> CCleaner

24/10/2006 11:54 <REP> ComPlus Applications

24/10/2006 04:25 <REP> CONEXANT

17/05/2008 15:48 <REP> CursorXP

25/12/2006 14:47 <REP> DIFX

20/03/2008 02:31 <REP> DivX

23/03/2007 15:16 <REP> ffdshow

17/05/2008 17:19 <REP> Fichiers communs

17/05/2008 17:35 <REP> FlashGet

01/04/2008 20:26 <REP> Free Audio Pack

13/05/2008 13:44 <REP> Free Easy Burner

01/02/2007 20:40 <REP> Google

25/12/2006 13:33 <REP> Hewlett-Packard

03/02/2007 13:28 <REP> HP

27/12/2006 22:44 <REP> HPQ

10/05/2008 21:16 <REP> Image-Line

24/10/2006 04:01 <REP> Intel

14/05/2008 21:48 <REP> Internet Explorer

25/12/2006 16:14 <REP> Inventel

17/04/2008 12:14 <REP> iPod

17/04/2008 12:14 <REP> iTunes

02/04/2008 14:36 <REP> Java

16/05/2008 19:47 <REP> Lavalys

14/05/2008 18:37 <REP> Lavasoft

25/12/2006 19:48 <REP> Messenger

23/03/2008 18:07 <REP> Messenger Plus! Live

21/07/2007 22:50 <REP> Microsoft CAPICOM 2.1.0.2

25/12/2006 17:47 <REP> microsoft frontpage

21/07/2007 22:26 <REP> Microsoft Office

25/12/2006 17:50 <REP> Microsoft Visual Studio

21/07/2007 22:21 <REP> Microsoft Visual Studio 8

21/07/2007 22:26 <REP> Microsoft Works

21/07/2007 22:24 <REP> Microsoft.NET

15/05/2008 21:01 <REP> Movie Maker

18/05/2008 12:10 <REP> Mozilla Firefox

21/07/2007 22:26 <REP> MSBuild

14/11/2007 12:13 <REP> MSN

24/10/2006 11:54 <REP> MSN Gaming Zone

14/11/2007 12:06 <REP> MSN Messenger

14/05/2008 21:46 <REP> MSXML 4.0

24/10/2006 11:54 <REP> NetMeeting

06/11/2007 15:15 <REP> OrangeHSS

15/05/2008 21:01 <REP> Outlook Express

10/05/2008 21:15 <REP> Outsim

10/08/2007 14:52 <REP> PowerArchiver

25/04/2007 13:03 <REP> PowerISO

17/04/2008 12:12 <REP> QuickTime

15/05/2008 21:18 <REP> RocketDock

17/04/2008 12:08 <REP> Safari

28/07/2007 15:11 <REP> Samsung

23/03/2007 15:35 <REP> Satsuki Decoder Pack

25/12/2006 13:49 <REP> Scroll Mouse

12/01/2007 11:55 <REP> Sony

15/05/2008 21:33 <REP> Sony Setup

14/05/2008 18:39 <REP> Spybot - Search & Destroy

25/12/2006 14:47 <REP> SuperCopier2

24/10/2006 04:28 <REP> Synaptics

15/05/2008 12:03 <REP> TuneUp Utilities 2008

14/05/2008 19:32 <REP> UberIcon

23/03/2007 15:15 <REP> VDCodecPack3.7

25/12/2006 14:46 <REP> VideoLAN

10/05/2008 21:16 <REP> VstPlugins

23/03/2008 18:05 <REP> Windows Live

11/01/2007 20:33 <REP> Windows Media Connect 2

15/05/2008 20:45 <REP> Windows Media Player

24/10/2006 11:54 <REP> Windows NT

24/10/2006 11:54 <REP> Windows Plus

20/03/2008 18:21 <REP> WinRAR

24/10/2006 11:54 <REP> xerox

14/05/2008 18:11 <REP> Zone Labs

0 fichier(s) 0 octets

80 Rép(s) 20 031 561 728 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2D98-D6F8

 

Répertoire de C:\Program Files\fichiers communs

 

17/05/2008 17:19 <REP> .

17/05/2008 17:19 <REP> ..

17/05/2008 17:38 <REP> Adobe

29/07/2007 05:31 <REP> Ahead

28/07/2007 18:41 <REP> Apple

25/12/2006 14:51 <REP> Cisco Systems

25/12/2006 17:50 <REP> Designer

25/12/2006 16:14 278 528 FDEUnInstaller.exe

03/11/2007 11:11 <REP> France Telecom

03/02/2007 13:31 <REP> Hewlett-Packard

03/11/2007 12:47 <REP> HP

20/09/2007 14:49 <REP> InstallShield

24/10/2006 11:54 <REP> Java

27/11/2007 20:20 <REP> Microsoft Shared

24/10/2006 11:54 <REP> MSSoap

06/01/2007 13:01 <REP> Nero

24/10/2006 11:54 <REP> ODBC

24/10/2006 11:54 <REP> Services

20/09/2007 14:47 <REP> Sonic Shared

24/10/2006 11:54 <REP> SpeechEngines

21/07/2007 22:31 <REP> System

15/05/2008 12:00 <REP> Wise Installation Wizard

1 fichier(s) 278 528 octets

21 Rép(s) 20 031 557 632 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2D98-D6F8

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

21/07/2007 22:31 <REP> .

21/07/2007 22:31 <REP> ..

21/07/2007 22:31 <REP> 1036

26/10/2006 19:49 970 528 MSONSEXT.DLL

26/10/2006 20:12 40 256 MSOSV.DLL

03/06/1999 20:09 122 937 MSOWS409.DLL

07/03/2001 15:00 127 033 MSOWS40c.DLL

18/03/1999 07:37 593 977 RAGENT.DLL

5 fichier(s) 1 854 731 octets

3 Rép(s) 20 031 557 632 octets libres

 

 

 

 

c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe

c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe

c:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe

c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe

c:\Documents and Settings\Le voleur de reves\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe

c:\Documents and Settings\Le voleur de reves\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe

c:\Documents and Settings\Le voleur de reves\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

c:\Documents and Settings\Le voleur de reves\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe

c:\Documents and Settings\Le voleur de reves\Application Data\Mozilla\Firefox\Profiles\76pat9r2.default\FlashGot.exe

c:\Documents and Settings\Le voleur de reves\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe

c:\Documents and Settings\Le voleur de reves\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\gzip.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\md5sums.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\sigcheck.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\Le voleur de reves\Bureau\DiagHelp\tar.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\Setup.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\Crack\Photoshop.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\Patch FR\Traduction_Us-Fr.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\redist\WindowsInstaller-KB893803-v2-x86.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-ia64-enu.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x64-enu.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x86-enu.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\redist\WindowsXP-KB898715-x64-enu.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\WinCS3Clean\CS3Clean.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Adobe Photoshop CS3 Extended\WinCS3Clean\MSIZap.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Codecs\ffdshow-20051109.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Codecs\klcodec254f.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Codecs\Nero Digital MPEG 4 AVC h.264 dshow decoder v2.02.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Codecs\Satsuki.Decoder.Pack.3.0.0.0.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Codecs\VDCodecPack3.7.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Fruityloops Studio Producer Edition\Fruityloops.Studio.Producer.Edition.XXL.v8.0.0-NoPE\Crack\fruityloops.studio.producer.edition.xxl.v8.0.0-NoPE.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Fruityloops Studio Producer Edition\Fruityloops.Studio.Producer.Edition.XXL.v8.0.0-NoPE\setup\flstudio_8.0_install.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Game\Worms\wwp_EUsp1_FR.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Game\Worms\WWP\2_[PC Game] Worms World Party\Worms World Party\WWP\Landgen.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Game\Worms\WWP\2_[PC Game] Worms World Party\Worms World Party\WWP\RegSetup.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Game\Worms\WWP\2_[PC Game] Worms World Party\Worms World Party\WWP\Unace32.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Game\Worms\WWP\2_[PC Game] Worms World Party\Worms World Party\WWP\wwp.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\AdbeRdr708_fr_FR.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\antivir_workstation_winu_en_h.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\BitComet_0.93_setup.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\ccsetup206.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\cursorxp_free.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\daemon408-139-x86.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\flashget190en.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\IE7Setup.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\instal windows media player 11.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install firefox.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install media management.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install patch fransais pour Ad-Awaware.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install winamp 5.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install_macromedia flash player 7.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install_Vista Transformation Pack_.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\ir0431_unicode.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\iTunesSetup.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Lavasoft_Adaware2007_fr.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Pack Crystal Clear 1.0.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Pack_Vista_Inspirat_1.1.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\powarc1001fr.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\PowerISO35.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\QuickTimeInstaller.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\RocketDock-v1.3.5.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\setup_avast.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Setup_FreeBurner.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Setup_FreeConverter.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Setup_XPize46Ful_ pack_theme+iconel.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\spybotsd152.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\SuperCopier2.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\UberIcon-v1.0.1.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\vlc-0.8.6a-win32.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\WinRAR 4.1.65.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Zone_Alarm setup.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Audio Converter\Audio-Convert2.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Audio Converter\AudioConvert-Keygen.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Ejay.Dj.Mix.Station.3\Install DJMixStation 3.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Everest\everestultimate450.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Everest\Keygen\keygen.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Install Office 2007\SETUP.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Install Office 2007\OFFICE.FR-FR\DW20.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Install Office 2007\OFFICE.FR-FR\DWTRIG20.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Install Office 2007\PROPLUS.WW\OSE.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Install_DIVX_8\DivXInstaller.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Install_DIVX_8\Keygen DivX AIO.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install_Nero\nero_nero_6.3.1.6_language_pack_francais_francais_10297.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\install_Nero\nero_nero_6.3.1.6_ultimate_edition_anglais_10297.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Logiciel AMV\FRAPSREG280.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Photoshop 7\setup\_ISDel.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Photoshop 7\setup\Setup.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\TuneUp Utilities 2008 FR - v7.0.7991\Keymaker.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\TuneUp Utilities 2008 FR - v7.0.7991\TU2008TrialFR.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\WLM\MsgPlusLive-460.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\WLM\Install_MSN_Bêta_9\Patch MsnCreative WLM 9 BETA.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\WLM\Install_MSN_Bêta_9\WLM_9_Patch_FR_.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Utilitaires\xtremsplit.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Vegas Pro 8\keygen.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Vegas Pro 8\vegaspro80b-trial_fra.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\wISO.exe

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\AUTOCHK.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\AUTOFMT.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\EXPAND.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\FAXPATCH.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\NETSETUP.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\REGEDIT.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\TELNET.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\SVCPACK\02NETFX2.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\SVCPACK\VISTAFONTS.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\SVCPACK\WTIS.EXE

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Windows Trust\I386\SYSTEM32\SMSS.EXE

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer4276\Setup.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer4276\redist\WindowsInstaller-KB893803-v2-x86.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer4276\redist\WindowsServer2003-KB898715-ia64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer4276\redist\WindowsServer2003-KB898715-x64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer4276\redist\WindowsServer2003-KB898715-x86-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer4276\redist\WindowsXP-KB898715-x64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer5176\Setup.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer5176\redist\WindowsInstaller-KB893803-v2-x86.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer5176\redist\WindowsServer2003-KB898715-ia64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer5176\redist\WindowsServer2003-KB898715-x64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer5176\redist\WindowsServer2003-KB898715-x86-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer5176\redist\WindowsXP-KB898715-x64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer7340\Setup.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer7340\redist\WindowsInstaller-KB893803-v2-x86.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer7340\redist\WindowsServer2003-KB898715-ia64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer7340\redist\WindowsServer2003-KB898715-x64-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer7340\redist\WindowsServer2003-KB898715-x86-enu.exe

c:\Documents and Settings\Le voleur de reves\Local Settings\Application Data\Installer7340\redist\WindowsXP-KB898715-x64-enu.exe

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\Le voleur de reves\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

c:\Documents and Settings\Le voleur de reves\Application Data\Mozilla\Firefox\Profiles\76pat9r2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

c:\Documents and Settings\Le voleur de reves\Application Data\Mozilla\Firefox\Profiles\76pat9r2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_SCORPIO.tar.gz a l'adresse http://upload.malekal.com

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Le résultat:

Processus superflu non nécessaire au système

 

C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt -->18/05/2008 11:28:53 => HDAUDIO Soft Data Fax Modem with SmartCP

0x10000000 0x24000 3.00.0000.4543 C:\WINDOWS\system32\igfxdev.dll => Intel Common User Interface

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Fruityloops Studio Producer Edition\Fruityloops.Studio.Producer.Edition.XXL.v8.0.0-NoPE\Crack\fruityloops.studio.producer.edition.xxl.v8.0.0-NoPE.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Audio Converter\AudioConvert-Keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Everest\Keygen\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\Install_DIVX_8\Keygen DivX AIO.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Installs\TuneUp Utilities 2008 FR - v7.0.7991\Keymaker.exe => Crack, KeyGen, Keymaker - Possible Malware

c:\Documents and Settings\Le voleur de reves\Bureau\Les archives\Vegas Pro 8\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

 

Rien de dramatique !

hajiwari Power Member

hajiwari

Posté(e)
  • Auteur
Posté(e)

Donc il réellement nécessaire de supprimer ces générateurs de clé?

Je voudrais savoir ce que je dois faire pour mon problème de mémoire vive et que pour en outre photoshop 7 tourne sur mon PC sans problèmes.

 

merci

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Donc il réellement nécessaire de supprimer ces générateurs de clé?

 

Pas forcément.Mais il faut, au minimum scanner ces fichiers à risque avec antivirus et antispyware pour s'assurer qu'ils ne sont pas piégés.

 

Pour votre problème Phososhop, voyez plutôt les forums Software ou Hardware de ce site.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...