Infection 007guard

jejemorg -
Utilisateur anonyme - 24 mars 2009 à 09:49

Bonjour,
J'ai rencontré des problèmes de surf et en faisant un netstat -a j'ai vu que j'avait des liens vers www.007guard.com.
J'ai fait un hijackthis, mais je vois pas d'ou cela vient:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:45, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\WINNT\system32\nfsclnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\enstart.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\PSXRUN.EXE
C:\WINNT\system32\psxss.exe
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\init
C:\SFU\usr\sbin\inetd
C:\WINNT\System32\dllhost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINNT\stsystra.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxsrvc.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINNT\system32\taskmgr.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pbweb.uk.pb.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fr.pb.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 152.144.221.*;pcservices2;dfworks.ct.pb.com;xgs-dfworks-2;*.ct.pb.com;*.fr.pb.com;srv-w2003-dev;<local>
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 152.144.117.18 usdby1-pbiadp04
O1 - Hosts: 152.144.117.18 usdby1-pbiadp04.pbi.global.pvt
O1 - Hosts: 161.228.215.112 usdby1-pbiadp01
O1 - Hosts: 161.228.215.112 usdby1-pbiadp01.pbi.global.pvt
O1 - Hosts: 152.144.114.112 usshl1-pbiadp01
O1 - Hosts: 152.144.114.112 usshl1-pbiadp01.pbi.global.pvt
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cleanup] c:\winnt\PBUtility\cleanup.cmd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG9.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\imjprmzb.exe" /RmZombie
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINNT\system32\DWRCST.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://secapweb.fr.pb.com/
O15 - Trusted Zone: *.pbi.global.pvt
O15 - Trusted Zone: *.pb.com
O15 - Trusted Zone: *.pitneybowes.ca
O15 - Trusted IP range: http://152.144.221.130
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://mpsnet.com/JavaVM3186.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O17 - HKLM\Software\..\Telephony: DomainName = pbi.global.pvt
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C560EB-43E1-43C6-A669-DEA9550F99BE}: NameServer = 152.144.243.27,152.144.243.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O23 - Service: Apache2 - Unknown owner - W:\Apache Group\Apache2\bin\Apache.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: beasvc mydomain_PROD - Unknown owner - C:\bea\WEBLOG~1\server\bin\beasvc.exe (file missing)
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: CQC_Pilote Num (CQCPiloteNum) - MAG - C:\Program Files\MAG\CQC Pilote\CQCPiloteNum.exe
O23 - Service: CQC_Pilote Printer (CQCPilotePrinter) - MAG - C:\Program Files\MAG\CQC Pilote\CQCPilotePrinter.exe
O23 - Service: CQC_Pilote Server (CQCPiloteServer) - MAG - C:\Program Files\MAG\CQC Pilote\CQCPiloteServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DFWorks UDH App (DFWUDHApp) - Unknown owner - W:\dfworksapp\install\DFWUDHApp.exe (file missing)
O23 - Service: DFWorks UDH Web (DFWUDHWeb) - Unknown owner - W:\dfworksweb\install\DFWUDHWeb.exe (file missing)
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINNT\system32\DWRCS.EXE (file missing)
O23 - Service: enstart - Unknown owner - C:\WINNT\system32\enstart.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ouverture de session unique de Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\WINNT\system32\nslsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\XEClient\BIN\omtsreco.exe
O23 - Service: OracleOraHome90TNSListener - Unknown owner - W:\oracle90\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceSMARTDB - Unknown owner - w:\oracle90\bin\ORACLE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - W:\Tomcat\bin\tomcat5.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Afficher la suite

A voir également:

Infection 007guard
Infection FileRepMetagen - Forum Virus
Infection winrmsrv ✓ - Forum Virus
Infection fahcore_a8 ✓ - Forum Virus
Suppose une infection ✓ - Forum Virus
Infection par autorun.inf ✓ - Forum Virus

6 réponses

Réponse 1 / 6

Utilisateur anonyme

salut :

Mets a jour vers le SP3 via Windows update ,

ensuite :

réouvre hijackthis
fais scan only
coches ces lignes sur leur gauche:

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O23 - Service: DFWorks UDH App (DFWUDHApp) - Unknown owner - W:\dfworksapp\install\DFWUDHApp.exe (file missing)
O23 - Service: DFWorks UDH Web (DFWUDHWeb) - Unknown owner - W:\dfworksweb\install\DFWUDHWeb.exe (file missing)
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINNT\system32\DWRCS.EXE (file missing)
O23 - Service: OracleOraHome90TNSListener - Unknown owner - W:\oracle90\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceSMARTDB - Unknown owner - w:\oracle90\bin\ORACLE.EXE (file missing)

tu les coches et tu clic sur "fix checked"

et tu fermes le programme.

ensuite :

tu télécharge LOP S&D sur ton Bureau.

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

jejemorg

voila le rapport:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A12
USER : JE017BA ( Not Administrator ! )
BOOT : Fail-safe with network boot
Antivirus : VirusScan Enterprise + AntiSpyware Enterprise 8.5.0.781 (Activated)
C:\ (Local Disk) - NTFS - Total:36 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:75 Go (Free:43 Go)
F:\ (CD or DVD)
L:\ (Network Disk)
O:\ (Network Disk)
R:\ (Network Disk)
Y:\ (Network Disk)
Z:\ (Network Disk)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 22/03/2009|19:18 )

--------------------\\ Listing des dossiers dans APPLIC~1

[27/06/2006|21:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[22/05/2004|02:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[30/07/2007|13:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[02/03/2009|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[02/08/2007|10:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[01/08/2007|13:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/06/2006|23:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[01/08/2007|15:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Wave Systems Corp

[27/06/2006|21:53] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\Apple Computer
[22/05/2004|02:05] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\Identities
[02/08/2007|11:20] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\InstallShield
[02/03/2009|20:47] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\Intel
[02/08/2007|11:20] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\Macromedia
[09/08/2007|13:01] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\Microsoft
[26/06/2006|23:03] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\Real
[07/01/2009|17:26] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\TOSHIBA
[07/01/2009|17:29] C:\DOCUME~1\ADMINI~1.PIT\APPLIC~1\Wave Systems Corp

[08/01/2009|22:23] C:\DOCUME~1\admlocal\APPLIC~1\Adobe
[27/06/2006|21:53] C:\DOCUME~1\admlocal\APPLIC~1\Apple Computer
[29/01/2009|22:14] C:\DOCUME~1\admlocal\APPLIC~1\FileZilla
[22/05/2004|02:05] C:\DOCUME~1\admlocal\APPLIC~1\Identities
[02/08/2007|11:20] C:\DOCUME~1\admlocal\APPLIC~1\InstallShield
[02/03/2009|20:47] C:\DOCUME~1\admlocal\APPLIC~1\Intel
[02/08/2007|11:20] C:\DOCUME~1\admlocal\APPLIC~1\Macromedia
[09/08/2007|13:01] C:\DOCUME~1\admlocal\APPLIC~1\Microsoft
[29/01/2009|22:10] C:\DOCUME~1\admlocal\APPLIC~1\Mozilla
[08/01/2009|22:33] C:\DOCUME~1\admlocal\APPLIC~1\Notepad++
[26/06/2006|23:03] C:\DOCUME~1\admlocal\APPLIC~1\Real
[07/01/2009|17:06] C:\DOCUME~1\admlocal\APPLIC~1\TOSHIBA
[29/01/2009|21:34] C:\DOCUME~1\admlocal\APPLIC~1\Wave Systems Corp

[21/03/2009|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[26/06/2006|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[27/06/2006|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/03/2009|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Applications
[01/08/2007|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFix
[31/10/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02/03/2009|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[21/03/2009|07:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/10/2007|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lotus
[18/11/2008|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[21/03/2009|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/03/2009|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[07/09/2006|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[01/08/2007|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NTRU Cryptosystems
[25/11/2008|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Protexis
[31/10/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[22/03/2009|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[17/03/2009|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
[01/08/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wave Systems Corp
[18/11/2005|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[15/09/2008|21:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[27/06/2006|21:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[22/05/2004|02:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/08/2007|11:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[02/03/2009|20:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[02/08/2007|11:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[09/08/2007|13:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/06/2006|23:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[08/08/2007|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Wave Systems Corp

[16/09/2008|11:03] C:\DOCUME~1\je017ba\APPLIC~1\Adobe
[27/06/2006|21:53] C:\DOCUME~1\je017ba\APPLIC~1\Apple Computer
[19/11/2008|09:16] C:\DOCUME~1\je017ba\APPLIC~1\CyberLink
[25/11/2008|16:31] C:\DOCUME~1\je017ba\APPLIC~1\DJJava
[19/11/2008|09:18] C:\DOCUME~1\je017ba\APPLIC~1\dvdcss
[18/03/2009|13:43] C:\DOCUME~1\je017ba\APPLIC~1\FileZilla
[05/01/2009|09:59] C:\DOCUME~1\je017ba\APPLIC~1\gtk-2.0
[17/11/2008|15:34] C:\DOCUME~1\je017ba\APPLIC~1\Help
[21/01/2009|11:20] C:\DOCUME~1\je017ba\APPLIC~1\ICAClient
[27/11/2008|11:15] C:\DOCUME~1\je017ba\APPLIC~1\ICSharpCode
[22/05/2004|02:05] C:\DOCUME~1\je017ba\APPLIC~1\Identities
[10/11/2008|15:11] C:\DOCUME~1\je017ba\APPLIC~1\IDMComp
[17/11/2008|21:25] C:\DOCUME~1\je017ba\APPLIC~1\InfraRecorder
[05/11/2008|19:56] C:\DOCUME~1\je017ba\APPLIC~1\Inkscape
[02/08/2007|11:20] C:\DOCUME~1\je017ba\APPLIC~1\InstallShield
[02/03/2009|20:47] C:\DOCUME~1\je017ba\APPLIC~1\Intel
[15/09/2008|15:21] C:\DOCUME~1\je017ba\APPLIC~1\Macromedia
[24/09/2008|14:42] C:\DOCUME~1\je017ba\APPLIC~1\MAG
[03/03/2009|09:16] C:\DOCUME~1\je017ba\APPLIC~1\Microsoft
[20/10/2008|14:42] C:\DOCUME~1\je017ba\APPLIC~1\Mozilla
[22/12/2008|15:05] C:\DOCUME~1\je017ba\APPLIC~1\Notepad++
[09/10/2008|13:37] C:\DOCUME~1\je017ba\APPLIC~1\ntr
[24/09/2008|13:38] C:\DOCUME~1\je017ba\APPLIC~1\Pitney BOWES
[26/06/2006|23:03] C:\DOCUME~1\je017ba\APPLIC~1\Real
[21/10/2008|15:15] C:\DOCUME~1\je017ba\APPLIC~1\Roxio
[16/09/2008|10:28] C:\DOCUME~1\je017ba\APPLIC~1\Sun
[09/12/2008|11:28] C:\DOCUME~1\je017ba\APPLIC~1\TOSHIBA
[10/12/2008|08:30] C:\DOCUME~1\je017ba\APPLIC~1\U3
[08/01/2009|17:57] C:\DOCUME~1\je017ba\APPLIC~1\ViStart
[15/09/2008|22:35] C:\DOCUME~1\je017ba\APPLIC~1\vlc
[23/12/2008|11:26] C:\DOCUME~1\je017ba\APPLIC~1\VMware
[22/03/2009|15:09] C:\DOCUME~1\je017ba\APPLIC~1\Wave Systems Corp
[14/02/2009|18:37] C:\DOCUME~1\je017ba\APPLIC~1\Windows Search
[05/11/2008|16:34] C:\DOCUME~1\je017ba\APPLIC~1\XnView

[02/03/2009|20:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
[23/09/2008|16:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\MAG
[14/02/2009|18:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[17/11/2008|22:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\VMware

[02/03/2009|20:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
[13/10/2008|08:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\MAG
[22/05/2004|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[17/03/2009|15:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\VMware

[22/05/2004|02:05] C:\DOCUME~1\pbadmin\APPLIC~1\Identities
[02/03/2009|20:47] C:\DOCUME~1\pbadmin\APPLIC~1\Intel
[22/12/2004|17:51] C:\DOCUME~1\pbadmin\APPLIC~1\Microsoft

[22/05/2004|02:05] C:\DOCUME~1\pbpass\APPLIC~1\Identities
[02/03/2009|20:47] C:\DOCUME~1\pbpass\APPLIC~1\Intel
[22/12/2004|17:51] C:\DOCUME~1\pbpass\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINNT\tasks

[21/03/2009 07:51][--a------] C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[22/03/2009 17:07][--a------] C:\WINNT\tasks\NavAutoConfig.job
[20/03/2009 12:15][--a------] C:\WINNT\tasks\SyncToyCmd.job
[22/03/2009 17:23][--ah-----] C:\WINNT\tasks\SA.DAT
[24/09/2001 23:13][-r-h-----] C:\WINNT\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[15/09/2008|16:39] C:\Program Files\7-Zip
[17/11/2008|15:34] C:\Program Files\Abale
[09/01/2009|09:39] C:\Program Files\ABC Amber CHM Merger
[26/06/2006|22:48] C:\Program Files\Adobe
[13/02/2009|16:47] C:\Program Files\Apache Software Foundation
[01/08/2007|14:13] C:\Program Files\Apoint
[22/03/2009|02:30] C:\Program Files\a-squared Free
[26/06/2006|22:52] C:\Program Files\BigFix Enterprise
[01/08/2007|15:01] C:\Program Files\Broadcom
[07/11/2008|12:05] C:\Program Files\BTB
[07/09/2006|13:53] C:\Program Files\Cisco Systems
[27/06/2006|15:28] C:\Program Files\Citrix
[21/03/2009|08:19] C:\Program Files\Common Files
[22/05/2004|01:54] C:\Program Files\ComPlus Applications
[15/07/2006|20:28] C:\Program Files\CONEXANT
[07/09/2006|14:50] C:\Program Files\CyberLink
[31/10/2007|11:07] C:\Program Files\Dell
[01/08/2007|14:29] C:\Program Files\DIFX
[20/11/2008|21:17] C:\Program Files\EASEUS
[28/10/2008|12:51] C:\Program Files\FileZilla FTP Client
[15/09/2008|23:00] C:\Program Files\Foxit Software
[30/09/2008|21:20] C:\Program Files\gawk-win
[17/09/2008|15:54] C:\Program Files\GestionServicesDistants
[14/10/2008|14:26] C:\Program Files\Ghostgum
[30/10/2008|17:09] C:\Program Files\GIMP-2.0
[09/01/2009|09:14] C:\Program Files\GridinSoft
[14/10/2008|14:41] C:\Program Files\gs
[29/09/2008|08:10] C:\Program Files\Hewlett-Packard
[10/11/2008|15:10] C:\Program Files\IDM Computer Solutions
[17/11/2008|21:16] C:\Program Files\InfraRecorder
[05/11/2008|19:56] C:\Program Files\Inkscape
[03/03/2009|15:49] C:\Program Files\InstallShield Installation Information
[02/03/2009|20:45] C:\Program Files\Intel
[14/02/2009|19:07] C:\Program Files\Internet Explorer
[09/02/2009|10:52] C:\Program Files\Java
[21/03/2009|07:43] C:\Program Files\Lavasoft
[30/10/2007|17:07] C:\Program Files\lotus
[30/09/2008|15:01] C:\Program Files\Macro 4
[24/09/2008|09:51] C:\Program Files\MAG
[18/11/2008|10:15] C:\Program Files\McAfee
[17/12/2008|23:40] C:\Program Files\Messenger
[21/03/2009|08:22] C:\Program Files\Microsoft
[01/03/2009|16:53] C:\Program Files\Microsoft ActiveSync
[01/08/2007|13:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/05/2004|01:59] C:\Program Files\microsoft frontpage
[18/03/2009|09:31] C:\Program Files\Microsoft Office
[17/09/2008|18:29] C:\Program Files\Microsoft SDKs
[04/11/2008|22:21] C:\Program Files\Microsoft Silverlight
[16/09/2008|08:54] C:\Program Files\Microsoft SQL Server
[17/09/2008|18:32] C:\Program Files\Microsoft SQL Server Compact Edition
[20/10/2008|09:47] C:\Program Files\Microsoft Sync Framework
[17/09/2008|18:32] C:\Program Files\Microsoft Synchronization Services
[16/09/2008|21:44] C:\Program Files\Microsoft Virtual PC
[27/06/2006|15:45] C:\Program Files\Microsoft Visual Studio
[03/03/2009|15:48] C:\Program Files\Microsoft Visual Studio .NET
[14/02/2009|19:42] C:\Program Files\Microsoft Visual Studio 9.0
[07/09/2006|14:18] C:\Program Files\Microsoft VM
[08/08/2007|15:27] C:\Program Files\Microsoft Works
[16/09/2008|08:52] C:\Program Files\Microsoft.NET
[07/03/2005|23:43] C:\Program Files\Movie Maker
[22/03/2009|12:22] C:\Program Files\Mozilla Firefox
[01/08/2007|13:35] C:\Program Files\MSBuild
[08/08/2007|13:45] C:\Program Files\MSECache
[22/05/2004|01:53] C:\Program Files\MSN Gaming Zone
[01/08/2007|13:37] C:\Program Files\MSXML 4.0
[01/08/2007|13:43] C:\Program Files\MSXML 6.0
[01/12/2008|16:00] C:\Program Files\NavAutoConfig
[07/03/2005|23:43] C:\Program Files\NetMeeting
[18/11/2008|10:17] C:\Program Files\Network Associates
[22/12/2008|15:08] C:\Program Files\Notepad++
[08/09/2008|12:58] C:\Program Files\Novadigm
[01/08/2007|15:02] C:\Program Files\NTRU Cryptosystems
[30/07/2007|13:42] C:\Program Files\O2Micro OZ776 SCR Driver
[28/02/2005|22:07] C:\Program Files\Online Services
[01/08/2007|13:45] C:\Program Files\Outlook Express
[30/10/2008|16:59] C:\Program Files\PDFCreator
[17/09/2008|15:48] C:\Program Files\PuTTY
[08/10/2008|16:37] C:\Program Files\PuTTY Connection Manager
[06/11/2008|10:34] C:\Program Files\PWRULES
[05/01/2009|16:09] C:\Program Files\QTTabBar
[27/06/2006|21:47] C:\Program Files\QuickTime
[26/06/2006|23:02] C:\Program Files\Real
[15/09/2008|16:24] C:\Program Files\RealVNC
[01/08/2007|13:31] C:\Program Files\Reference Assemblies
[31/10/2007|15:26] C:\Program Files\Research In Motion
[31/10/2007|09:10] C:\Program Files\Roxio
[19/01/2009|16:52] C:\Program Files\Runtime Software
[30/10/2007|17:20] C:\Program Files\SAP
[04/03/2005|23:12] C:\Program Files\ScreenSaver
[17/09/2008|15:26] C:\Program Files\SharpDevelop
[01/08/2007|15:50] C:\Program Files\Sigmatel
[22/03/2009|17:30] C:\Program Files\Spybot - Search & Destroy
[20/10/2008|09:48] C:\Program Files\SyncToy 2.0
[09/12/2008|11:28] C:\Program Files\Toshiba
[05/01/2009|10:36] C:\Program Files\TrueTransparency
[07/01/2009|14:51] C:\Program Files\UberIcon
[22/05/2004|02:05] C:\Program Files\Uninstall Information
[15/09/2008|20:39] C:\Program Files\VideoLAN
[06/01/2009|13:53] C:\Program Files\ViOrb
[14/01/2009|11:12] C:\Program Files\ViStart
[01/08/2007|15:17] C:\Program Files\Wave Systems Corp
[27/02/2009|09:44] C:\Program Files\Windows Desktop Search
[21/03/2009|08:21] C:\Program Files\Windows Live SkyDrive
[01/08/2007|13:29] C:\Program Files\Windows Media Connect 2
[09/08/2007|11:13] C:\Program Files\Windows Media Player
[07/03/2005|23:43] C:\Program Files\Windows NT
[07/03/2005|23:59] C:\Program Files\WindowsUpdate
[26/11/2008|10:15] C:\Program Files\WindowTabifier_demo
[19/01/2009|16:04] C:\Program Files\WinMerge
[22/05/2004|01:59] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[26/06/2006|22:48] C:\Program Files\Common Files\Adobe
[23/09/2008|16:48] C:\Program Files\Common Files\Business Objects
[26/06/2006|22:47] C:\Program Files\Common Files\Cisco Systems
[08/08/2007|13:42] C:\Program Files\Common Files\DESIGNER
[07/09/2006|13:53] C:\Program Files\Common Files\Deterministic Networks
[31/10/2007|09:11] C:\Program Files\Common Files\InstallShield
[26/06/2006|22:53] C:\Program Files\Common Files\Java
[08/08/2007|13:42] C:\Program Files\Common Files\L&H
[18/11/2008|10:15] C:\Program Files\Common Files\McAfee
[14/02/2009|19:43] C:\Program Files\Common Files\Merge Modules
[21/03/2009|08:21] C:\Program Files\Common Files\Microsoft Shared
[22/05/2004|01:55] C:\Program Files\Common Files\MSSoap
[26/06/2006|22:47] C:\Program Files\Common Files\Network Associates
[22/05/2004|01:41] C:\Program Files\Common Files\ODBC
[26/06/2006|23:02] C:\Program Files\Common Files\Real
[31/10/2007|15:26] C:\Program Files\Common Files\Research In Motion
[31/10/2007|09:11] C:\Program Files\Common Files\Roxio Shared
[22/05/2004|01:55] C:\Program Files\Common Files\Services
[31/10/2007|09:11] C:\Program Files\Common Files\Sonic Shared
[22/05/2004|01:41] C:\Program Files\Common Files\SpeechEngines
[31/10/2007|09:10] C:\Program Files\Common Files\SureThing Shared
[09/08/2007|11:13] C:\Program Files\Common Files\System
[21/03/2009|08:19] C:\Program Files\Common Files\Windows Live
[15/09/2008|21:20] C:\Program Files\Common Files\WindowsLiveInstaller
[26/06/2006|23:02] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 22 Processes )

iexplore.exe ~ [PID:304]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 19:19:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

[F:11825][D:2381]-> C:\DOCUME~1\je017ba\LOCALS~1\Temp
[F:13][D:0]-> C:\DOCUME~1\je017ba\Cookies
[F:949][D:8]-> C:\DOCUME~1\je017ba\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
[F:2][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 22/03/2009|19:20 - Option : [1]

--------------------\\ Fin du rapport a 19:20:57

jejemorg > jejemorg

Bonsoir,
Ja'i finit par trouver, en fait mon fichier host a été pourris par ce malware.
Problème résolu.

Réponse 2 / 6

Utilisateur anonyme

fais quand même ceci par sécurité :

Télécharge HostXpert sur ton Bureau :

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

s'il est fermé , clique dessus :)

puis :

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

jejemorg

En fait j'ai cru que cela fonctionnait mais pas longtemps :(

Voila la log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by je017ba at 2009-03-23 11:38:43
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (15%) free of 37 GB
Total RAM: 2038 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:00, on 23/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\WINNT\system32\nfsclnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\enstart.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\PSXRUN.EXE
C:\WINNT\system32\psxss.exe
C:\WINNT\System32\dllhost.exe
C:\SFU\usr\sbin\init
C:\SFU\usr\sbin\inetd
C:\SFU\usr\sbin\zzInterix
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINNT\stsystra.exe
C:\WINNT\system32\igfxsrvc.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\je017ba\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\je017ba\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\je017ba\Desktop\RSIT.exe
C:\HijackThis\je017ba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pbweb.uk.pb.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fr.pb.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 152.144.221.*;pcservices2;dfworks.ct.pb.com;xgs-dfworks-2;*.ct.pb.com;*.fr.pb.com;srv-w2003-dev;<local>
O1 - Hosts: 152.144.242.28 secapweb.fr.pb.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\je017ba\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://secapweb.fr.pb.com/
O15 - Trusted Zone: *.pbi.global.pvt
O15 - Trusted Zone: *.pb.com
O15 - Trusted Zone: *.pitneybowes.ca
O15 - Trusted IP range: http://152.144.221.130
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://mpsnet.com/JavaVM3186.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O17 - HKLM\Software\..\Telephony: DomainName = pbi.global.pvt
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C560EB-43E1-43C6-A669-DEA9550F99BE}: NameServer = 152.144.243.27,152.144.243.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apache2 - Unknown owner - W:\Apache Group\Apache2\bin\Apache.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: beasvc mydomain_PROD - Unknown owner - C:\bea\WEBLOG~1\server\bin\beasvc.exe (file missing)
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: CQC_Pilote Num (CQCPiloteNum) - MAG - C:\Program Files\MAG\CQC Pilote\CQCPiloteNum.exe
O23 - Service: CQC_Pilote Printer (CQCPilotePrinter) - MAG - C:\Program Files\MAG\CQC Pilote\CQCPilotePrinter.exe
O23 - Service: CQC_Pilote Server (CQCPiloteServer) - MAG - C:\Program Files\MAG\CQC Pilote\CQCPiloteServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DFWorks UDH App (DFWUDHApp) - Unknown owner - W:\dfworksapp\install\DFWUDHApp.exe (file missing)
O23 - Service: DFWorks UDH Web (DFWUDHWeb) - Unknown owner - W:\dfworksweb\install\DFWUDHWeb.exe (file missing)
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINNT\system32\DWRCS.EXE (file missing)
O23 - Service: enstart - Unknown owner - C:\WINNT\system32\enstart.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ouverture de session unique de Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\WINNT\system32\nslsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - W:\Tomcat\bin\tomcat5.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

jejemorg > jejemorg

Et voila l'info.txt:

info.txt logfile of random's system information tool 1.06 2009-03-23 11:39:03

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
7-Zip 4.60-->MsiExec.exe /I{23170F69-40C1-2701-0460-000001000000}
ActivePerl Build 629-->MsiExec.exe /I{58C1C2BC-B255-42FD-B221-F060E49485B3}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AFP Tools Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C346650A-3179-11D4-9020-0000836065D8}\setup.exe"
a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI Display Driver-->rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BEA WebLogic Platform 8.1-->"C:\bea\weblogic81\uninstall\uninstall.cmd"
BigFix Enterprise Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF7023BC-319B-4FE1-B569-C854A19F81F8}\Setup.exe" -l0x9 -removeonly
biolsp patch-->MsiExec.exe /I{E6095BEA-8C97-4342-B771-13BB72AC1D88}
BlackBerry Desktop Software 4.1.1-->MsiExec.exe /I{E6A4F956-B433-4CC1-9074-338641CD4FCA}
BlackBerry Desktop Software 4.1.1-->MsiExec.exe /i{E6A4F956-B433-4CC1-9074-338641CD4FCA}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Client Update 7.0-->C:\UNWISE.EXE C:\INSTALL.LOG
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB945282)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946040)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946308)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946344)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947540)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947789)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB948127)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB951708)-->C:\WINNT\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
CQC Pilote-->MsiExec.exe /I{4650BC9D-7852-4CC6-AC5C-05EFB031F1CF}
CQC Printer Emul-->MsiExec.exe /I{ED6F4153-EDCD-484D-A309-10A53B90FC5F}
Dell Embassy Trust Suite by Wave Systems-->C:\WINNT\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Deluxe Menu-->C:\Program Files\Microsoft VM\uninstall.exe
Dfworks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33A0EEBC-EF3B-4587-888F-1AA71EA4A5EB}\Setup.exe" -l0x9
Document Manager Lite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
DriveImage XML (Private Edition)-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
dummy folders-->C:\perforce\bas\620_COR\src\fes\few\sapfewin\UNWISE.EXE C:\perforce\bas\620_COR\src\fes\few\sapfewin\INSTALL.LOG
EASEUS Partition Manager 2.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Manager 2.1 Home Edition\unins000.exe"
EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems-->C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
ETS Upgrade-->C:\Program Files\InstallShield Installation Information\{72FECEA1-E87F-4192-89FA-D0FBF92885BB}\setup.exe -runfromtemp -l0x0409
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Gimp 2.6.1-->"C:\Program Files\GIMP-2.0\setup\unins001.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.63-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.63\uninstal.txt"
GSview 4.9-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
High Definition Audio Driver Package - KB888111-->"C:\WINNT\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\hijackthis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINNT\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINNT\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINNT\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINNT\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINNT\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINNT\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINNT\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINNT\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\WINNT\system32\igxpun.exe -uninstall
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Logiciel Intel(R) PROSet/Wireless-->C:\WINNT\Installer\iProInst.exe
Lotus Notes 6.0.4 fr-->MsiExec.exe /I{783EA6AB-62F3-44c1-ADED-70971B164B95}
Macro 4 Columbus Viewer 5.5.13.a-->MsiExec.exe /X{58BC13F3-C58F-4C8B-8F98-7DBF8C82EB5D}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaFrame Presentation Server Web Client for Win32-->C:\WINNT\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINNT\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINNT\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 French User Interface Pack-->MsiExec.exe /I{901E040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Meeting 2005 Replay Wrapper-->MsiExec.exe /X{543C7F37-8978-4CC8-A95D-E02E7999CF44}
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{4E951F0A-C53B-4AD6-A6DA-0D0A009073A9}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}
Microsoft Office Live Meeting PowerPoint Add-In-->MsiExec.exe /I{4B47113C-5D36-4E24-92ED-31602C0250FA}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Tools-->MsiExec.exe /I{12E09BD7-B701-47CF-99F6-DB24BFFC1A5E}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-->MsiExec.exe /I{16BBCDA8-C8E0-4E39-9D95-1E3274917D22}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{7DA9A565-3DE2-435E-B67B-87D3E75DA8A5}
Microsoft SQL Server Native Client-->MsiExec.exe /I{90283F22-0731-43B6-81FD-E6DD911A31FB}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C74B273E-DF20-4955-899B-15205119894C}
Microsoft SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /I{58FD9176-17BF-4D9A-8773-5ECA2947D391}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Framework Services v1.0 (x86)-->MsiExec.exe /I{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual Basic 2008 Express Edition with SP1 - FRA-->MsiExec.exe /X{EAF461BE-79BE-340B-AEBA-82D1230EC024}
Microsoft Visual Basic 2008 Express SP1 - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - FRA\setup.exe
Microsoft Visual C# 2008 Express Edition - FRA-->MsiExec.exe /X{68E06C07-FD33-33F7-8672-ED39128A419A}
Microsoft Visual C++ 2008 Express Edition - FRA-->MsiExec.exe /X{15473D70-D791-3B5E-B174-2FD19EC0D017}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual C# 2008 Express - Français-->c:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition - FRA\setup.exe
Microsoft Visual C++ 2008 Express - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - FRA\setup.exe
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - fra-->MsiExec.exe /X{484AB636-ADBC-3A85-AB82-41873BDD1083}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Windows Services for UNIX-->MsiExec.exe /I{51065952-A485-4AA5-8884-2E093B3C6206}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Module de routage Presse et Destineo 2008-->MsiExec.exe /I{CBA85D4C-02AF-40C4-B159-B821D116ACCA}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINNT\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NavAutoConfig-->MsiExec.exe /I{CE749334-70D4-4B82-BBBA-4D5C29DCF59F}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NTRU TCG Software Stack-->MsiExec.exe /I{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}
NVIDIA Drivers-->C:\WINNT\system32\nvudisp.exe UninstallGUI
O2Micro USB Smart Card Reader-->MsiExec.exe /I{9556CFD4-3F7E-4D1C-958B-759703E9CC21}
Oracle Client 10g Express Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{82D7F239-40E7-4755-B450-AFFB1175484B} /l1036
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Outils de conception SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /X{A5D20C78-D226-4B41-A553-EEEBEB824853}
OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
OZ776 SCR Driver V1.1.3.9-->C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
Pack de compléments Microsoft Office Live Meeting-->MsiExec.exe /I{E8033C46-957B-4C8C-A323-E502C98B3FD8}
PCTEL 2304WT V.9x MDC Modem Drivers-->ptuninst.exe
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Pitney Bowes ScreenSaver 1.0-->"C:\Program Files\ScreenSaver\Pitney Bowes\unins000.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Radia Client-->MsiExec.exe /X{70AF8EDE-B1C9-4403-82C3-2CD3E2FD90D7}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Secure Update-->C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINNT\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINNT\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINNT\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINNT\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINNT\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINNT\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINNT\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINNT\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINNT\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINNT\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINNT\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINNT\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINNT\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINNT\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINNT\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINNT\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINNT\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Wizards-->C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave 10-->C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\UNWISE.EXE C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\INSTALL.LOG
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
StreamWeaver NT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA9FC588-4BF7-47C1-BA4F-EFAEEE66FE55}\setup.exe" -l0x9 -uninst
StreamWeaver Visual Engineer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{774D71F4-EF01-4E24-ADC8-0AE266DA3668}\setup.exe" -l0x9
SyncToy 2.0 (x86)-->MsiExec.exe /I{AFDFC350-C142-4790-BE12-8357AECD028F}
tsp patch-->MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
UberIcon 1.0.4-->"C:\Program Files\UberIcon\unins000.exe"
Update for Windows XP (KB904942)-->"C:\WINNT\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINNT\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINNT\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINNT\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB925877)-->"C:\WINNT\$NtUninstallKB925877$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINNT\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINNT\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINNT\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINNT\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINNT\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
upekmsi-->MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
VIP 8.8-->"C:\Program Files\InstallShield Installation Information\{01C57278-3738-4767-B0A8-F972F5F51454}\setup.exe" -runfromtemp -l0x0009AnyText -removeonly
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VNC Free Edition 4.1.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
VPNSettings-->MsiExec.exe /I{8E801E0D-3F3D-45E6-B006-8307887147CC}
Wave Infrastructure Installer-->MsiExec.exe /I{D31F958E-7353-4DEB-83E8-35B02F2EE20A}
Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINNT\system32\DRVSTORE\pbadrv_40CD90DE1AD5BDAF5E2676750520DB94FDE3886E\pbadrv.inf
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINNT\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINNT\system32\DRVSTORE\oz776_ECA62BF451D0A6F7B3E38E62F6FA5166CAF54FCE\oz776.inf
Windows Imaging Component-->"C:\WINNT\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINNT\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP SP2 LIP update-->C:\WINNT\$NtUninstallLIPSP2QFE$\spuninst\spuninst.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINNT\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [2009-03-21]
F2 - REG:system.ini: UserInit=userinit.exe [2009-03-22]
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\XEClient\BIN\omtsreco.exe [2009-03-23]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-03-23]
O23 - Service: OracleServiceSMARTDB - Unknown owner - w:\oracle90\bin\ORACLE.EXE (file missing) [2009-03-23]
O23 - Service: DFWorks UDH Web (DFWUDHWeb) - Unknown owner - W:\dfworksweb\install\DFWUDHWeb.exe (file missing) [2009-03-23]
O23 - Service: OracleOraHome90TNSListener - Unknown owner - W:\oracle90\BIN\TNSLSNR.exe (file missing) [2009-03-23]
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe [2009-03-23]
O23 - Service: DFWorks UDH App (DFWUDHApp) - Unknown owner - W:\dfworksapp\install\DFWUDHApp.exe (file missing) [2009-03-23]

======Hosts File======

127.0.0.1 localhost
152.144.242.28 secapweb.fr.pb.com

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise

======System event log======

Computer Name: FRMP13496
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service DFWorks UDH Web.

Record Number: 28699
Source Name: Service Control Manager
Time Written: 20090302180858.000000+060
Event Type: Informations
User: PBI\je017ba

Computer Name: FRMP13496
Event Code: 7036
Message: Le service Apache2 est entré dans l'état : arrêté.

Record Number: 28698
Source Name: Service Control Manager
Time Written: 20090302180858.000000+060
Event Type: Informations
User:

Computer Name: FRMP13496
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service Apache2.

Record Number: 28697
Source Name: Service Control Manager
Time Written: 20090302180856.000000+060
Event Type: Informations
User: PBI\je017ba

Computer Name: FRMP13496
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service Apache Tomcat.

Record Number: 28696
Source Name: Service Control Manager
Time Written: 20090302180855.000000+060
Event Type: Informations
User: PBI\je017ba

Computer Name: FRMP13496
Event Code: 7036
Message: Le service Apache Tomcat est entré dans l'état : arrêté.

Record Number: 28695
Source Name: Service Control Manager
Time Written: 20090302180855.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: FRMP13496
Event Code: 257
Message: Bloqué par une règle de protection de l'accès. L'accès à l'objet \REGISTRY\USER\S-1-5-21-590445608-1855731889-617630493-162823\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr a été bloqué par la règle Protection standard antivirus:Empêcher la désactivation de l'éditeur de registre et du gestionnaire des tâches.

Record Number: 15461
Source Name: McLogEvent
Time Written: 20090302105922.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: FRMP13496
Event Code: 302
Message: MsnMsgr (4148) \\.\C:\Documents and Settings\je017ba\Local Settings\Application Data\Microsoft\Messenger\jejemorg@tele2.fr\SharingMetadata\Working\database_8C48_8BC9_488B_B08E\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

Record Number: 15460
Source Name: ESENT
Time Written: 20090302105427.000000+060
Event Type: Informations
User:

Computer Name: FRMP13496
Event Code: 301
Message: MsnMsgr (4148) \\.\C:\Documents and Settings\je017ba\Local Settings\Application Data\Microsoft\Messenger\jejemorg@tele2.fr\SharingMetadata\Working\database_8C48_8BC9_488B_B08E\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\je017ba\Local Settings\Application Data\Microsoft\Messenger\jejemorg@tele2.fr\SharingMetadata\Working\database_8C48_8BC9_488B_B08E\fsr.log.

Record Number: 15459
Source Name: ESENT
Time Written: 20090302105427.000000+060
Event Type: Informations
User:

Computer Name: FRMP13496
Event Code: 301
Message: MsnMsgr (4148) \\.\C:\Documents and Settings\je017ba\Local Settings\Application Data\Microsoft\Messenger\jejemorg@tele2.fr\SharingMetadata\Working\database_8C48_8BC9_488B_B08E\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\je017ba\Local Settings\Application Data\Microsoft\Messenger\jejemorg@tele2.fr\SharingMetadata\Working\database_8C48_8BC9_488B_B08E\fsr0038A.log.

Record Number: 15458
Source Name: ESENT
Time Written: 20090302105426.000000+060
Event Type: Informations
User:

Computer Name: FRMP13496
Event Code: 301
Message: MsnMsgr (4148) \\.\C:\Documents and Settings\je017ba\Local Settings\Application Data\Microsoft\Messenger\jejemorg@tele2.fr\SharingMetadata\Working\database_8C48_8BC9_488B_B08E\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\je017ba\Local Settings\Application Data\Microsoft\Messenger\jejemorg@tele2.fr\SharingMetadata\Working\database_8C48_8BC9_488B_B08E\fsr00389.log.

Record Number: 15457
Source Name: ESENT
Time Written: 20090302105426.000000+060
Event Type: Informations
User:

======Environment variables======

"ANT_HOME"=D:\apache-ant-1.7.1
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DISPLAY"=localhost:0.0
"EDITOR"=vi
"FP_NO_HOST_CHECK"=NO
"INTERIX_ROOT"=/dev/fs/C/SFU/
"INTERIX_ROOT_WIN"=C:\SFU\
"JAVA_HOME"=C:\Program Files\Java\jdk1.5.0_14
"LD_LIBRARY_PATH"=/usr/lib:/usr/X11R6/lib
"NUMBER_OF_PROCESSORS"=2
"OPENNT_ROOT"=/dev/fs/C/SFU/
"OS"=Windows_NT
"Path"=C:\XEClient\bin;D:\Perl\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;%SystemRoot%\PBUtility;%SystemRoot%\PBUtility\RegistryClean;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;%ANT_HOME%\bin;C:\SFU\common\;W:\oracle90\bin;W:\powersoft\shared\;W:\AFPPLGIN;W:\AFPPLGIN\font;W:\AFPPLGIN\font\maps;W:\MPDFGenerator;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PBSSTTY"=TI65PGSPWRZ3ZX2TCZASMC2R7TE58A
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"SFUDIR"=C:\SFU\
"SFUDIR_INTERIX"=/dev/fs/C/SFU/
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"windir"=%SystemRoot%
"XAPPLRESDIR"=/usr/X11R6/lib/X11/app-defaults
"XCMSDB"=/usr/X11R6/lib/X11/Xcms.txt
"XKEYSYMDB"=/usr/X11R6/lib/X11/XKeysymDB
"XNLSPATH"=/usr/X11R6/lib/X11/locale
"SQLPATH"=C:\XEClient\sqlplus

-----------------EOF-----------------

Réponse 3 / 6

Utilisateur anonyme

Salut connais-tu ceci ? = Tomcat5

ensuite :

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
:files
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceStartMenuLogOff"=0
"DisallowCpl"=0
"DisallowRun"=0
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76796fa2-ca86-11dd-9deb-005056c00008}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76796fa3-ca86-11dd-9deb-005056c00008}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :

Télécharge SDFix sur ton bureau :
ici :SDFix
ou ici SDFix
ou ici SDFix

--> Double-clique sur SDFix.exe et choisis "Install" .

Tuto

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normal ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter

* Copie/colle ceci :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* Clique sur ok, et valide.

* Redémarre et essaye de nouveau de lancer SDfix.

ensuite :

relances rsit stp

jejemorg

Oui je connais Tomcat5, c'est un serveur d'application que j'utilise.
Je vais tester ce que tu me dis.
Merci.

Réponse 4 / 6

jejemorg

Voila la log pour OTmoveIt:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"ForceStartMenuLogOff"|0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"DisallowCpl"|0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"DisallowRun"|0 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76796fa2-ca86-11dd-9deb-005056c00008}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76796fa3-ca86-11dd-9deb-005056c00008}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\je017ba\LOCALS~1\Temp\etilqs_kK4NeGwXtYHnIFKOFpta scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\je017ba\LOCALS~1\Temp\etilqs_uGrxYObCKwbre9YqT06f scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\je017ba\LOCALS~1\Temp\etilqs_uGrxYObCKwbre9YqT06f-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\je017ba\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03232009_210624

Files moved on Reboot...
File C:\DOCUME~1\je017ba\LOCALS~1\Temp\etilqs_kK4NeGwXtYHnIFKOFpta not found!
File C:\DOCUME~1\je017ba\LOCALS~1\Temp\etilqs_uGrxYObCKwbre9YqT06f not found!
File C:\DOCUME~1\je017ba\LOCALS~1\Temp\etilqs_uGrxYObCKwbre9YqT06f-journal not found!
C:\DOCUME~1\je017ba\LOCALS~1\Temp\WCESLog.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\je017ba\Local Settings\Application Data\Mozilla\Firefox\Profiles\kp1a7b6h.default\XUL.mfl moved successfully.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 6

Utilisateur anonyme

ok pour ca ,....:)

jejemorg

Et la log SDFix:

[b]SDFix: Version 1.240 [/b]
Run by admlocal on 23/03/2009 at 22:00

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\SFU\var\adm\.security - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 22:34:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016419ca76f]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016419fca76]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016419ca76f]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016419fca76]

scanning hidden registry entries ...

scanning hidden files ...

C:\WINNT\Temp\SCP26.tmp 982 bytes
C:\WINNT\Temp\WFV1.tmp

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"="C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\SCREENS\\AMGUI\\AMUK.EXE"="C:\\SCREENS\\AMGUI\\AMUK.EXE:*:Enabled:AMUK"
"C:\\SCREENS\\AMGUI\\AMAUT.EXE"="C:\\SCREENS\\AMGUI\\AMAUT.EXE:*:Enabled:AMAUT.EXE"
"C:\\SCREENS\\AMGUI\\AMCHE.EXE"="C:\\SCREENS\\AMGUI\\AMCHE.EXE:*:Enabled:AMCHE.EXE"
"C:\\SCREENS\\AMGUI\\AMDEU.EXE"="C:\\SCREENS\\AMGUI\\AMDEU.EXE:*:Enabled:AMDEU.EXE"
"C:\\SCREENS\\AMGUI\\AMESP.EXE"="C:\\SCREENS\\AMGUI\\AMESP.EXE:*:Enabled:AMESP.EXE"
"C:\\SCREENS\\AMGUI\\AMFRA.EXE"="C:\\SCREENS\\AMGUI\\AMFRA.EXE:*:Enabled:AMFRA.EXE"
"C:\\SCREENS\\AMGUI\\AMIRE.EXE"="C:\\SCREENS\\AMGUI\\AMIRE.EXE:*:Enabled:AMIRE.EXE"
"C:\\SCREENS\\AMGUI\\AMITA.EXE"="C:\\SCREENS\\AMGUI\\AMITA.EXE:*:Enabled:AMITA.EXE"
"C:\\SCREENS\\AMGUI\\AMMAIN.EXE"="C:\\SCREENS\\AMGUI\\AMMAIN.EXE:*:Enabled:AMMAIN.EXE"
"C:\\SCREENS\\AMGUI\\amnld.EXE"="C:\\SCREENS\\AMGUI\\amnld.EXE:*:Enabled:amnld.EXE"
"C:\\SCREENS\\AMGUI\\AMNOR.EXE"="C:\\SCREENS\\AMGUI\\AMNOR.EXE:*:Enabled:AMNOR.EXE"
"C:\\SCREENS\\AMGUI\\AMSVE.EXE"="C:\\SCREENS\\AMGUI\\AMSVE.EXE:*:Enabled:AMSVE.EXE"
"C:\\SCREENS\\AMGUI\\AMTSO.EXE"="C:\\SCREENS\\AMGUI\\AMTSO.EXE:*:Enabled:AMTSO.EXE"
"C:\\SCREENS\\AMGUI\\AMUAS.EXE"="C:\\SCREENS\\AMGUI\\AMUAS.EXE:*:Enabled:AMUAS.EXE"
"C:\\SCREENS\\AMGUI\\AMY2K.EXE"="C:\\SCREENS\\AMGUI\\AMY2K.EXE:*:Enabled:AMY2K.EXE"
"C:\\SCREENS\\AMGUI\\NFPRINTX.EXE"="C:\\SCREENS\\AMGUI\\NFPRINTX.EXE:*:Enabled:NFPRINTX.EXE"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Documents and Settings\\je017ba\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"="C:\\Documents and Settings\\je017ba\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe:*:Enabled:GoogleUpdate.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"W:\\Insite\\insite.exe"="W:\\Insite\\insite.exe:*:Enabled:insite"
"W:\\DC\\dcrun32.exe"="W:\\DC\\dcrun32.exe:*:Enabled:dcrun32"
"W:\\Java\\jdk1.5.0_06\\jre\\bin\\java.exe"="W:\\Java\\jdk1.5.0_06\\jre\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"W:\\Dfworksapp\\apps\\funds\\FM_C++\\DFWorksFM.exe"="W:\\Dfworksapp\\apps\\funds\\FM_C++\\DFWorksFM.exe:*:Enabled:DFWorksFM"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\WINNT\\system32\\java.exe"="C:\\WINNT\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"="C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 11 May 1998 93,880 A.SH. --- "C:\COMMAND.COM"
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 27 Nov 2008 80 ..SHR --- "C:\WINNT\system32\681F611A51.dll"
Thu 8 Jan 2009 8 ..SHR --- "C:\WINNT\system32\6AC5835DA1.dll"
Tue 23 May 2006 260 ...H. --- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.reg"
Wed 1 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 1 Mar 2009 0 A..H. --- "C:\WINNT\SoftwareDistribution\Download\676c806c6ca4616ab1e3fde1a4804a24\BIT17.tmp"
Mon 2 Mar 2009 165,232 A..H. --- "C:\Documents and Settings\je017ba\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\je017ba\Application Data\U3\temp\Launchpad Removal.exe"
Tue 17 Oct 2006 1,294,848 A..H. --- "C:\Documents and Settings\je017ba\My Documents\Mes documents\URSSAF\~WRL0004.tmp"
Sun 1 Mar 2009 0 A..H. --- "C:\WINNT\SoftwareDistribution\Download\dc6733dab87a46fa9320681df7d8d3c5\download\BIT16.tmp"

[b]Finished![/b]

Mais mon problme ne semble pas résolu, au reboot je peux surfer pendant 2 minutes puis plus rien.
Je peux pinger une url mais plus de port 80 ??

Réponse 6 / 6

Utilisateur anonyme

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharges :
Malwarebytes ou :
Malwarebytes

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

* Potasses le Tuto pour te familiariser avec le prg :

( cela dis, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Discussions similaires

Infection par 007guard

Discussions similaires

Newsletters