Programme igfpers

yvan3131 Messages postés 54 Statut Membre -  
yvan3131 Messages postés 54 Statut Membre -
Bonjour à toutes et à tous,

Au démarrage de mon pc celui ci m'affiche un message d'erreur à signaler à Microsoft :
pesistance module doit fermer (envoyer le rapport d'erreur).

1 Dois-je m'inquiéter de ce message ?
2 Comment supprimer le pb (s'il y en a un)

Merci
Yvan

29 réponses

  • 1
  • 2
Réponse 1 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
Bonjour, cela pourrait être un malware
Tu peux m'envoyer un rapport hijack this stp ?
0
Réponse 2 / 29
yvan3131 Messages postés 54 Statut Membre
 
Salut,

voici le résultat :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:19, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\SMSC\Seticon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dwwin.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\HiJackThis\tuecettemerde.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 3 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
Hum, nous allons avoir du boulot.. Il s'agit belle et bien de Malwares !

télécharges et installe toi un vrai pare-feu 'celui de windows laisse tout passer'
Choisis Zone alarm.. La configuration est simple, il est en français.. Tu auras des alarmes de Zone alarm te demandant si tel ou tel programme peut accéder aux web..
Si tu rencontres ce messages pour braviax.exe = Tu réfuses surtout !

Ok tu vas relancer hijack this scan only

Coches ces lignes dans les cases vides :

O4 - HKLM\..\Run: [braviax] braviax.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)

Clic sur fix checked !


Tu vas ensuite télécharger Deckard's System Scanner (DSS)
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Lance le et laisse le faire son boulot (nb pas de connexion web, pas d'autre activité surtout !)

Tu colleras le rapport ici...

Je t'informe, selon ton infection que c'est une première pour moi...
0
Réponse 4 / 29
yvan3131 Messages postés 54 Statut Membre
 
Ok Espion,
J'ai bien noté que cela pourrait être ta première.

Je télécharge les 40 Mo de zonealarm et je reviens.

Pour l'installation de zonealarm il redémarre le pc.
Est-ce que je lance la connexion internet ou pas ? J'ai un autre pc pour la communication avec toi.

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
yvan3131 Messages postés 54 Statut Membre
 
Re,
Voilà la suite.

J'ai 2 rapports différents :
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1014.07 MiB / 569.91 MiB
Pagefile Memory (total/avail): 2441.14 MiB / 2057.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.5 MiB

C: is Fixed (NTFS) - 74.44 GiB total, 38.39 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 465.65 GiB total, 361.23 GiB free.
F: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75LSA0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Système de fichiers installable - 74.44 GiB - C:

\\.\PHYSICALDRIVE2 - Samsung YP-U1 USB Device - 486.34 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 493.97 MiB - F:

\\.\PHYSICALDRIVE1 - WD 5000AAKS Externa USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

FW: ZoneAlarm Firewall v7.0.362.000 (Check Point, LTD.)
AV: Avira AntiVir PersonalEdition v 7.0.3.5
(Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Christine & Patrice\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=PMPCMP
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Christine & Patrice
LOGONSERVER=\\PMPCMP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft Office\OFFICE11\Gestionnaire de contacts professionnels\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft Office\OFFICE11\Gestionnaire de contacts professionnels;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Fichiers communs\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=PMPCMP
USERNAME=Christine & Patrice
USERPROFILE=C:\Documents and Settings\Christine & Patrice
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

Christine & Patrice [I](admin)/I
Administrateur [I](admin)/I


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 6.0 Standard --> MsiExec.exe /I{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Photoshop Lightroom --> MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A}
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Ant Renamer --> "C:\LOGICIELS AJOUTES\Ant Renamer\unins000.exe"
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
AquaSoft DiaShow XP --> MsiExec.exe /I{FA4324A3-287B-4F77-8641-C1985758A15B}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Audacity 1.2.4 --> "C:\LOGICIELS AJOUTES\Audacity\unins000.exe"
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Canon Digital Camera USB WIA Driver --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
CANON iMAGE GATEWAY Drag And Drop Upload Plugin --> "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\DDUP\Uninst.ini"
Canon PhotoRecord --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities Digital Photo Professional 3.1 --> "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities RAW Image Converter --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities ZoomBrowser EX --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
Card Reader Software --> MsiExec.exe /I{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CompuApps SwissKnife V3 --> C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 -->
Correctif Windows XP - KB885250 -->
Correctif Windows XP - KB885835 -->
Correctif Windows XP - KB887472 -->
Correctif Windows XP - KB888113 -->
Correctif Windows XP - KB888310 -->
Correctif Windows XP - KB890175 -->
Correctif Windows XP - KB891781 -->
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x40c /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative Zen Micro --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x40c /remove
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Documents To Go --> MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
FileZilla Client 3.0.7.1 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x40c
FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x40c
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Gestionnaire de contacts professionnels pour Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Gestionnaire Internet --> C:\PROGRA~1\Wanadoo\uninstall.exe
HijackThis 2.0.2 --> "C:\HiJackThis\HijackThis.exe" /uninstall
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x40c UNINSTALL
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x40c
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Logiciel d'imagerie photo HP --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c -l040c UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x40c mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall
Macromedia HomeSite+ --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}\Setup.exe"
Messager Wanadoo --> C:\PROGRA~1\MESSAG~1\UNWISE.EXE C:\PROGRA~1\MESSAG~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Windows XP (KB883939) -->
Mise à jour de sécurité pour Windows XP (KB896422) -->
Mise à jour de sécurité pour Windows XP (KB901214) -->
Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
OLYMPUS Master --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
Palm --> MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PDF Manual NW-S200 Series --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B694704-8D6C-4833-99E1-311A9788F61F}\setup.exe" -l0x40c UNINSTALL -removeonly
Photomatix Pro version 2.5.1 --> "C:\Program Files\Photomatix\unins000.exe"
Photomatix Tone Mapping Plug-In version 1.0 --> "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Photomatix\unins000.exe"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x40c
Recovery for Outlook --> C:\Program Files\Recovery for Outlook\GLF133.exe /handle:olr
Samsung Media Studio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DAB6BE8-4B4F-4C08-AC96-4008057E3424}\Setup.exe" -l0x40c
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
TopStyle Lite (Version 3.0) --> C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
Winamp (remove only) --> "C:\LOGICIELS AJOUTES\winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7761 / Error
Event Submitted/Written: 03/09/2008 10:48:30 AM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante igfxpers.exe, version 3.0.0.4299, module défaillant igfxpers.exe, version 3.0.0.4299, adresse de défaillance 0x00011fe1.
Traitement de l'événement propre au support pour [igfxpers.exe!ws!]

Event Record #/Type7760 / Warning
Event Submitted/Written: 03/09/2008 10:48:15 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
Code de pays/région : '*'
Indicatif régional : '*'

Event Record #/Type7759 / Warning
Event Submitted/Written: 03/09/2008 10:48:15 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

Event Record #/Type7757 / Warning
Event Submitted/Written: 03/09/2008 10:48:15 AM
Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type7756 / Warning
Event Submitted/Written: 03/09/2008 10:48:14 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
Le paramètre TraceLevel ne se trouve pas dans le Registre.
La niveau de suivi utilisé par défaut est 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23226 / Error
Event Submitted/Written: 03/09/2008 10:48:15 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
%%2

Event Record #/Type23196 / Error
Event Submitted/Written: 03/09/2008 09:46:52 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
%%2

Event Record #/Type23167 / Error
Event Submitted/Written: 03/08/2008 10:58:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
%%2

Event Record #/Type23123 / Error
Event Submitted/Written: 03/08/2008 10:41:03 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
%%2

Event Record #/Type23082 / Error
Event Submitted/Written: 03/08/2008 08:23:23 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
%%2



-- End of Deckard's System Scanner: finished at 2008-03-09 10:57:54 ------------



RAPPORT 2
Deckard's System Scanner v20071014.68
Run by Christine & Patrice on 2008-03-09 10:56:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-03-09 09:56:19 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-03-08 21:54:56 UTC - RP7 - Software Distribution Service 2.0
6: 2008-03-08 21:54:13 UTC - RP6 - Windows Internet Explorer 7 installé.
5: 2008-03-08 21:53:03 UTC - RP5 - Installed Windows IDNMitigationAPIs.
4: 2008-03-08 21:52:33 UTC - RP4 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2008-03-08 21:41:58 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Christine & Patrice.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:04, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Christine & Patrice\Bureau\dss.exe
C:\HIJACK~1\Christine & Patrice.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 6 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt espion3004,

pour que tu poursuive coorectement:

http://www.commentcamarche.net/forum/affich 5368833 tr crypt xpack gen#dernier
0
Réponse 7 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
ok, merci pour l'info jlpjlp, ;)

Ok, tu as un dossier que tu dois supprimer physiquement =>C:\Documents and Settings\Christine & Patrice\ie_updater.exe
Pour cela diriges toi dans C: document and settings et supprimes le et vide ta corbeille.

Ensuite tu vas télécharger ces logiciels d'appoint de sécurité pour ton pc (que tu ne devras jamais t'en séparer !)

A- squared free => Avec son tuto

AVG anti-spyware (bouclier gratuit pendant 30 jours, ensuite le programme est toujours opérationnel pour les scans de ta machine) => Idem le tuto est dispo ici
Spybot search and destroy => Attention à ne pas cocher l'option TEaTimer de spybot lors de son instalation =>Tuto de MAlekal ici aussi

Spyware Blaster =>Clic ici merci
Ccleaner => installation + tuto


Ok tous ces logiciels sont gratuits et en français.
Tu devras faire les mises à jours de tous ces logiciels ! Merci d'être vigilent sur ce coup là...


Ok, ensuite tu vas télécharger Sdfix :

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum..

===============

Ok, y'a du boulot, comme je te le disais au début de ton post, Car depuis le début, nous utilisons des logiciels dit de force brute ! Car en fait c'est de Trojan que tu es infecté...

Ok, en mode sans échec tu n'auras pas accés au web, donc copie ce texte dans un format .txt ou word que tu colleras sur ton bureau...(de même pour les tutos si tu as un problème pour les faire fonctionner)

Donc résumons ton plan d'action :

1 Télécharges tous les logiciels proposés !
2 Fais les mises à jours des logiciels + paramétrages pour certains d'entre eux selon les tutos !
3 Démarrer en mode sans échec
4 LAncer SDfix en premier + faire copie du rapport
5 LEs autres softs 1 à un (sois très patient surtout ;)
6 Faire les copies des rapports de AVG anti-spy + A-squared free + sdfix
7 REtour en mode ,normal, fais un hijack tout neuf
8 reconnecte toi sur ccm... Nous attendons les rapports demandés..
Bon courage.
0
yvan3131 Messages postés 54 Statut Membre
 
Avant de me lancer dans les installations, dois-je désinstaller antivir et zonealarm ou pas.
Parce que les artilleries lourdes dont tu parlessont compatibles entre elles ?
J'attends ta réponse avant d'installer
0
Réponse 8 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
ok
Je te l'aurai signaler yvan3131 ;)
Pour SDFis tu auras une alarm de antivir, tu ignores voila tout...
Tous les autres programmes sont ok
Et ne jamais, jamais désinstaller un pare-feu ou un antivirus (uniquement pour certains scan en ligne anti-virus pour antivir) Sinon toujours garder ces protections...

Ok Au boulot maintenant...
0
yvan3131 Messages postés 54 Statut Membre
 
Pour des raisons de clarté je vais poster les comptes rendus un par un.

Le premier

Version - a-squared Anti-Malware 3.1
Dernière mise à jour: 09/03/2008 14:17:38

Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 09/03/2008 16:27:14

c:\windows\system32\ifhelper.dll Détecter: Trace.File.SearchCentrix
Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\kazaa Détecter: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b Détecter: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time Détecter: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo Détecter: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet Détecter: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent Détecter: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir Détecter: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir Détecter: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa Détecter: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport Détecter: Trace.Registry.KaZaA
Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\realvnc\vncviewer4 Détecter: Trace.Registry.VNCViewer
C:\Documents and Settings\Christine & Patrice\Cookies\christine & patrice@statse.webtrendslive[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Christine & Patrice\Cookies\christine_&_patrice@weborama[2].txt Détecter: Trace.TrackingCookie
C:\WINDOWS\system32\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20

Scanné

Fichiers: 77694
Traces: 381502
Cookies: 28
Processus: 58

Trouver

Fichiers: 1
Traces: 12
Cookies: 2
Processus: 0
Clés de Registre: 0

Fin du Scan: 09/03/2008 17:04:40
Temps du Scan: 0:37:26

C:\WINDOWS\system32\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Christine & Patrice\Cookies\christine & patrice@statse.webtrendslive[2].txt Quarantaine Trace.TrackingCookie
C:\Documents and Settings\Christine & Patrice\Cookies\christine_&_patrice@weborama[2].txt Quarantaine Trace.TrackingCookie
Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\realvnc\vncviewer4 Quarantaine Trace.Registry.VNCViewer
Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\kazaa Quarantaine Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b Quarantaine Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time Quarantaine Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo Quarantaine Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet Quarantaine Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent Quarantaine Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir Quarantaine Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir Quarantaine Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa Quarantaine Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport Quarantaine Trace.Registry.KaZaA
c:\windows\system32\ifhelper.dll Quarantaine Trace.File.SearchCentrix

Quarantaine

Fichiers: 1
Traces: 12
Cookies: 2
0
Réponse 9 / 29
yvan3131 Messages postés 54 Statut Membre
 
Le deuxième


[b]SDFix: Version 1.154 [/b]

Run by Christine

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\Wanadoo\GestMaj.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\Shell.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\Wanadoo\GestMaj.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\Shell.exe


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 16:18:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 5 Aug 2004 94,864 ..SH. --- "C:\WINDOWS\twain.dll"
Thu 5 Aug 2004 50,688 ..SH. --- "C:\WINDOWS\twain_32.dll"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 5 Aug 2004 54,784 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
Thu 5 Aug 2004 553,472 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Thu 5 Aug 2004 12,288 A.SH. --- "C:\WINDOWS\system32\regsvr32.exe"
Sun 1 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

[b]Finished![/b]
0
Réponse 10 / 29
yvan3131 Messages postés 54 Statut Membre
 
Le 3ème



--- Search result list ---
Vcodec.eMedia: [SBI $9E29C52C] Réglages (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\zcodec.exe

Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Réglages (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

Microsoft.Windows.AppFirewallBypass: [SBI $2AF14C29] Réglages (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

Fraud.ProtectionBar: [SBI $1B126286] Barre d'outils IE (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}

Win32.Murlo.ff.rtk: [SBI $67E0FCFD] Réglages (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UID


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-03-09 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-03-05 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-03-05 Includes\DialerC.sbi (*)
2008-03-05 Includes\HeavyDuty.sbi (*)
2008-03-05 Includes\Hijackers.sbi (*)
2008-03-05 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-03-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-02-27 Includes\Malware.sbi (*)
2008-03-05 Includes\MalwareC.sbi (*)
2008-02-20 Includes\PUPS.sbi (*)
2008-03-05 Includes\PUPSC.sbi (*)
2008-03-05 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-03-05 Includes\SecurityC.sbi (*)
2008-02-20 Includes\Spybots.sbi (*)
2008-03-05 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-02-27 Includes\Trojans.sbi (*)
2008-03-05 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Correctif Windows XP - KB873339
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB883939)
/ Windows XP / SP3: Correctif Windows XP - KB885250
/ Windows XP / SP3: Correctif Windows XP - KB885835
/ Windows XP / SP3: Correctif Windows XP - KB887472
/ Windows XP / SP3: Correctif Windows XP - KB888113
/ Windows XP / SP3: Correctif Windows XP - KB888310
/ Windows XP / SP3: Correctif Windows XP - KB890175
/ Windows XP / SP3: Correctif Windows XP - KB891781
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB904942)
/ Windows XP / SP3: Correctif pour Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
size: 61440
MD5: E0FC25157263DD6177AF313AE35DBFE8

Located: HK_LM:Run, a-squared
command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 1816208
MD5: 7474F276650CBA9DF7C63E39E67FCACA

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938

Located: HK_LM:Run, Demon
command: C:\PROGRA~1\MESSAG~1\Demon.exe
file: C:\PROGRA~1\MESSAG~1\Demon.exe
size: 40960
MD5: 18AF530E9C050ABFD20827C07D24032C

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: BDE85DCF1F1E5D10FE3166936AA01EEF

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: B6500BB000FDE8AADD9F0C814759530E

Located: HK_LM:Run, IndexSearch
command: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
file: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
size: 40960
MD5: B2F6304DA237876E9D2FA29ACBD21D26

Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7A11AF03157BBEF393E250DD6F22F854

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 94208
MD5: CACD213E5A959FDF4F8232A6B34FAD43

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
file: C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
size: 94208
MD5: 324A70B69ECE66E9A3572D00A7FCF558

Located: HK_LM:Run, Logitech Utility
command: LOGI_MWX.EXE
file: C:\WINDOWS\LOGI_MWX.EXE
size: 19968
MD5: 34A14CD6B6E9C8BFBABEAF6EED5149BB

Located: HK_LM:Run, PaperPort PTD
command: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
file: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
size: 57393
MD5: 0293AE6E17645359D6150BB78B1C82AC

Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 0483C5E90A376E64A8D81A0C044F2ECE

Located: HK_LM:Run, REGSHAVE
command: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, SetIcon
command: \Program Files\SMSC\Seticon.exe
file: \Program Files\SMSC\Seticon.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Sony Ericsson PC Suite
command: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
file: C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
size: 487424
MD5: B2ACE02D71371139E25B153D694E5D78

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\Core\smax4pnp.exe
file: C:\Program Files\Analog Devices\Core\smax4pnp.exe
size: 1404928
MD5: F2A79CC176064BBAD122458C0D95F0BE

Located: HK_LM:Run, SSBkgdUpdate
command: "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
file: C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
size: 155648
MD5: 1C3CA3E7807F915933BB4E08E599DDAB

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 0A16782827E45960D85C2CC1FF6C0819

Located: HK_LM:Run, WOOTASKBARICON
command: C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
file: C:\PROGRA~1\Wanadoo\GestMaj.exe
size: 32768
MD5: AF6E38D6572797AFC7E7C19772CC5A03

Located: HK_LM:Run, WOOWATCH
command: C:\PROGRA~1\Wanadoo\Watch.exe
file: C:\PROGRA~1\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A

Located: HK_LM:Run, YeppStudioAgent
command: C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
file: C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
size: 40960
MD5: A4FB6EF3614584FF4186A02253ACAD41

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 7462B3864DA32E6B3D1EF0524E663A23

Located: HK_LM:RunOnceEx, Register Homesite+.exe
command: "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER
file: C:\Program Files\Macromedia\HomeSite+\Homesite+.exe
size: 2254848
MD5: 140E5C68A673EE5A09FDEFB6A914D05B

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, CTFMON.EXE
where: PE_C_ADMINISTRATEUR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, Creative Detector
where: S-1-5-21-837731939-1463466863-719893837-1006...
command: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
file: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 98304
MD5: B0174965BD8ECB79798E45C488343917

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-837731939-1463466863-719893837-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, SsAAD.exe
where: S-1-5-21-837731939-1463466863-719893837-1006...
command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: 2BAB8B0D01916094FBE32E1C2E24FE33

Located: HK_CU:Run, WOOKIT
where: S-1-5-21-837731939-1463466863-719893837-1006...
command: C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
file: C:\PROGRA~1\Wanadoo\Shell.exe
size: 122880
MD5: 8435E09AB474EFEA822E25AFE15D4962

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: Démarrage (tous utilisateurs), Acrobat Assistant.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
file: C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55

Located: Démarrage (tous utilisateurs), DataViz Inc Messenger.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
file: C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
size: 28672
MD5: D0DFDEC5BE5B261575CF6A40CEB27B39

Located: Démarrage (tous utilisateurs), HotSync Manager.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Palm\Hotsync.exe
file: C:\Program Files\Palm\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54

Located: Démarrage (tous utilisateurs), Logitech SetPoint.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 671744
MD5: 4301B51CAA535510F4B45A276DC306A1

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Démarrage (utilisateur), Palm Registration.lnk
where: C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Palm\register.exe
file: C:\Program Files\Palm\register.exe
size: 2494464
MD5: 533773CC598066297984DCAE9788639A

Located: Démarrage (désactivé), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Démarrage (désactivé), DataViz Inc Messenger (DISABLED)
command: C:\PROGRA~1\FICHIE~1\DataViz\DVZINC~1.EXE
file: C:\PROGRA~1\FICHIE~1\DataViz\DVZINC~1.EXE
size: 28672
MD5: D0DFDEC5BE5B261575CF6A40CEB27B39

Located: Démarrage (désactivé), Exif Launcher (DISABLED)
command: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
file: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
size: 282624
MD5: 8558AED89FD5004F517184F354FAF6AF

Located: Démarrage (désactivé), Adobe Gamma (DISABLED)
command: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Démarrage (désactivé), Palm Registration (DISABLED)
command: C:\PROGRA~1\Palm\register.exe /remind /language=FR /INTL="true" /PRNM="Palm"
file: C:\PROGRA~1\Palm\register.exe
size: 2494464
MD5: 533773CC598066297984DCAE9788639A

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---


--- ActiveX list ---
{41564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmvadvd.inf
Codebase: http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22/02/2008 02:33:32
Date (last access): 09/03/2008 16:52:50
Date (last write): 22/02/2008 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: https://www.oracle.com/java/technologies/
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 19/11/2003 17:48:18
Date (last access): 09/03/2008 16:43:40
Date (last write): 19/11/2003 17:48:12
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 23:31:44
Date (last access): 09/03/2008 16:47:08
Date (last write): 25/09/2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22/02/2008 02:33:32
Date (last access): 09/03/2008 16:52:50
Date (last write): 22/02/2008 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22/02/2008 02:33:32
Date (last access): 09/03/2008 16:52:50
Date (last write): 22/02/2008 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 09/11/2006 23:46:26
Date (last access): 09/03/2008 16:36:22
Date (last write): 09/11/2006 23:46:26
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 640 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 688 ( 640) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 712 ( 640) \??\C:\WINDOWS\system32\winlogon.exe
size: 506368
PID: 756 ( 712) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 768 ( 712) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 924 ( 756) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1036 ( 756) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1132 ( 756) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1276 ( 756) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1464 ( 756) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1480 ( 756) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75304
MD5: 7DE2CBEAD1E815C689441E572529160D
PID: 1496 (1448) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
PID: 1916 ( 756) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: B4EF928E4FAD79364A80ACBA6D999934
PID: 1992 ( 756) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
size: 214056
MD5: F640EA98231D7B1DB730385813BFCE79
PID: 732 ( 756) C:\Program Files\a-squared Anti-Malware\a2service.exe
size: 366712
MD5: D8ADF0518C336ABC6FA49412DC9DE141
PID: 948 ( 756) C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
size: 102400
MD5: 177FF6608B48638D4066726F3A3F8444
PID: 1092 ( 756) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
size: 63016
MD5: A6FA9C14E649B2F3DE15390A1840774D
PID: 1156 ( 756) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 812 ( 756) C:\WINDOWS\system32\CTsvcCDA.EXE
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1340 ( 756) C:\WINDOWS\System32\FTRTSVC.exe
size: 40960
MD5: D1261099E03EEE90976EA19002995B89
PID: 1376 ( 756) C:\WINDOWS\system32\inetsrv\inetinfo.exe
size: 15872
MD5: 13F79611400A265D9F6931A42C9A3978
PID: 1440 ( 756) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1612 ( 756) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
size: 7544916
MD5: E7EEA341883CB643623D7CD988756040
PID: 2184 ( 756) C:\WINDOWS\System32\snmp.exe
size: 32768
MD5: ED2059604FA0C73636A8C55084883EC4
PID: 2304 ( 756) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 3228 ( 756) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 3340 (1132) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 54CDDAD404557ED98433D6ECBFC92691
PID: 3592 (1496) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: BDE85DCF1F1E5D10FE3166936AA01EEF
PID: 3808 (1496) C:\Program Files\Analog Devices\Core\smax4pnp.exe
size: 1404928
MD5: F2A79CC176064BBAD122458C0D95F0BE
PID: 3828 (1496) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 0A16782827E45960D85C2CC1FF6C0819
PID: 3872 (1496) C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7A11AF03157BBEF393E250DD6F22F854
PID: 3880 (1496) C:\Program Files\Messager Wanadoo\demon.exe
size: 40960
MD5: 18AF530E9C050ABFD20827C07D24032C
PID: 3932 (1496) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
size: 57393
MD5: 0293AE6E17645359D6150BB78B1C82AC
PID: 3976 (1496) C:\WINDOWS\LOGI_MWX.EXE
size: 19968
MD5: 34A14CD6B6E9C8BFBABEAF6EED5149BB
PID: 1404 (1496) C:\Program Files\SMSC\Seticon.exe
size: 46080
MD5: 8EEA968B1CA1B902FE2AA86D157ED5EB
PID: 1952 (1496) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
PID: 1960 (1496) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 7462B3864DA32E6B3D1EF0524E663A23
PID: 2136 (2772) C:\Program Files\Wanadoo\TaskBarIcon.exe
size: 61440
MD5: F9710A77123CC3FD09D062F2AF33E473
PID: 2596 (1496) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE
PID: 2840 (1496) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
PID: 2912 (1496) C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 98304
MD5: B0174965BD8ECB79798E45C488343917
PID: 3516 (1496) C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
PID: 2948 (1496) C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
size: 28672
MD5: D0DFDEC5BE5B261575CF6A40CEB27B39
PID: 2896 (1496) C:\Program Files\Palm\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
PID: 3664 (1496) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 671744
MD5: 4301B51CAA535510F4B45A276DC306A1
PID: 3692 (3676) C:\Program Files\Wanadoo\GestionnaireInternet.exe
size: 819200
MD5: 5D17C66B5620142A06B7391BE20C0476
PID: 3072 (3664) C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
size: 94208
MD5: 324A70B69ECE66E9A3572D00A7FCF558
PID: 3244 (3692) C:\Program Files\Wanadoo\ComComp.exe
size: 249856
MD5: 5D589D0436C4C2D285B3418E79E78A21
PID: 3500 (3692) C:\PROGRA~1\Wanadoo\Toaster.exe
size: 69632
MD5: C2D1BD2B433571ECEC29924ACE5D7C62
PID: 3388 (3692) C:\PROGRA~1\Wanadoo\Inactivity.exe
size: 32768
MD5: 5F6DBF75D05462EED92B42376E89D9FE
PID: 3444 (3692) C:\PROGRA~1\Wanadoo\PollingModule.exe
size: 69632
MD5: EDF02F58940FD56C12357D150F5397C0
PID: 3384 ( 924) C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
size: 45056
MD5: 68E404DB5525373FE0554ED2607F0C82
PID: 4068 (3244) C:\Program Files\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A
PID: 2124 (1444) C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 1816208
MD5: 7474F276650CBA9DF7C63E39E67FCACA
PID: 4620 (1444) C:\Program Files\a-squared Anti-Malware\a2scan.exe
size: 807064
MD5: BD00496E74CC9F3BAEAC294F95E59D93
PID: 5492 ( 924) C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
size: 983040
MD5: E0575CC2758B7BF7B8FB33CD32E86AD7
PID: 5860 ( 924) C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
size: 872448
MD5: B2316B897BA3CB831D63E918DF7F86B0
PID: 5784 (1496) C:\Program Files\SpywareBlaster\spywareblaster.exe
size: 1320464
MD5: DD8B30EFAD32DBE1FCB5AD5609D6E065
PID: 5872 (5784) C:\Program Files\SpywareBlaster\spywareblaster.exe
size: 1320464
MD5: DD8B30EFAD32DBE1FCB5AD5609D6E065
PID: 2868 (1496) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 09/03/2008 17:37:06

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.google.fr/advanced_search?hl=fr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
https://www.01net.com/telecharger/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.01net.com/telecharger/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
https://www.01net.com/telecharger/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
a-squared Anti-Malware 3.1 3.1 (a-squared Anti-Malware_is1)
install date: 20080309
install location: C:\Program Files\a-squared Anti-Malware\
uninstall cmd: "C:\Program Files\a-squared Anti-Malware\unins000.exe"
publisher: Emsi Software GmbH
comments: a-squared
help link: https://support.emsisoft.com/

(AddressBook)

Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D})
version: 9
version (major): 9
install location: C:\Program Files\Adobe\Adobe Photoshop CS2\
uninstall cmd: msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
publisher: Adobe Systems, Inc.
comments:
contact: Service support clientèle
help link: https://helpx.adobe.com/support.html
help telephone: +1-555-555-4505

Adobe Photoshop Elements 5.0 5.0 (Adobe Photoshop Elements 5)
version: 5
version (major): 5
install location: C:\Program Files\Adobe\Photoshop Elements 5.0\
uninstall cmd: msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
publisher: Adobe Systems, Inc.
contact: Service support clientèle
help link: https://helpx.adobe.com/support.html

Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support

Ant Renamer 1.4.0 (Ant_Renamer_is1)
uninstall cmd: "C:\LOGICIELS AJOUTES\Ant Renamer\unins000.exe"
publisher: BuyPin Software

Audacity 1.2.4 (Audacity_is1)
install location: C:\LOGICIELS AJOUTES\Audacity\
uninstall cmd: "C:\LOGICIELS AJOUTES\Audacity\unins000.exe"
help link: https://sourceforge.net/projects/audacity/

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: https://www.avg.com/fr-fr/homepage

(Branding)

(CADI)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove

Canon Digital Camera USB WIA Driver (Canon Digital Camera USB WIA Driver)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"

Canon Utilities RAW Image Converter (Canon Utilities RAW Image Converter)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

CompuApps SwissKnife V3 (CompuApps SwissKnife V3)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL

(Connection Manager)

(Creative Audio CD Ripper)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c /remove

(Creative Audio Device Selection)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove

(Creative Import Wizard)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c /remove

Creative Jukebox Driver (Creative Jukebox Driver)
uninstall cmd: C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s

(Creative MediaSource)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove

(Creative MediaSource CD-ROM Burner Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove

(Creative MediaSource Detector)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove

(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove

Creative Removable Disk Manager (Creative Removable Disk Manager)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove

(Creative Sync Manager)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c /remove

(Creative Zen Micro)

CANON iMAGE GATEWAY Drag And Drop Upload Plugin 1.2.1.1 (DDUP)
install location: C:\Program Files\Canon\DDUP
uninstall cmd: "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\DDUP\Uninst.ini"

(DirectAnimation)

(DirectDrawEx)

Canon Utilities Digital Photo Professional 3.1 3.1.0.0 (DPP)
install location: C:\Program Files\Canon\Digital Photo Professional
uninstall cmd: "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"

(DXM_Runtime)

FileZilla Client 3.0.7.1 3.0.7.1 (FileZilla Client)
install location: C:\Program Files\FileZilla FTP Client
uninstall cmd: C:\Program Files\FileZilla FTP Client\uninstall.exe
help link: https://filezilla-project.org/

(Fontcore)

Gestionnaire Internet (GestionnaireInternet.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\uninstall.exe

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\HiJackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20080308
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061027.150806 (ie7)
install date: 20080308
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US

(IEData)

(InstallShield Uninstall Information)

OpenMG AAC Add-on Module 1.0.00 1.0.00.04270 (InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3})
version: 16777216
version (major): 1
estimated size: 706
install date: 20061209
install location: C:\Program Files\Sony Corporation\OpenMG AAC Add-On Module\
install source: D:\common\omgaddon\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
publisher: Sony Corporation

OpenMG Secure Module 4.5.01 4.5.01.04270 (InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8})
version: 67436545
version (major): 4
version (minor): 5
estimated size: 19465
install date: 20061209
install location: C:\Program Files\Sony Corporation\OpenMG Secure Module\
install source: D:\common\openmg\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
publisher: Sony Corporation

OLYMPUS Master 1.31.2000 (InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372})
version: 18810832
version (major): 1
version (minor): 31
estimated size: 107239
install date: 20060108
install location: C:\Program Files\OLYMPUS\OLYMPUS Master\
install source: D:\OLYMPUSMaster\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL
publisher: OLYMPUS IMAGING CORP.

Correctif Windows XP - KB873339 20041117.092459 (KB873339)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/873339

Mise à jour de sécurité pour Windows XP (KB883939) 1 (KB883939)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/883939

(KB884016)

(KB884267)

Correctif Windows XP - KB885250 20050118.202711 (KB885250)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/885250

(KB885353)

Correctif Windows XP - KB885835 20041027.181713 (KB885835)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/885835/ms04-044-vulnerabilities-in-windows-kernel-and-lsass-could-allow-eleva

(KB886612)

(KB887078)

Correctif Windows XP - KB887472 20041014.162858 (KB887472)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/887472

(KB887626)

Correctif Windows XP - KB888113 20041116.131036 (KB888113)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/888113

Correctif Windows XP - KB888310 20041027.095746 (KB888310)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/888310

(KB888656)

(KB889858)

Correctif Windows XP - KB890175 20041201.233338 (KB890175)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/890175/ms05-001-vulnerability-in-html-help-could-allow-code-execution

(KB891122)

Correctif Windows XP - KB891781 20050110.165439 (KB891781)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/891781

(KB892313)

(KB893240)

(KB893241)

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

(KB895181)

(KB895316)

(KB895572)

Mise à jour de sécurité pour Windows XP (KB896422) 1 (KB896422)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896422/ms05-027-vulnerability-in-server-message-block-could-allow-remote-code

(KB897586)

(KB898549)

(KB900399)

Mise à jour de sécurité pour Windows XP (KB901214) 1 (KB901214)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/901214

(KB902344)

Mise à jour pour Windows XP (KB904942) 2 (KB904942)
install date: 20080308
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/904942/authentication-fails-when-you-use-outlook-or-outlook-express-to-try-to

(KB907658)

(KB911565)

(KB911854)

Correctif pour Windows XP (KB914440) 12 (KB914440)
install date: 20080308
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/914440

Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20080308
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/915865

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/926239

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
install date: 20080308
uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/942615

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) 1 (KB944533-IE7)
install date: 20080308
uninstall cmd: "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/944533

Logiciel d'imagerie photo HP (Logiciel d'imagerie photo HP)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Messager Wanadoo (Messager Wanadoo)
uninstall cmd: C:\PROGRA~1\MESSAG~1\UNWISE.EXE C:\PROGRA~1\MESSAG~1\INSTALL.LOG

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

(MobileOptionPack)

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://www.microsoft.com/fr-fr/?ref=go

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20080308
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

OpenMG Limited Patch 4.5-06-05-12-01 (OpenMG HotFix4.5-06-05-10-01)
uninstall cmd: C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Photomatix Pro version 2.5.1 2.5.1 (Photomatix Pro_is1)
install location: C:\Program Files\Photomatix\
uninstall cmd: "C:\Program Files\Photomatix\unins000.exe"
publisher: HDRsoft Sarl
help link: https://www.hdrsoft.com/support/index.html

Canon PhotoRecord (PhotoRecord)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"

(Plugin de Creative MediaSource NOMAD Jukebox 2/3/Zen)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove

(Plugin de Creative MediaSource NOMAD MuVo)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove

Recovery for Outlook (Recovery for Outlook)
uninstall cmd: C:\Program Files\Recovery for Outlook\GLF133.exe /handle:olr

(SchedulingAgent)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems Incorporated
help link: https://helpx.adobe.com/flash-player.html

Photomatix Tone Mapping Plug-In version 1.0 1.0 (simple1_is1)
install location: C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Photomatix\
uninstall cmd: "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Photomatix\unins000.exe"
publisher: MultimediaPhoto Sarl
help link: https://www.hdrsoft.com/support/index.html

SpywareBlaster 4.0 4.0.0 (SpywareBlaster_is1)
install date: 20080309
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Creative System Information (SysInfo)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove

TopStyle Lite (Version 3.0) 3.1.0 (TopStyle Lite (Version 3.0))
uninstall cmd: C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
publisher: Bradbury Software, LLC

Winamp (remove only) (Winamp)
uninstall cmd: "C:\LOGICIELS AJOUTES\winamp\UninstWA.exe"

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: https://support.microsoft.com/en-us

Lecteur Windows Media 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

(Zen Micro Media Explorer)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c /remove

ZoneAlarm 7.0.362.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

Canon Utilities ZoomBrowser EX (ZoomBrowserEXDeInstall)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"

Broadcom Advanced Control Suite 8.20.01 ({058B32E2-6310-4359-B2D4-1988390C3B83})
version: 135528449
version (major): 8
version (minor): 20
install date: 20051005
install location: C:\Program Files\Broadcom\
uninstall cmd: MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
publisher: Broadcom Corporation
comments: Broadcom Advanced Control Suite 2 (BACS)
contact: Dell Customer Support
help link: http://www.support.dell.com

Macromedia Dreamweaver MX 2004 7.0 ({05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A})
version (major): 7
install location: C:\Program Files\Macr
0
Réponse 11 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
.. Le hijack stp...
0
Réponse 12 / 29
yvan3131 Messages postés 54 Statut Membre
 
Voici le rapport AVG

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:13:19 09/03/2008

+ Résultat de l'analyse:



Rien à signaler.



Fin du rapport

Voici enfin hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:28, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\HiJackThis\tuecettemerde.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 13 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
ok, tu n'as pas supprimer à la main ce fichier ?=> C:\Documents and Settings\Christine & Patrice\ie_updater.exe
0
yvan3131 Messages postés 54 Statut Membre
 
Je ne l'avais pas fait parce que ce fichier n'apparait pas dans le répertoire (je suis pourtant en mode affichage des fichiers cachés).

Je ne me l'explique pas.
Yvan
0
Réponse 14 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
c'est un trojan bien cachée, mais il doit se trouver dans C/ document and settings, pas dans les dossiers cachés

Pour cela essaies ceci

Maintiens enfoncé la touche Windows + R
colles cette ligne dans la fenetre vide => C:\Documents and Settings\Christine & Patrice\

Une fenetre vas s'ouvrir..
cherches le fichier portant le nom de : ie_updater.exe..

Si tu n'y arrives pas faisons un scan en ligne =>

Fais un scan en linge avec BitDefender, avec internet explorer
http://www.bitdefender.fr/scan_fr/scan8/ie.html

* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree .. Tu devras accepter et installer l'active X
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, Laisse le faire son boulot.
Tu colleras son rapport...
0
Réponse 15 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
peut etre avec otmovit?


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Documents and Settings\Christine & Patrice\ie_updater.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
yvan3131 Messages postés 54 Statut Membre
 
Alors pour espion3004 : bitdefender en ligne ne fonctionne pas !! C'était trop beau

Pour Jlpjlp otmoveit me répond qu'il ne peut pas créer le fichier c:\_Moveit\movedfiles\....
0
Réponse 16 / 29
espion3004 Messages postés 8687 Statut Membre 1 433
 
ok
0
Réponse 17 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
alors essaye ceci: avec combofix


_____________
pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_____________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
C:\Documents and Settings\Christine & Patrice\ie_updater.exe






Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
yvan3131 Messages postés 54 Statut Membre
 
Ce qui est bizarre, c'est que j'ai chargé ie 7.0, il apparait ainsi dans la barre de lancement rapide et sur le redémarrage que je viens de réaliser, je semble être revenu à la version 6 !!!!
0
Réponse 18 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
suite a combofix??


remet internet explorer 7

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
0
yvan3131 Messages postés 54 Statut Membre
 
C'était avant le lancement de combofix.

Il est en cours d'éxécution.
0
Réponse 19 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok
0
yvan3131 Messages postés 54 Statut Membre
 
Bon l'opération semble compromise.

a-squared me lance des alertes en pagaille et dans les processus lancés je ne sais pas si je peux les accepter ou les refuser. J'ai accepté les premiers puis là je ne sais plus trop que penser.
Par ailleurs, sur l'écran bleu, il y a eu un message comme quoi il ne trouvait pas accéder au fichier "sans nommer" le fichier en indiquant qu'il était utilisé par un autre programme.

Bref c'est pas gagné. Je reconnais que depuis 48h où je n'ai fait pratiquement qu'essayer de résoudre cette "_erde" je commence à baisser les bras...
0
yvan3131 Messages postés 54 Statut Membre > yvan3131 Messages postés 54 Statut Membre
 
Voici le résultat de combo

ComboFix 08-03-07.4 - Christine & Patrice 2008-03-09 21:42:35.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.413 [GMT 1:00]
Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
Command switches used :: C:\Documents and Settings\Christine & Patrice\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.

2008-03-09 14:16 . 2008-03-09 17:15 <REP> d-------- C:\Program Files\SpywareBlaster
2008-03-09 14:16 . 2008-03-09 17:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 14:16 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-09 14:11 . 2008-03-09 14:11 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-09 14:10 . 2008-03-09 17:04 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-09 14:03 . 2008-03-09 14:03 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\Grisoft
2008-03-09 14:03 . 2008-03-09 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 14:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-09 12:11 . 2004-08-05 12:00 578,048 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-03-09 12:09 . 2008-03-09 12:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-09 10:43 . 2008-03-09 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-09 10:42 . 2008-03-09 12:07 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-09 10:42 . 2008-03-09 10:42 <REP> d-------- C:\Program Files\Zone Labs
2008-03-08 22:55 . 2008-03-08 22:55 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-08 22:54 . 2008-03-08 22:55 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-08 22:47 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-08 22:47 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-08 22:47 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-08 22:47 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-08 22:47 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-08 22:47 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-08 22:47 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-08 22:47 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-08 22:47 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-08 22:45 . 2006-10-27 15:09 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-08 20:08 . 2008-03-09 21:30 <REP> d-------- C:\HiJackThis
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-08 14:00 . 2008-03-09 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 20:37 --------- d-----w C:\Program Files\Wanadoo
2008-03-09 20:00 27,308 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-09 20:00 2,238,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-09 09:43 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-09 09:43 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-03-07 07:08 --------- d-----w C:\Program Files\Java
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
.
[color=red]Files Infected - Win32.Agent.zb[/color]
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\GestMaj.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\Shell.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-08_20.27.31.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-08 18:38:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-09 14:49:34 9,822,208 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-03-09 14:49:34 1,720,320 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-03-08 18:38:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-09 11:09:25 8,622,080 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-03-09 11:09:26 503,808 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2004-08-05 11:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-05 11:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2005-05-02 20:57:10 1,020,416 -c----w C:\WINDOWS\ie7\browseui.dll
+ 2004-08-05 11:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2004-08-05 11:00:00 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2004-08-05 11:00:00 201,728 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2004-08-05 11:00:00 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-05 11:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-05 11:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-05 11:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-05 11:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 11:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-05 11:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2005-05-01 00:19:07 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-05 11:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2005-05-02 20:57:10 250,880 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-05 11:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-05 11:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-05 11:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-05 11:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2005-05-02 20:57:11 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2004-08-05 11:00:00 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2004-08-05 11:00:00 15,872 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-05 11:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-05 11:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2005-05-02 12:57:12 3,011,072 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2005-09-03 00:06:11 448,512 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-05 11:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 11:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2005-05-02 20:57:11 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2004-08-05 11:00:00 530,432 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-05 11:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2005-05-02 20:57:11 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2005-05-02 20:57:12 1,484,288 -c----w C:\WINDOWS\ie7\shdocvw.dll
+ 2005-05-02 20:57:12 474,112 -c----w C:\WINDOWS\ie7\shlwapi.dll
+ 2006-10-27 18:20:20 32,368 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2006-10-27 18:18:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-05 11:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2005-05-02 20:57:12 605,696 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-05 11:00:00 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2004-08-05 11:00:00 848,384 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-05 11:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2005-05-02 20:57:12 662,016 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2006-10-27 01:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2006-10-27 01:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
+ 2006-10-17 11:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2006-10-17 11:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll.000
+ 2006-10-27 14:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2006-10-27 14:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll.000
+ 2006-10-17 11:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2006-10-27 01:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2006-10-27 01:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
+ 2006-10-27 01:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2006-10-27 01:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
+ 2006-10-27 01:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2006-10-27 01:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
+ 2006-10-27 01:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2006-10-27 01:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll.000
+ 2006-09-05 23:01:26 2,451,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2006-10-17 11:27:56 380,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2006-10-27 01:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2006-10-27 01:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
+ 2006-10-27 14:09:58 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2006-10-27 01:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2006-10-27 01:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
+ 2006-10-17 11:57:20 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2006-10-27 01:44:12 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
+ 2006-10-27 14:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2006-10-27 14:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll.000
+ 2006-10-27 14:09:58 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2006-10-27 14:09:58 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2006-10-27 14:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2006-10-27 14:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll.000
+ 2006-10-27 14:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2006-10-27 14:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll.000
+ 2006-10-17 12:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2006-10-17 12:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll.000
+ 2006-10-27 14:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2006-10-27 14:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll.000
+ 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
+ 2006-10-27 14:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2006-10-27 14:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll.000
+ 2006-10-27 14:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2006-10-27 14:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
+ 2006-10-27 14:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2006-10-27 14:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll.000
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2006-10-17 11:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2006-10-17 11:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll.000
+ 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:49:42 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll.000
+ 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll.000
+ 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll.000
+ 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll.000
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll.000
+ 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll.000
+ 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000
+ 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll.000
+ 2007-10-10 23:49:44 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:49:45 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2006-10-17 11:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2006-10-17 11:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-05 11:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2006-10-27 01:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-05 11:00:00 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2005-05-02 20:57:10 1,020,416 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-23 12:12:56 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-10-27 01:44:26 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-12-07 02:08:32 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-09-23 12:12:56 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2006-10-17 12:03:56 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-12-07 02:08:32 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-10-17 11:44:36 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2006-10-17 12:04:50 69,120 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-10-17 12:06:00 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2006-10-27 14:09:58 191,488 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2006-10-27 01:44:26 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-12-06 11:03:16 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2006-10-17 11:57:58 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2006-10-27 01:44:08 92,672 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-10-17 12:00:00 491,520 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-07 02:08:33 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-10-17 12:05:10 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2006-10-17 11:56:10 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-12-08 09:38:36 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 02:08:34 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2006-10-17 11:28:56 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2006-10-27 14:09:58 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-12-07 02:08:34 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 02:08:34 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2006-09-23 12:12:56 1,497,088 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-23 12:12:56 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 02:08:34 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-12-07 02:08:34 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2006-10-27 14:09:58 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2006-10-27 14:09:58 765,952 ------w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-12-07 02:08:34 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-12-07 02:08:34 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-03-08 20:22:54 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-05-30 23:03:48 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-05-30 23:03:50 119,576 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2004-08-05 11:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-19 22:53:23 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-05 11:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 02:08:32 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-05 11:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:08:32 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-05 11:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-05 11:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-05 11:00:00 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-05 11:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-05 11:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-05 11:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2006-10-17 12:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2005-05-02 20:57:10 250,880 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-10-27 14:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-05 11:00:00 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-05 11:00:00 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2006-10-27 01:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-27 14:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-05 11:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-06-21 20:55:28 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
+ 2007-06-21 20:55:28 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
- 2008-03-08 19:23:23 214,900 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-03-09 20:39:08 214,901 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2005-05-02 20:57:11 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2006-10-27 01:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-05 11:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-10-17 12:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-05 11:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 02:08:33 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2007-06-21 20:54:26 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2004-08-05 11:00:00 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2006-10-17 12:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2008-02-04 14:09:48 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-05 11:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 11:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2005-05-02 12:57:12 3,011,072 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-08 09:38:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2005-09-03 00:06:11 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-05 11:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-05 11:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2006-10-27 14:09:58 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2005-05-02 20:57:11 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 02:08:34 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2004-08-05 11:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 02:08:34 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-05 11:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2005-05-02 20:57:11 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-01-11 05:36:55 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2005-05-02 20:57:12 1,484,288 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-09-23 12:12:56 1,497,088 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2005-05-02 20:57:12 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2006-09-23 12:12:56 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-04-27 03:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
- 2004-08-05 11:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2005-05-02 20:57:12 605,696 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-05 11:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-10-27 14:09:58 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-06-21 20:54:30 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-06-21 20:54:52 394,984 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-06-21 20:54:32 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-06-21 20:54:32 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-06-21 20:54:32 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-06-21 20:54:32 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-06-21 20:54:34 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-06-21 20:55:30 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
+ 2007-06-21 20:54:34 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-06-21 20:54:34 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2004-08-05 11:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-05 11:00:00 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2005-05-02 20:57:12 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2006-10-09 22:12:26 230,400 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-06-21 20:54:34 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-06-21 20:54:34 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-03-09 09:45:45 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-06-21 20:54:24 366,112 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-06-21 20:55:26 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll
+ 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-05-30 23:03:16 258,048 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-30 23:03:18 118,784 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-06-21 20:54:24 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2007-06-21 20:55:26 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll
+ 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-06-21 20:54:24 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-06-21 20:54:26 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-06-21 20:54:26 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll
+ 2007-06-21 20:55:26 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
+ 2007-06-21 20:55:28 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
+ 2007-06-21 20:54:54 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-06-21 20:54:54 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-06-21 20:54:54 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-06-21 20:56:16 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-06-21 20:56:16 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-06-11 11:43:50 714,472 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-06-11 11:43:52 788,200 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-06-21 20:54:28 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-06-11 11:43:56 1,496,808 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 11:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-06-21 20:54:28 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-06-21 20:56:16 210,432 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-06-21 20:56:18 3,229,176 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll
+ 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2008-03-09 10:07:32 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-06-21 20:54:46 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-06-21 20:55:30 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll
+ 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-06-21 20:54:30 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-06-21 20:54:30 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll
+ 2007-06-21 20:54:46 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-06-21 20:55:30 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll
+ 2007-06-21 20:54:32 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-06-21 20:54:32 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-06-21 20:55:30 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll
+ 2007-06-21 20:54:34 243,176 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-06-21 20:54:36 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-06-21 20:54:36 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-06-21 20:55:32 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll
+ 2007-06-21 20:54:36 378,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-06-21 20:55:32 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll
+ 2007-06-21 20:54:36 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-06-21 20:54:40 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
+ 2008-03-09 20:36:16 47,670,822 ----a-w C:\WINDOWS\Temp\a2cache_474120F8.dat
+ 2008-03-09 20:35:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat
+ 2008-03-09 20:35:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3bc.dat
+ 2007-06-21 20:54:48 75,248 ----a-w C:\WINDOWS\zllsputility.exe
+ 2007-06-21 20:55:32 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-08 21:22 249896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

C:\Documents and Settings\Christine & Patrice\Menu D‚marrer\Programmes\D‚marrage\
Palm Registration.lnk - C:\Program Files\Palm\register.exe [2007-07-01 18:19:33 2494464]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
DataViz Inc Messenger.lnk - C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-06-30 03:27:46 28672]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-02 21:20:58 671744]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
--a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 22:11:40
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-09 22:15:38
ComboFix-quarantined-files.txt 2008-03-09 21:15:27
ComboFix2.txt 2008-03-08 19:27:45
0
yvan3131 Messages postés 54 Statut Membre > yvan3131 Messages postés 54 Statut Membre
 
Voici hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:56, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\tuecettemerde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 20 / 29
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok



1/ # Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!

2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.
0
yvan3131 Messages postés 54 Statut Membre
 
Bonjour Jlpjlp,

Je me suis remis sur le pc et j'ai effectué les tests comme proposé. Le 1er est ok quant au 2ème il n'a pas créé de rapport donc si j'ai bien compris.
Alors dernie point, au redémarrage à chaque fois a-square me demande si un fihcier pollingmodule.exe peut être lancé (comportement semblable à celui d'un spyware me dit-il). Le détail du fichier l'étiquette comme venant de c://program files/wanadoo
Société non dispo
Copyright france telecom
Je lui dit ok ou pas ?

Yvan
0

Discussions similaires

A quoi sert l'application Bonjour?
patrick -
Ysis -

4 réponses
"BONJOUR" : utilité de ce programme???
sunbeep -
onizukaille -

5 réponses
logiciel bonjour
cougar0259 -
lorent -

17 réponses