Programme igfpers

yvan3131 Messages postés 54 Statut Membre -  
yvan3131 Messages postés 54 Statut Membre -
Bonjour à toutes et à tous,

Au démarrage de mon pc celui ci m'affiche un message d'erreur à signaler à Microsoft :
pesistance module doit fermer (envoyer le rapport d'erreur).

1 Dois-je m'inquiéter de ce message ?
2 Comment supprimer le pb (s'il y en a un)

Merci
Yvan
Configuration: Windows XP
Internet Explorer 7.0

29 réponses

  • 1
  • 2
Résumé de la discussion

Au démarrage, un message d'erreur signale un module de persistance à fermer et invite à envoyer le rapport d'erreur, sous Windows XP et Internet Explorer 7.
La ligne [Persistence] C:\WINDOWS\system32\igfxpers.exe correspond à une entrée de démarrage associée au pilote graphique Intel, et elle est habituellement légitime malgré son apparente alerte.
Des analyses et rapports techniques montrent que des outils antivirus et antimalware détectent plusieurs composants potentiels, mais l'ensemble peut rester sain après vérification et suppression ciblée des éléments indésirables.
D'autres éléments indiquent que des variantes malveillantes peuvent imiter ce type d'entrée pour masquer une infection, d'où l'intérêt de croiser les analyses avec plusieurs outils fiables.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. espion3004 Messages postés 8687 Statut Membre 1 434
     
    Bonjour, cela pourrait être un malware
    Tu peux m'envoyer un rapport hijack this stp ?
    0
  2. yvan3131 Messages postés 54 Statut Membre
     
    Salut,

    voici le résultat :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:05:19, on 09/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\LOGI_MWX.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\dwwin.exe
    c:\program files\avira\antivir personaledition classic\avscan.exe
    C:\HiJackThis\tuecettemerde.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [braviax] braviax.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  3. espion3004 Messages postés 8687 Statut Membre 1 434
     
    Hum, nous allons avoir du boulot.. Il s'agit belle et bien de Malwares !

    télécharges et installe toi un vrai pare-feu 'celui de windows laisse tout passer'
    Choisis Zone alarm.. La configuration est simple, il est en français.. Tu auras des alarmes de Zone alarm te demandant si tel ou tel programme peut accéder aux web..
    Si tu rencontres ce messages pour braviax.exe = Tu réfuses surtout !

    Ok tu vas relancer hijack this scan only

    Coches ces lignes dans les cases vides :

    O4 - HKLM\..\Run: [braviax] braviax.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
    O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)

    Clic sur fix checked !

    Tu vas ensuite télécharger Deckard's System Scanner (DSS)
    http://www.techsupportforum.com/sectools/Deckard/dss.exe
    Lance le et laisse le faire son boulot (nb pas de connexion web, pas d'autre activité surtout !)

    Tu colleras le rapport ici...

    Je t'informe, selon ton infection que c'est une première pour moi...
    0
  4. yvan3131 Messages postés 54 Statut Membre
     
    Ok Espion,
    J'ai bien noté que cela pourrait être ta première.

    Je télécharge les 40 Mo de zonealarm et je reviens.

    Pour l'installation de zonealarm il redémarre le pc.
    Est-ce que je lance la connexion internet ou pas ? J'ai un autre pc pour la communication avec toi.

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. yvan3131 Messages postés 54 Statut Membre
     
    Re,
    Voilà la suite.

    J'ai 2 rapports différents :
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professionnel (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
    Percentage of Memory in Use: 43%
    Physical Memory (total/avail): 1014.07 MiB / 569.91 MiB
    Pagefile Memory (total/avail): 2441.14 MiB / 2057.55 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1928.5 MiB

    C: is Fixed (NTFS) - 74.44 GiB total, 38.39 GiB free.
    D: is CDROM (No Media)
    E: is Fixed (FAT32) - 465.65 GiB total, 361.23 GiB free.
    F: is Removable (FAT32)

    \\.\PHYSICALDRIVE0 - WDC WD800JD-75LSA0 - 74.5 GiB - 2 partitions
    \PARTITION0 - Unknown - 54.88 MiB
    \PARTITION1 (bootable) - Système de fichiers installable - 74.44 GiB - C:

    \\.\PHYSICALDRIVE2 - Samsung YP-U1 USB Device - 486.34 MiB - 1 partition
    \PARTITION0 (bootable) - Unknown - 493.97 MiB - F:

    \\.\PHYSICALDRIVE1 - WD 5000AAKS Externa USB Device - 465.76 GiB - 1 partition
    \PARTITION0 - Unknown - 465.76 GiB - E:

    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    UpdatesDisableNotify is set.

    FW: ZoneAlarm Firewall v7.0.362.000 (Check Point, LTD.)
    AV: Avira AntiVir PersonalEdition v 7.0.3.5
    (Avira GmbH)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Christine & Patrice\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=PMPCMP
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DEFAULT_CA_NR=CA8
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Christine & Patrice
    LOGONSERVER=\\PMPCMP
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft Office\OFFICE11\Gestionnaire de contacts professionnels\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft Office\OFFICE11\Gestionnaire de contacts professionnels;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Fichiers communs\Teleca Shared
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0403
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
    tvdumpflags=8
    USERDOMAIN=PMPCMP
    USERNAME=Christine & Patrice
    USERPROFILE=C:\Documents and Settings\Christine & Patrice
    windir=C:\WINDOWS
    __COMPAT_LAYER=DisableNXShowUI

    -- User Profiles ---------------------------------------------------------------

    Christine & Patrice [I](admin)/I
    Administrateur [I](admin)/I

    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
    --> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
    --> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ACDSee 6.0 Standard --> MsiExec.exe /I{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}
    Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
    Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
    Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
    Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
    Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
    Adobe Photoshop Lightroom --> MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A}
    Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
    Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
    Ant Renamer --> "C:\LOGICIELS AJOUTES\Ant Renamer\unins000.exe"
    Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
    AquaSoft DiaShow XP --> MsiExec.exe /I{FA4324A3-287B-4F77-8641-C1985758A15B}
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Audacity 1.2.4 --> "C:\LOGICIELS AJOUTES\Audacity\unins000.exe"
    Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
    Canon Digital Camera USB WIA Driver --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
    CANON iMAGE GATEWAY Drag And Drop Upload Plugin --> "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\DDUP\Uninst.ini"
    Canon PhotoRecord --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
    Canon Utilities Digital Photo Professional 3.1 --> "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
    Canon Utilities RAW Image Converter --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
    Canon Utilities ZoomBrowser EX --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
    Card Reader Software --> MsiExec.exe /I{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CompuApps SwissKnife V3 --> C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
    Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif Windows XP - KB873339 -->
    Correctif Windows XP - KB885250 -->
    Correctif Windows XP - KB885835 -->
    Correctif Windows XP - KB887472 -->
    Correctif Windows XP - KB888113 -->
    Correctif Windows XP - KB888310 -->
    Correctif Windows XP - KB890175 -->
    Correctif Windows XP - KB891781 -->
    Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
    Creative MediaSource --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x40c /remove
    Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
    Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    Creative Zen Micro --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x40c /remove
    DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    Documents To Go --> MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
    FileZilla Client 3.0.7.1 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
    FinePixViewer Resource --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x40c
    FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x40c
    FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
    Gestionnaire de contacts professionnels pour Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
    Gestionnaire Internet --> C:\PROGRA~1\Wanadoo\uninstall.exe
    HijackThis 2.0.2 --> "C:\HiJackThis\HijackThis.exe" /uninstall
    ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x40c UNINSTALL
    ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x40c
    Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
    Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
    livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
    Logiciel d'imagerie photo HP --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
    Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c -l040c UNINSTALL
    Logitech SetPoint --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly
    Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x40c mmUninstall
    Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall
    Macromedia HomeSite+ --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}\Setup.exe"
    Messager Wanadoo --> C:\PROGRA~1\MESSAG~1\UNWISE.EXE C:\PROGRA~1\MESSAG~1\INSTALL.LOG
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour de sécurité pour Windows XP (KB883939) -->
    Mise à jour de sécurité pour Windows XP (KB896422) -->
    Mise à jour de sécurité pour Windows XP (KB901214) -->
    Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
    OLYMPUS Master --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL
    OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
    OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
    OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
    Palm --> MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
    PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
    PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
    PDF Manual NW-S200 Series --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B694704-8D6C-4833-99E1-311A9788F61F}\setup.exe" -l0x40c UNINSTALL -removeonly
    Photomatix Pro version 2.5.1 --> "C:\Program Files\Photomatix\unins000.exe"
    Photomatix Tone Mapping Plug-In version 1.0 --> "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Photomatix\unins000.exe"
    PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x40c
    Recovery for Outlook --> C:\Program Files\Recovery for Outlook\GLF133.exe /handle:olr
    Samsung Media Studio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DAB6BE8-4B4F-4C08-AC96-4008057E3424}\Setup.exe" -l0x40c
    Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
    TopStyle Lite (Version 3.0) --> C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
    Winamp (remove only) --> "C:\LOGICIELS AJOUTES\winamp\UninstWA.exe"
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    -- Application Event Log -------------------------------------------------------

    Event Record #/Type7761 / Error
    Event Submitted/Written: 03/09/2008 10:48:30 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Application défaillante igfxpers.exe, version 3.0.0.4299, module défaillant igfxpers.exe, version 3.0.0.4299, adresse de défaillance 0x00011fe1.
    Traitement de l'événement propre au support pour [igfxpers.exe!ws!]

    Event Record #/Type7760 / Warning
    Event Submitted/Written: 03/09/2008 10:48:15 AM
    Event ID/Source: 32068 / Microsoft Fax
    Event Description:
    La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
    Code de pays/région : '*'
    Indicatif régional : '*'

    Event Record #/Type7759 / Warning
    Event Submitted/Written: 03/09/2008 10:48:15 AM
    Event ID/Source: 32026 / Microsoft Fax
    Event Description:
    Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
    Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

    Event Record #/Type7757 / Warning
    Event Submitted/Written: 03/09/2008 10:48:15 AM
    Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
    Event Description:
    (SpnRegister) : Error 1355

    Event Record #/Type7756 / Warning
    Event Submitted/Written: 03/09/2008 10:48:14 AM
    Event ID/Source: 1015 / EvntAgnt
    Event Description:
    Le paramètre TraceLevel ne se trouve pas dans le Registre.
    La niveau de suivi utilisé par défaut est 32.

    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.

    -- System Event Log ------------------------------------------------------------

    Event Record #/Type23226 / Error
    Event Submitted/Written: 03/09/2008 10:48:15 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
    %%2

    Event Record #/Type23196 / Error
    Event Submitted/Written: 03/09/2008 09:46:52 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
    %%2

    Event Record #/Type23167 / Error
    Event Submitted/Written: 03/08/2008 10:58:19 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
    %%2

    Event Record #/Type23123 / Error
    Event Submitted/Written: 03/08/2008 10:41:03 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
    %%2

    Event Record #/Type23082 / Error
    Event Submitted/Written: 03/08/2008 08:23:23 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Le service ieupdater n'a pas pu démarrer en raison de l'erreur :
    %%2

    -- End of Deckard's System Scanner: finished at 2008-03-09 10:57:54 ------------

    RAPPORT 2
    Deckard's System Scanner v20071014.68
    Run by Christine & Patrice on 2008-03-09 10:56:14
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.

    -- Last 5 Restore Point(s) --
    8: 2008-03-09 09:56:19 UTC - RP8 - Deckard's System Scanner Restore Point
    7: 2008-03-08 21:54:56 UTC - RP7 - Software Distribution Service 2.0
    6: 2008-03-08 21:54:13 UTC - RP6 - Windows Internet Explorer 7 installé.
    5: 2008-03-08 21:53:03 UTC - RP5 - Installed Windows IDNMitigationAPIs.
    4: 2008-03-08 21:52:33 UTC - RP4 - Installed Windows NLSDownlevelMapping.

    -- First Restore Point --
    1: 2008-03-08 21:41:58 UTC - RP1 - Point de vérification système

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as Christine & Patrice.exe) ---------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:04, on 09/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\LOGI_MWX.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\Documents and Settings\Christine & Patrice\Bureau\dss.exe
    C:\HIJACK~1\Christine & Patrice.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  7. espion3004 Messages postés 8687 Statut Membre 1 434
     
    ok, merci pour l'info jlpjlp, ;)

    Ok, tu as un dossier que tu dois supprimer physiquement =>C:\Documents and Settings\Christine & Patrice\ie_updater.exe
    Pour cela diriges toi dans C: document and settings et supprimes le et vide ta corbeille.

    Ensuite tu vas télécharger ces logiciels d'appoint de sécurité pour ton pc (que tu ne devras jamais t'en séparer !)

    A- squared free => Avec son tuto

    AVG anti-spyware (bouclier gratuit pendant 30 jours, ensuite le programme est toujours opérationnel pour les scans de ta machine) => Idem le tuto est dispo ici
    Spybot search and destroy => Attention à ne pas cocher l'option TEaTimer de spybot lors de son instalation =>Tuto de MAlekal ici aussi

    Spyware Blaster =>Clic ici merci
    Ccleaner => installation + tuto


    Ok tous ces logiciels sont gratuits et en français.

    Tu devras faire les mises à jours de tous ces logiciels ! Merci d'être vigilent sur ce coup là...

    Ok, ensuite tu vas télécharger Sdfix :

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum..

    ===============

    Ok, y'a du boulot, comme je te le disais au début de ton post, Car depuis le début, nous utilisons des logiciels dit de force brute ! Car en fait c'est de Trojan que tu es infecté...

    Ok, en mode sans échec tu n'auras pas accés au web, donc copie ce texte dans un format .txt ou word que tu colleras sur ton bureau...(de même pour les tutos si tu as un problème pour les faire fonctionner)

    Donc résumons ton plan d'action :

    1 Télécharges tous les logiciels proposés !
    2 Fais les mises à jours des logiciels + paramétrages pour certains d'entre eux selon les tutos !
    3 Démarrer en mode sans échec
    4 LAncer SDfix en premier + faire copie du rapport
    5 LEs autres softs 1 à un (sois très patient surtout ;)
    6 Faire les copies des rapports de AVG anti-spy + A-squared free + sdfix
    7 REtour en mode ,normal, fais un hijack tout neuf
    8 reconnecte toi sur ccm... Nous attendons les rapports demandés..
    Bon courage.
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Avant de me lancer dans les installations, dois-je désinstaller antivir et zonealarm ou pas.
      Parce que les artilleries lourdes dont tu parlessont compatibles entre elles ?
      J'attends ta réponse avant d'installer
      0
  8. espion3004 Messages postés 8687 Statut Membre 1 434
     
    ok
    Je te l'aurai signaler yvan3131 ;)
    Pour SDFis tu auras une alarm de antivir, tu ignores voila tout...
    Tous les autres programmes sont ok
    Et ne jamais, jamais désinstaller un pare-feu ou un antivirus (uniquement pour certains scan en ligne anti-virus pour antivir) Sinon toujours garder ces protections...

    Ok Au boulot maintenant...
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Pour des raisons de clarté je vais poster les comptes rendus un par un.

      Le premier

      Version - a-squared Anti-Malware 3.1
      Dernière mise à jour: 09/03/2008 14:17:38

      Réglages Scan:

      Objets: Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
      Scan archives: Marche
      Heuristiques: Marche
      Scan ADS: Marche

      Début du scan: 09/03/2008 16:27:14

      c:\windows\system32\ifhelper.dll Détecter: Trace.File.SearchCentrix
      Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\kazaa Détecter: Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b Détecter: Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time Détecter: Trace.Registry.KaZaA
      Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo Détecter: Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet Détecter: Trace.Registry.KaZaA
      Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent Détecter: Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir Détecter: Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir Détecter: Trace.Registry.KaZaA
      Key: HKEY_LOCAL_MACHINE\software\kazaa Détecter: Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport Détecter: Trace.Registry.KaZaA
      Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\realvnc\vncviewer4 Détecter: Trace.Registry.VNCViewer
      C:\Documents and Settings\Christine & Patrice\Cookies\christine & patrice@statse.webtrendslive[2].txt Détecter: Trace.TrackingCookie
      C:\Documents and Settings\Christine & Patrice\Cookies\christine_&_patrice@weborama[2].txt Détecter: Trace.TrackingCookie
      C:\WINDOWS\system32\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20

      Scanné

      Fichiers: 77694
      Traces: 381502
      Cookies: 28
      Processus: 58

      Trouver

      Fichiers: 1
      Traces: 12
      Cookies: 2
      Processus: 0
      Clés de Registre: 0

      Fin du Scan: 09/03/2008 17:04:40
      Temps du Scan: 0:37:26

      C:\WINDOWS\system32\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
      C:\Documents and Settings\Christine & Patrice\Cookies\christine & patrice@statse.webtrendslive[2].txt Quarantaine Trace.TrackingCookie
      C:\Documents and Settings\Christine & Patrice\Cookies\christine_&_patrice@weborama[2].txt Quarantaine Trace.TrackingCookie
      Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\realvnc\vncviewer4 Quarantaine Trace.Registry.VNCViewer
      Key: HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\software\kazaa Quarantaine Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b Quarantaine Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time Quarantaine Trace.Registry.KaZaA
      Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo Quarantaine Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet Quarantaine Trace.Registry.KaZaA
      Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent Quarantaine Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir Quarantaine Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir Quarantaine Trace.Registry.KaZaA
      Key: HKEY_LOCAL_MACHINE\software\kazaa Quarantaine Trace.Registry.KaZaA
      Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport Quarantaine Trace.Registry.KaZaA
      c:\windows\system32\ifhelper.dll Quarantaine Trace.File.SearchCentrix

      Quarantaine

      Fichiers: 1
      Traces: 12
      Cookies: 2
      0
  9. yvan3131 Messages postés 54 Statut Membre
     
    Le deuxième

    [b]SDFix: Version 1.154 [/b]

    Run by Christine

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    \Program Files\SMSC\Seticon.exe
    C:\PROGRA~1\Wanadoo\GestMaj.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Wanadoo\Shell.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    \Program Files\SMSC\Seticon.exe
    C:\PROGRA~1\Wanadoo\GestMaj.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Wanadoo\Shell.exe

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 16:18:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Thu 5 Aug 2004 94,864 ..SH. --- "C:\WINDOWS\twain.dll"
    Thu 5 Aug 2004 50,688 ..SH. --- "C:\WINDOWS\twain_32.dll"
    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 5 Aug 2004 54,784 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
    Thu 5 Aug 2004 553,472 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
    Thu 5 Aug 2004 12,288 A.SH. --- "C:\WINDOWS\system32\regsvr32.exe"
    Sun 1 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 14 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

    [b]Finished![/b]
    0
  10. yvan3131 Messages postés 54 Statut Membre
     
    Le 3ème

    --- Search result list ---
    Vcodec.eMedia: [SBI $9E29C52C] Réglages (Clé du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\zcodec.exe

    Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Réglages (Valeur du registre, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    Microsoft.Windows.AppFirewallBypass: [SBI $2AF14C29] Réglages (Valeur du registre, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    Fraud.ProtectionBar: [SBI $1B126286] Barre d'outils IE (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-837731939-1463466863-719893837-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}

    Win32.Murlo.ff.rtk: [SBI $67E0FCFD] Réglages (Valeur du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UID

    --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

    2008-01-28 blindman.exe (1.0.0.7)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2008-01-28 SDMain.exe (1.0.0.5)
    2007-10-07 SDShred.exe (1.0.1.2)
    2008-01-28 SDUpdate.exe (1.0.8.8)
    2008-01-28 SDWinSec.exe (1.0.0.11)
    2008-01-28 SpybotSD.exe (1.5.2.20)
    2008-01-28 TeaTimer.exe (1.5.2.16)
    2008-03-09 unins000.exe (51.49.0.0)
    2008-01-28 Update.exe (1.4.0.6)
    2008-01-28 advcheck.dll (1.5.4.5)
    2007-04-02 aports.dll (2.1.0.0)
    2007-11-17 DelZip179.dll (1.79.7.4)
    2008-01-28 SDFiles.dll (1.5.1.19)
    2008-01-28 SDHelper.dll (1.5.0.11)
    2008-01-28 Tools.dll (2.1.3.3)
    2008-03-05 Includes\Cookies.sbi (*)
    2007-12-26 Includes\Dialer.sbi (*)
    2008-03-05 Includes\DialerC.sbi (*)
    2008-03-05 Includes\HeavyDuty.sbi (*)
    2008-03-05 Includes\Hijackers.sbi (*)
    2008-03-05 Includes\HijackersC.sbi (*)
    2008-02-27 Includes\Keyloggers.sbi (*)
    2008-03-05 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-02-27 Includes\Malware.sbi (*)
    2008-03-05 Includes\MalwareC.sbi (*)
    2008-02-20 Includes\PUPS.sbi (*)
    2008-03-05 Includes\PUPSC.sbi (*)
    2008-03-05 Includes\Revision.sbi (*)
    2008-01-09 Includes\Security.sbi (*)
    2008-03-05 Includes\SecurityC.sbi (*)
    2008-02-20 Includes\Spybots.sbi (*)
    2008-03-05 Includes\SpybotsC.sbi (*)
    2007-11-06 Includes\Tracks.uti
    2008-02-27 Includes\Trojans.sbi (*)
    2008-03-05 Includes\TrojansC.sbi (*)
    2007-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Correctif Windows XP - KB873339
    / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB883939)
    / Windows XP / SP3: Correctif Windows XP - KB885250
    / Windows XP / SP3: Correctif Windows XP - KB885835
    / Windows XP / SP3: Correctif Windows XP - KB887472
    / Windows XP / SP3: Correctif Windows XP - KB888113
    / Windows XP / SP3: Correctif Windows XP - KB888310
    / Windows XP / SP3: Correctif Windows XP - KB890175
    / Windows XP / SP3: Correctif Windows XP - KB891781
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422)
    / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
    / Windows XP / SP3: Mise à jour pour Windows XP (KB904942)
    / Windows XP / SP3: Correctif pour Windows XP (KB914440)
    / Windows XP / SP3: Hotfix for Windows XP (KB915865)
    / Windows XP / SP3: Hotfix for Windows XP (KB926239)

    --- Startup entries list ---
    Located: HK_LM:Run, !AVG Anti-Spyware
    command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    size: 6731312
    MD5: CC6BC45DD5A58158645E7FB2953604FE

    Located: HK_LM:Run, Adobe Photo Downloader
    command: "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    file: C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    size: 61440
    MD5: E0FC25157263DD6177AF313AE35DBFE8

    Located: HK_LM:Run, a-squared
    command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
    size: 1816208
    MD5: 7474F276650CBA9DF7C63E39E67FCACA

    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    size: 249896
    MD5: 6E898F5959E7195D64594C30E9251938

    Located: HK_LM:Run, Demon
    command: C:\PROGRA~1\MESSAG~1\Demon.exe
    file: C:\PROGRA~1\MESSAG~1\Demon.exe
    size: 40960
    MD5: 18AF530E9C050ABFD20827C07D24032C

    Located: HK_LM:Run, HotKeysCmds
    command: C:\WINDOWS\system32\hkcmd.exe
    file: C:\WINDOWS\system32\hkcmd.exe
    size: 77824
    MD5: BDE85DCF1F1E5D10FE3166936AA01EEF

    Located: HK_LM:Run, IgfxTray
    command: C:\WINDOWS\system32\igfxtray.exe
    file: C:\WINDOWS\system32\igfxtray.exe
    size: 94208
    MD5: B6500BB000FDE8AADD9F0C814759530E

    Located: HK_LM:Run, IndexSearch
    command: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    file: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    size: 40960
    MD5: B2F6304DA237876E9D2FA29ACBD21D26

    Located: HK_LM:Run, ISUSPM Startup
    command: C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, ISUSScheduler
    command: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    file: C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: 7A11AF03157BBEF393E250DD6F22F854

    Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
    command: KHALMNPR.EXE
    file: C:\WINDOWS\KHALMNPR.EXE
    size: 94208
    MD5: CACD213E5A959FDF4F8232A6B34FAD43

    Located: HK_LM:Run, Logitech Hardware Abstraction Layer
    command: "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
    file: C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    size: 94208
    MD5: 324A70B69ECE66E9A3572D00A7FCF558

    Located: HK_LM:Run, Logitech Utility
    command: LOGI_MWX.EXE
    file: C:\WINDOWS\LOGI_MWX.EXE
    size: 19968
    MD5: 34A14CD6B6E9C8BFBABEAF6EED5149BB

    Located: HK_LM:Run, PaperPort PTD
    command: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    file: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    size: 57393
    MD5: 0293AE6E17645359D6150BB78B1C82AC

    Located: HK_LM:Run, Persistence
    command: C:\WINDOWS\system32\igfxpers.exe
    file: C:\WINDOWS\system32\igfxpers.exe
    size: 114688
    MD5: 0483C5E90A376E64A8D81A0C044F2ECE

    Located: HK_LM:Run, REGSHAVE
    command: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, SetIcon
    command: \Program Files\SMSC\Seticon.exe
    file: \Program Files\SMSC\Seticon.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Sony Ericsson PC Suite
    command: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    file: C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    size: 487424
    MD5: B2ACE02D71371139E25B153D694E5D78

    Located: HK_LM:Run, SoundMAXPnP
    command: C:\Program Files\Analog Devices\Core\smax4pnp.exe
    file: C:\Program Files\Analog Devices\Core\smax4pnp.exe
    size: 1404928
    MD5: F2A79CC176064BBAD122458C0D95F0BE

    Located: HK_LM:Run, SSBkgdUpdate
    command: "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    file: C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
    size: 155648
    MD5: 1C3CA3E7807F915933BB4E08E599DDAB

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    size: 144784
    MD5: 0A16782827E45960D85C2CC1FF6C0819

    Located: HK_LM:Run, WOOTASKBARICON
    command: C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    file: C:\PROGRA~1\Wanadoo\GestMaj.exe
    size: 32768
    MD5: AF6E38D6572797AFC7E7C19772CC5A03

    Located: HK_LM:Run, WOOWATCH
    command: C:\PROGRA~1\Wanadoo\Watch.exe
    file: C:\PROGRA~1\Wanadoo\Watch.exe
    size: 20480
    MD5: 9A29592CD135F6262C429152F7A8DD4A

    Located: HK_LM:Run, YeppStudioAgent
    command: C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    file: C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    size: 40960
    MD5: A4FB6EF3614584FF4186A02253ACAD41

    Located: HK_LM:Run, ZoneAlarm Client
    command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919016
    MD5: 7462B3864DA32E6B3D1EF0524E663A23

    Located: HK_LM:RunOnceEx, Register Homesite+.exe
    command: "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER
    file: C:\Program Files\Macromedia\HomeSite+\Homesite+.exe
    size: 2254848
    MD5: 140E5C68A673EE5A09FDEFB6A914D05B

    Located: HK_CU:Run, CTFMON.EXE
    where: .DEFAULT...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A

    Located: HK_CU:Run, CTFMON.EXE
    where: PE_C_ADMINISTRATEUR...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-19...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-20...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A

    Located: HK_CU:Run, Creative Detector
    where: S-1-5-21-837731939-1463466863-719893837-1006...
    command: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    file: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    size: 98304
    MD5: B0174965BD8ECB79798E45C488343917

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-21-837731939-1463466863-719893837-1006...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A

    Located: HK_CU:Run, SsAAD.exe
    where: S-1-5-21-837731939-1463466863-719893837-1006...
    command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    size: 81920
    MD5: 2BAB8B0D01916094FBE32E1C2E24FE33

    Located: HK_CU:Run, WOOKIT
    where: S-1-5-21-837731939-1463466863-719893837-1006...
    command: C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    file: C:\PROGRA~1\Wanadoo\Shell.exe
    size: 122880
    MD5: 8435E09AB474EFEA822E25AFE15D4962

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-18...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A

    Located: Démarrage (tous utilisateurs), Acrobat Assistant.lnk
    where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
    command: C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    file: C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    size: 217193
    MD5: 78BFE3201ADA2FE02D1E35D2488E5F55

    Located: Démarrage (tous utilisateurs), DataViz Inc Messenger.lnk
    where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    file: C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    size: 28672
    MD5: D0DFDEC5BE5B261575CF6A40CEB27B39

    Located: Démarrage (tous utilisateurs), HotSync Manager.lnk
    where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\Palm\Hotsync.exe
    file: C:\Program Files\Palm\Hotsync.exe
    size: 471040
    MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54

    Located: Démarrage (tous utilisateurs), Logitech SetPoint.lnk
    where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
    file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
    size: 671744
    MD5: 4301B51CAA535510F4B45A276DC306A1

    Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
    where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
    file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
    size: 83360
    MD5: 5BC65464354A9FD3BEAA28E18839734A

    Located: Démarrage (utilisateur), Palm Registration.lnk
    where: C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\Palm\register.exe
    file: C:\Program Files\Palm\register.exe
    size: 2494464
    MD5: 533773CC598066297984DCAE9788639A

    Located: Démarrage (désactivé), Adobe Gamma Loader (DISABLED)
    command: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    file: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    size: 113664
    MD5: C2FF17734176CD15221C10044EF0BA1A

    Located: Démarrage (désactivé), DataViz Inc Messenger (DISABLED)
    command: C:\PROGRA~1\FICHIE~1\DataViz\DVZINC~1.EXE
    file: C:\PROGRA~1\FICHIE~1\DataViz\DVZINC~1.EXE
    size: 28672
    MD5: D0DFDEC5BE5B261575CF6A40CEB27B39

    Located: Démarrage (désactivé), Exif Launcher (DISABLED)
    command: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
    file: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
    size: 282624
    MD5: 8558AED89FD5004F517184F354FAF6AF

    Located: Démarrage (désactivé), Adobe Gamma (DISABLED)
    command: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    file: C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    size: 113664
    MD5: C2FF17734176CD15221C10044EF0BA1A

    Located: Démarrage (désactivé), Palm Registration (DISABLED)
    command: C:\PROGRA~1\Palm\register.exe /remind /language=FR /INTL="true" /PRNM="Palm"
    file: C:\PROGRA~1\Palm\register.exe
    size: 2494464
    MD5: 533773CC598066297984DCAE9788639A

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, igfxcui
    command: igfxdev.dll
    file: igfxdev.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    --- Browser helper object list ---

    --- ActiveX list ---
    {41564D57-9980-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\wmvadvd.inf
    Codebase: http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_05
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.6.0_05\bin\
    Long name: npjpi160_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 22/02/2008 02:33:32
    Date (last access): 09/03/2008 16:52:50
    Date (last write): 22/02/2008 04:25:20
    Filesize: 132496
    Attributes: archive
    MD5: 4FDFB86D78994BD71CBB779A7809E9CD
    CRC32: 5A0EB880
    Version: 6.0.50.13

    {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_03
    Installer:
    Codebase: https://www.oracle.com/java/technologies/
    description:
    classification: Legitimate
    known filename: npjpi142_03.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\j2re1.4.2_03\bin\
    Long name: NPJPI142_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 19/11/2003 17:48:18
    Date (last access): 09/03/2008 16:43:40
    Date (last write): 19/11/2003 17:48:12
    Filesize: 65650
    Attributes: archive
    MD5: 2AD31341BE41AC9B086128AD86A2B53F
    CRC32: 081CFB35
    Version: 1.4.2.30

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 24/09/2007 23:31:44
    Date (last access): 09/03/2008 16:47:08
    Date (last write): 25/09/2007 01:11:34
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_05
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_05\bin\
    Long name: npjpi160_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 22/02/2008 02:33:32
    Date (last access): 09/03/2008 16:52:50
    Date (last write): 22/02/2008 04:25:20
    Filesize: 132496
    Attributes: archive
    MD5: 4FDFB86D78994BD71CBB779A7809E9CD
    CRC32: 5A0EB880
    Version: 6.0.50.13

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_05
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_05\bin\
    Long name: npjpi160_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 22/02/2008 02:33:32
    Date (last access): 09/03/2008 16:52:50
    Date (last write): 22/02/2008 04:25:20
    Filesize: 132496
    Attributes: archive
    MD5: 4FDFB86D78994BD71CBB779A7809E9CD
    CRC32: 5A0EB880
    Version: 6.0.50.13

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash9b.ocx
    Short name:
    Date (created): 09/11/2006 23:46:26
    Date (last access): 09/03/2008 16:36:22
    Date (last write): 09/11/2006 23:46:26
    Filesize: 2262648
    Attributes: readonly archive
    MD5: F3B3EE66CA76C94510555ABE9D00A353
    CRC32: A51F3CB4
    Version: 9.0.28.0

    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 640 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 688 ( 640) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 712 ( 640) \??\C:\WINDOWS\system32\winlogon.exe
    size: 506368
    PID: 756 ( 712) C:\WINDOWS\system32\services.exe
    size: 108544
    MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
    PID: 768 ( 712) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 9F3744A5C6F49291A7A685040A013399
    PID: 924 ( 756) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1036 ( 756) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1132 ( 756) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1276 ( 756) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1464 ( 756) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1480 ( 756) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    size: 75304
    MD5: 7DE2CBEAD1E815C689441E572529160D
    PID: 1496 (1448) C:\WINDOWS\Explorer.EXE
    size: 1036288
    MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
    PID: 1916 ( 756) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: B4EF928E4FAD79364A80ACBA6D999934
    PID: 1992 ( 756) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    size: 214056
    MD5: F640EA98231D7B1DB730385813BFCE79
    PID: 732 ( 756) C:\Program Files\a-squared Anti-Malware\a2service.exe
    size: 366712
    MD5: D8ADF0518C336ABC6FA49412DC9DE141
    PID: 948 ( 756) C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    size: 102400
    MD5: 177FF6608B48638D4066726F3A3F8444
    PID: 1092 ( 756) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    size: 63016
    MD5: A6FA9C14E649B2F3DE15390A1840774D
    PID: 1156 ( 756) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    size: 312880
    MD5: 5DCD235C061022BCDA9AA48670B64211
    PID: 812 ( 756) C:\WINDOWS\system32\CTsvcCDA.EXE
    size: 44032
    MD5: 3C8B6609712F4FF78E521F6DCFC4032B
    PID: 1340 ( 756) C:\WINDOWS\System32\FTRTSVC.exe
    size: 40960
    MD5: D1261099E03EEE90976EA19002995B89
    PID: 1376 ( 756) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    size: 15872
    MD5: 13F79611400A265D9F6931A42C9A3978
    PID: 1440 ( 756) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    size: 322120
    MD5: 11F714F85530A2BD134074DC30E99FCA
    PID: 1612 ( 756) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    size: 7544916
    MD5: E7EEA341883CB643623D7CD988756040
    PID: 2184 ( 756) C:\WINDOWS\System32\snmp.exe
    size: 32768
    MD5: ED2059604FA0C73636A8C55084883EC4
    PID: 2304 ( 756) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 3228 ( 756) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
    PID: 3340 (1132) C:\WINDOWS\system32\wscntfy.exe
    size: 13824
    MD5: 54CDDAD404557ED98433D6ECBFC92691
    PID: 3592 (1496) C:\WINDOWS\system32\hkcmd.exe
    size: 77824
    MD5: BDE85DCF1F1E5D10FE3166936AA01EEF
    PID: 3808 (1496) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    size: 1404928
    MD5: F2A79CC176064BBAD122458C0D95F0BE
    PID: 3828 (1496) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    size: 144784
    MD5: 0A16782827E45960D85C2CC1FF6C0819
    PID: 3872 (1496) C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: 7A11AF03157BBEF393E250DD6F22F854
    PID: 3880 (1496) C:\Program Files\Messager Wanadoo\demon.exe
    size: 40960
    MD5: 18AF530E9C050ABFD20827C07D24032C
    PID: 3932 (1496) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    size: 57393
    MD5: 0293AE6E17645359D6150BB78B1C82AC
    PID: 3976 (1496) C:\WINDOWS\LOGI_MWX.EXE
    size: 19968
    MD5: 34A14CD6B6E9C8BFBABEAF6EED5149BB
    PID: 1404 (1496) C:\Program Files\SMSC\Seticon.exe
    size: 46080
    MD5: 8EEA968B1CA1B902FE2AA86D157ED5EB
    PID: 1952 (1496) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    size: 249896
    MD5: 6E898F5959E7195D64594C30E9251938
    PID: 1960 (1496) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919016
    MD5: 7462B3864DA32E6B3D1EF0524E663A23
    PID: 2136 (2772) C:\Program Files\Wanadoo\TaskBarIcon.exe
    size: 61440
    MD5: F9710A77123CC3FD09D062F2AF33E473
    PID: 2596 (1496) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    size: 6731312
    MD5: CC6BC45DD5A58158645E7FB2953604FE
    PID: 2840 (1496) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A
    PID: 2912 (1496) C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    size: 98304
    MD5: B0174965BD8ECB79798E45C488343917
    PID: 3516 (1496) C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    size: 217193
    MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
    PID: 2948 (1496) C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    size: 28672
    MD5: D0DFDEC5BE5B261575CF6A40CEB27B39
    PID: 2896 (1496) C:\Program Files\Palm\Hotsync.exe
    size: 471040
    MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
    PID: 3664 (1496) C:\Program Files\Logitech\SetPoint\SetPoint.exe
    size: 671744
    MD5: 4301B51CAA535510F4B45A276DC306A1
    PID: 3692 (3676) C:\Program Files\Wanadoo\GestionnaireInternet.exe
    size: 819200
    MD5: 5D17C66B5620142A06B7391BE20C0476
    PID: 3072 (3664) C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    size: 94208
    MD5: 324A70B69ECE66E9A3572D00A7FCF558
    PID: 3244 (3692) C:\Program Files\Wanadoo\ComComp.exe
    size: 249856
    MD5: 5D589D0436C4C2D285B3418E79E78A21
    PID: 3500 (3692) C:\PROGRA~1\Wanadoo\Toaster.exe
    size: 69632
    MD5: C2D1BD2B433571ECEC29924ACE5D7C62
    PID: 3388 (3692) C:\PROGRA~1\Wanadoo\Inactivity.exe
    size: 32768
    MD5: 5F6DBF75D05462EED92B42376E89D9FE
    PID: 3444 (3692) C:\PROGRA~1\Wanadoo\PollingModule.exe
    size: 69632
    MD5: EDF02F58940FD56C12357D150F5397C0
    PID: 3384 ( 924) C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    size: 45056
    MD5: 68E404DB5525373FE0554ED2607F0C82
    PID: 4068 (3244) C:\Program Files\Wanadoo\Watch.exe
    size: 20480
    MD5: 9A29592CD135F6262C429152F7A8DD4A
    PID: 2124 (1444) C:\Program Files\a-squared Anti-Malware\a2guard.exe
    size: 1816208
    MD5: 7474F276650CBA9DF7C63E39E67FCACA
    PID: 4620 (1444) C:\Program Files\a-squared Anti-Malware\a2scan.exe
    size: 807064
    MD5: BD00496E74CC9F3BAEAC294F95E59D93
    PID: 5492 ( 924) C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    size: 983040
    MD5: E0575CC2758B7BF7B8FB33CD32E86AD7
    PID: 5860 ( 924) C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    size: 872448
    MD5: B2316B897BA3CB831D63E918DF7F86B0
    PID: 5784 (1496) C:\Program Files\SpywareBlaster\spywareblaster.exe
    size: 1320464
    MD5: DD8B30EFAD32DBE1FCB5AD5609D6E065
    PID: 5872 (5784) C:\Program Files\SpywareBlaster\spywareblaster.exe
    size: 1320464
    MD5: DD8B30EFAD32DBE1FCB5AD5609D6E065
    PID: 2868 (1496) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5146448
    MD5: 2ECA8CDEED7C82F879E766DA92A3561A
    PID: 4 ( 0) System

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 09/03/2008 17:37:06

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.google.fr/advanced_search?hl=fr
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.01net.com/telecharger/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    https://www.google.com/?gws_rd=ssl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://home.microsoft.com/access/autosearch.asp?p=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.01net.com/telecharger/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.01net.com/telecharger/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

    --- Winsock Layered Service Provider list ---

    --- Uninstall list ---
    a-squared Anti-Malware 3.1 3.1 (a-squared Anti-Malware_is1)
    install date: 20080309
    install location: C:\Program Files\a-squared Anti-Malware\
    uninstall cmd: "C:\Program Files\a-squared Anti-Malware\unins000.exe"
    publisher: Emsi Software GmbH
    comments: a-squared
    help link: https://support.emsisoft.com/

    (AddressBook)

    Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D})
    version: 9
    version (major): 9
    install location: C:\Program Files\Adobe\Adobe Photoshop CS2\
    uninstall cmd: msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    publisher: Adobe Systems, Inc.
    comments:
    contact: Service support clientèle
    help link: https://helpx.adobe.com/support.html
    help telephone: +1-555-555-4505

    Adobe Photoshop Elements 5.0 5.0 (Adobe Photoshop Elements 5)
    version: 5
    version (major): 5
    install location: C:\Program Files\Adobe\Photoshop Elements 5.0\
    uninstall cmd: msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
    publisher: Adobe Systems, Inc.
    contact: Service support clientèle
    help link: https://helpx.adobe.com/support.html

    Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
    uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    publisher: Avira GmbH
    help link: http://www.avira.com/classic-support

    Ant Renamer 1.4.0 (Ant_Renamer_is1)
    uninstall cmd: "C:\LOGICIELS AJOUTES\Ant Renamer\unins000.exe"
    publisher: BuyPin Software

    Audacity 1.2.4 (Audacity_is1)
    install location: C:\LOGICIELS AJOUTES\Audacity\
    uninstall cmd: "C:\LOGICIELS AJOUTES\Audacity\unins000.exe"
    help link: https://sourceforge.net/projects/audacity/

    AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
    install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
    uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    publisher: Grisoft Ltd.
    help link: https://www.avg.com/fr-fr/homepage

    (Branding)

    (CADI)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove

    Canon Digital Camera USB WIA Driver (Canon Digital Camera USB WIA Driver)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"

    Canon Utilities RAW Image Converter (Canon Utilities RAW Image Converter)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"

    CCleaner (remove only) (CCleaner)
    uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

    CompuApps SwissKnife V3 (CompuApps SwissKnife V3)
    uninstall cmd: C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL

    (Connection Manager)

    (Creative Audio CD Ripper)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c /remove

    (Creative Audio Device Selection)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove

    (Creative Import Wizard)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c /remove

    Creative Jukebox Driver (Creative Jukebox Driver)
    uninstall cmd: C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s

    (Creative MediaSource)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove

    (Creative MediaSource CD-ROM Burner Plugin)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove

    (Creative MediaSource Detector)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove

    (Creative MediaSource Player Skin Pack)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove

    Creative Removable Disk Manager (Creative Removable Disk Manager)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove

    (Creative Sync Manager)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c /remove

    (Creative Zen Micro)

    CANON iMAGE GATEWAY Drag And Drop Upload Plugin 1.2.1.1 (DDUP)
    install location: C:\Program Files\Canon\DDUP
    uninstall cmd: "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\DDUP\Uninst.ini"

    (DirectAnimation)

    (DirectDrawEx)

    Canon Utilities Digital Photo Professional 3.1 3.1.0.0 (DPP)
    install location: C:\Program Files\Canon\Digital Photo Professional
    uninstall cmd: "C:\Program Files\Fichiers communs\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"

    (DXM_Runtime)

    FileZilla Client 3.0.7.1 3.0.7.1 (FileZilla Client)
    install location: C:\Program Files\FileZilla FTP Client
    uninstall cmd: C:\Program Files\FileZilla FTP Client\uninstall.exe
    help link: https://filezilla-project.org/

    (Fontcore)

    Gestionnaire Internet (GestionnaireInternet.exe)
    uninstall cmd: C:\PROGRA~1\Wanadoo\uninstall.exe

    HijackThis 2.0.2 2.0.2 (HijackThis)
    uninstall cmd: "C:\HiJackThis\HijackThis.exe" /uninstall
    publisher: TrendMicro

    (ICW)

    Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    Windows Internet Explorer 7 20061027.150806 (ie7)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US

    (IEData)

    (InstallShield Uninstall Information)

    OpenMG AAC Add-on Module 1.0.00 1.0.00.04270 (InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3})
    version: 16777216
    version (major): 1
    estimated size: 706
    install date: 20061209
    install location: C:\Program Files\Sony Corporation\OpenMG AAC Add-On Module\
    install source: D:\common\omgaddon\
    uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
    publisher: Sony Corporation

    OpenMG Secure Module 4.5.01 4.5.01.04270 (InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8})
    version: 67436545
    version (major): 4
    version (minor): 5
    estimated size: 19465
    install date: 20061209
    install location: C:\Program Files\Sony Corporation\OpenMG Secure Module\
    install source: D:\common\openmg\
    uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
    publisher: Sony Corporation

    OLYMPUS Master 1.31.2000 (InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372})
    version: 18810832
    version (major): 1
    version (minor): 31
    estimated size: 107239
    install date: 20060108
    install location: C:\Program Files\OLYMPUS\OLYMPUS Master\
    install source: D:\OLYMPUSMaster\
    uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL
    publisher: OLYMPUS IMAGING CORP.

    Correctif Windows XP - KB873339 20041117.092459 (KB873339)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/873339

    Mise à jour de sécurité pour Windows XP (KB883939) 1 (KB883939)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/883939

    (KB884016)

    (KB884267)

    Correctif Windows XP - KB885250 20050118.202711 (KB885250)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/885250

    (KB885353)

    Correctif Windows XP - KB885835 20041027.181713 (KB885835)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/885835/ms04-044-vulnerabilities-in-windows-kernel-and-lsass-could-allow-eleva

    (KB886612)

    (KB887078)

    Correctif Windows XP - KB887472 20041014.162858 (KB887472)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/887472

    (KB887626)

    Correctif Windows XP - KB888113 20041116.131036 (KB888113)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/888113

    Correctif Windows XP - KB888310 20041027.095746 (KB888310)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/888310

    (KB888656)

    (KB889858)

    Correctif Windows XP - KB890175 20041201.233338 (KB890175)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/890175/ms05-001-vulnerability-in-html-help-could-allow-code-execution

    (KB891122)

    Correctif Windows XP - KB891781 20050110.165439 (KB891781)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/891781

    (KB892313)

    (KB893240)

    (KB893241)

    (KB893803)

    Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
    uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

    (KB895181)

    (KB895316)

    (KB895572)

    Mise à jour de sécurité pour Windows XP (KB896422) 1 (KB896422)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/896422/ms05-027-vulnerability-in-server-message-block-could-allow-remote-code

    (KB897586)

    (KB898549)

    (KB900399)

    Mise à jour de sécurité pour Windows XP (KB901214) 1 (KB901214)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/901214

    (KB902344)

    Mise à jour pour Windows XP (KB904942) 2 (KB904942)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/904942/authentication-fails-when-you-use-outlook-or-outlook-express-to-try-to

    (KB907658)

    (KB911565)

    (KB911854)

    Correctif pour Windows XP (KB914440) 12 (KB914440)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/914440

    Hotfix for Windows XP (KB915865) 10 (KB915865)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/915865

    Hotfix for Windows XP (KB926239) 2 (KB926239)
    install date: 20061214
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/926239

    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/942615

    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) 1 (KB944533-IE7)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/944533

    Logiciel d'imagerie photo HP (Logiciel d'imagerie photo HP)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll

    Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
    uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

    Messager Wanadoo (Messager Wanadoo)
    uninstall cmd: C:\PROGRA~1\MESSAG~1\UNWISE.EXE C:\PROGRA~1\MESSAG~1\INSTALL.LOG

    Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
    uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

    (Microsoft Interactive Training)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

    (MobileOptionPack)

    (MPlayer2)

    Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
    install date: 20061214
    uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://www.microsoft.com/fr-fr/?ref=go

    (MSI30-Beta1)

    (MSI30-Beta2)

    (MSI30-KB884016)

    (MSI30-RC1)

    (MSI30-RC2)

    (MSI30a-KB884016)

    (MSI31-Beta)

    (MSI31-RC1)

    (NetMeeting)

    Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
    install date: 20080308
    uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation

    OpenMG Limited Patch 4.5-06-05-12-01 (OpenMG HotFix4.5-06-05-10-01)
    uninstall cmd: C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u

    (OutlookExpress)

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Photomatix Pro version 2.5.1 2.5.1 (Photomatix Pro_is1)
    install location: C:\Program Files\Photomatix\
    uninstall cmd: "C:\Program Files\Photomatix\unins000.exe"
    publisher: HDRsoft Sarl
    help link: https://www.hdrsoft.com/support/index.html

    Canon PhotoRecord (PhotoRecord)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"

    (Plugin de Creative MediaSource NOMAD Jukebox 2/3/Zen)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove

    (Plugin de Creative MediaSource NOMAD MuVo)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove

    Recovery for Outlook (Recovery for Outlook)
    uninstall cmd: C:\Program Files\Recovery for Outlook\GLF133.exe /handle:olr

    (SchedulingAgent)

    Shockwave (Shockwave)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

    Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
    uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    publisher: Adobe Systems Incorporated
    help link: https://helpx.adobe.com/flash-player.html

    Photomatix Tone Mapping Plug-In version 1.0 1.0 (simple1_is1)
    install location: C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Photomatix\
    uninstall cmd: "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Photomatix\unins000.exe"
    publisher: MultimediaPhoto Sarl
    help link: https://www.hdrsoft.com/support/index.html

    SpywareBlaster 4.0 4.0.0 (SpywareBlaster_is1)
    install date: 20080309
    install location: C:\Program Files\SpywareBlaster\
    uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
    publisher: Javacool Software LLC

    Creative System Information (SysInfo)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove

    TopStyle Lite (Version 3.0) 3.1.0 (TopStyle Lite (Version 3.0))
    uninstall cmd: C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
    publisher: Bradbury Software, LLC

    Winamp (remove only) (Winamp)
    uninstall cmd: "C:\LOGICIELS AJOUTES\winamp\UninstWA.exe"

    Windows Media Format 11 runtime (Windows Media Format Runtime)
    uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    help link: https://support.microsoft.com/en-us

    Lecteur Windows Media 11 (Windows Media Player)
    uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

    Archiveur WinRAR (WinRAR archiver)
    uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

    (WMCSetup)

    Windows Media Format 11 runtime (WMFDist11)
    install date: 20061214
    uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http:

    Windows Media Player 11 (wmp11)
    install date: 20061214
    uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http:

    Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
    install date: 20061214
    uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    comments: Build Number 5716

    (Zen Micro Media Explorer)
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c /remove

    ZoneAlarm 7.0.362.000 (ZoneAlarm)
    uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
    publisher: Check Point, Inc
    help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

    Canon Utilities ZoomBrowser EX (ZoomBrowserEXDeInstall)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"

    Broadcom Advanced Control Suite 8.20.01 ({058B32E2-6310-4359-B2D4-1988390C3B83})
    version: 135528449
    version (major): 8
    version (minor): 20
    install date: 20051005
    install location: C:\Program Files\Broadcom\
    uninstall cmd: MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
    publisher: Broadcom Corporation
    comments: Broadcom Advanced Control Suite 2 (BACS)
    contact: Dell Customer Support
    help link: http://www.support.dell.com

    Macromedia Dreamweaver MX 2004 7.0 ({05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A})
    version (major): 7
    install location: C:\Program Files\Macr
    0
  11. espion3004 Messages postés 8687 Statut Membre 1 434
     
    .. Le hijack stp...
    0
  12. yvan3131 Messages postés 54 Statut Membre
     
    Voici le rapport AVG

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 19:13:19 09/03/2008

    + Résultat de l'analyse:

    Rien à signaler.

    Fin du rapport

    Voici enfin hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:18:28, on 09/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\LOGI_MWX.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
    C:\HiJackThis\tuecettemerde.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  13. espion3004 Messages postés 8687 Statut Membre 1 434
     
    ok, tu n'as pas supprimer à la main ce fichier ?=> C:\Documents and Settings\Christine & Patrice\ie_updater.exe
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Je ne l'avais pas fait parce que ce fichier n'apparait pas dans le répertoire (je suis pourtant en mode affichage des fichiers cachés).

      Je ne me l'explique pas.
      Yvan
      0
  14. espion3004 Messages postés 8687 Statut Membre 1 434
     
    c'est un trojan bien cachée, mais il doit se trouver dans C/ document and settings, pas dans les dossiers cachés

    Pour cela essaies ceci

    Maintiens enfoncé la touche Windows + R
    colles cette ligne dans la fenetre vide => C:\Documents and Settings\Christine & Patrice\

    Une fenetre vas s'ouvrir..
    cherches le fichier portant le nom de : ie_updater.exe..

    Si tu n'y arrives pas faisons un scan en ligne =>

    Fais un scan en linge avec BitDefender, avec internet explorer
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur I agree .. Tu devras accepter et installer l'active X
    * La fenêtre change encore, clique sur Click here to scan
    * Les signatures se chargent, Laisse le faire son boulot.
    Tu colleras son rapport...
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    peut etre avec otmovit?

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Documents and Settings\Christine & Patrice\ie_updater.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Alors pour espion3004 : bitdefender en ligne ne fonctionne pas !! C'était trop beau

      Pour Jlpjlp otmoveit me répond qu'il ne peut pas créer le fichier c:\_Moveit\movedfiles\....
      0
  16. espion3004 Messages postés 8687 Statut Membre 1 434
     
    ok
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    alors essaye ceci: avec combofix

    _____________
    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _____________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Documents and Settings\Christine & Patrice\ie_updater.exe

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Ce qui est bizarre, c'est que j'ai chargé ie 7.0, il apparait ainsi dans la barre de lancement rapide et sur le redémarrage que je viens de réaliser, je semble être revenu à la version 6 !!!!
      0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Bon l'opération semble compromise.

      a-squared me lance des alertes en pagaille et dans les processus lancés je ne sais pas si je peux les accepter ou les refuser. J'ai accepté les premiers puis là je ne sais plus trop que penser.
      Par ailleurs, sur l'écran bleu, il y a eu un message comme quoi il ne trouvait pas accéder au fichier "sans nommer" le fichier en indiquant qu'il était utilisé par un autre programme.

      Bref c'est pas gagné. Je reconnais que depuis 48h où je n'ai fait pratiquement qu'essayer de résoudre cette "_erde" je commence à baisser les bras...
      0
      1. yvan3131 Messages postés 54 Statut Membre > yvan3131 Messages postés 54 Statut Membre
         
        Voici le résultat de combo

        ComboFix 08-03-07.4 - Christine & Patrice 2008-03-09 21:42:35.2 - NTFSx86
        Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.413 [GMT 1:00]
        Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
        Command switches used :: C:\Documents and Settings\Christine & Patrice\Bureau\CFscript.txt
        * Création d'un nouveau point de restauration

        [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        E:\Autorun.inf

        .
        ((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
        .

        2008-03-09 14:16 . 2008-03-09 17:15 <REP> d-------- C:\Program Files\SpywareBlaster
        2008-03-09 14:16 . 2008-03-09 17:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
        2008-03-09 14:16 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
        2008-03-09 14:11 . 2008-03-09 14:11 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
        2008-03-09 14:10 . 2008-03-09 17:04 <REP> d-------- C:\Program Files\a-squared Anti-Malware
        2008-03-09 14:03 . 2008-03-09 14:03 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\Grisoft
        2008-03-09 14:03 . 2008-03-09 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
        2008-03-09 14:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
        2008-03-09 12:11 . 2004-08-05 12:00 578,048 --a------ C:\WINDOWS\system32\dllcache\user32.dll
        2008-03-09 12:09 . 2008-03-09 12:09 <REP> d-------- C:\WINDOWS\ERUNT
        2008-03-09 10:43 . 2008-03-09 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
        2008-03-09 10:42 . 2008-03-09 12:07 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
        2008-03-09 10:42 . 2008-03-09 10:42 <REP> d-------- C:\Program Files\Zone Labs
        2008-03-08 22:55 . 2008-03-08 22:55 <REP> d--h----- C:\WINDOWS\msdownld.tmp
        2008-03-08 22:54 . 2008-03-08 22:55 <REP> d-------- C:\WINDOWS\system32\fr-fr
        2008-03-08 22:47 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
        2008-03-08 22:47 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
        2008-03-08 22:47 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
        2008-03-08 22:47 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
        2008-03-08 22:47 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
        2008-03-08 22:47 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
        2008-03-08 22:47 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
        2008-03-08 22:47 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
        2008-03-08 22:47 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
        2008-03-08 22:45 . 2006-10-27 15:09 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
        2008-03-08 20:08 . 2008-03-09 21:30 <REP> d-------- C:\HiJackThis
        2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
        2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
        2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
        2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
        2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
        2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
        2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
        2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
        2008-03-08 14:00 . 2008-03-09 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
        2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
        2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
        2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-03-09 20:37 --------- d-----w C:\Program Files\Wanadoo
        2008-03-09 20:00 27,308 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
        2008-03-09 20:00 2,238,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
        2008-03-09 09:43 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
        2008-03-09 09:43 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
        2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
        2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
        2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
        2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
        2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
        2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
        2008-03-07 07:08 --------- d-----w C:\Program Files\Java
        2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
        2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
        2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
        2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
        2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
        2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
        2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
        2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
        2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
        2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
        2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
        2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
        2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
        2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
        2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
        2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
        2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
        2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
        2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
        2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
        2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
        .
        [color=red]Files Infected - Win32.Agent.zb[/color]
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Analog Devices\Core\smax4pnp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
        C:\PROGRA~1\MESSAG~1\Demon.exe
        C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
        C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
        C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
        C:\PROGRA~1\Wanadoo\GestMaj.exe
        C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
        C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
        C:\PROGRA~1\Wanadoo\Shell.exe
        .

        ((((((((((((((((((((((((((((( snapshot@2008-03-08_20.27.31.40 )))))))))))))))))))))))))))))))))))))))))
        .
        + 2008-03-08 18:38:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
        + 2008-03-09 14:49:34 9,822,208 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
        + 2008-03-09 14:49:34 1,720,320 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
        + 2008-03-08 18:38:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
        + 2008-03-09 11:09:25 8,622,080 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
        + 2008-03-09 11:09:26 503,808 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
        + 2004-08-05 11:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
        + 2004-08-05 11:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
        + 2005-05-02 20:57:10 1,020,416 -c----w C:\WINDOWS\ie7\browseui.dll
        + 2004-08-05 11:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
        + 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
        + 2004-08-05 11:00:00 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
        + 2004-08-05 11:00:00 201,728 -c----w C:\WINDOWS\ie7\dxtrans.dll
        + 2004-08-05 11:00:00 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
        + 2004-08-05 11:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
        + 2004-08-05 11:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
        + 2004-08-05 11:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
        + 2004-08-05 11:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
        + 2004-08-05 11:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
        + 2004-08-05 11:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
        + 2005-05-01 00:19:07 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
        + 2004-08-05 11:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
        + 2005-05-02 20:57:10 250,880 -c----w C:\WINDOWS\ie7\iepeers.dll
        + 2004-08-05 11:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
        + 2004-08-05 11:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
        + 2004-08-05 11:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
        + 2004-08-05 11:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
        + 2005-05-02 20:57:11 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
        + 2004-08-05 11:00:00 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
        + 2004-08-05 11:00:00 15,872 -c----w C:\WINDOWS\ie7\jsproxy.dll
        + 2004-08-05 11:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
        + 2004-08-05 11:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
        + 2005-05-02 12:57:12 3,011,072 -c----w C:\WINDOWS\ie7\mshtml.dll
        + 2005-09-03 00:06:11 448,512 -c----w C:\WINDOWS\ie7\mshtmled.dll
        + 2004-08-05 11:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
        + 2004-08-05 11:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
        + 2005-05-02 20:57:11 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
        + 2004-08-05 11:00:00 530,432 -c----w C:\WINDOWS\ie7\mstime.dll
        + 2004-08-05 11:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
        + 2005-05-02 20:57:11 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
        + 2005-05-02 20:57:12 1,484,288 -c----w C:\WINDOWS\ie7\shdocvw.dll
        + 2005-05-02 20:57:12 474,112 -c----w C:\WINDOWS\ie7\shlwapi.dll
        + 2006-10-27 18:20:20 32,368 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
        + 2006-10-27 18:18:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
        + 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
        + 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
        + 2004-08-05 11:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
        + 2005-05-02 20:57:12 605,696 -c----w C:\WINDOWS\ie7\urlmon.dll
        + 2004-08-05 11:00:00 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
        + 2004-08-05 11:00:00 848,384 -c----w C:\WINDOWS\ie7\vgx.dll
        + 2004-08-05 11:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
        + 2005-05-02 20:57:12 662,016 -c----w C:\WINDOWS\ie7\wininet.dll
        + 2006-10-27 01:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
        + 2006-10-27 01:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
        + 2006-10-17 11:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
        + 2006-10-17 11:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll.000
        + 2006-10-27 14:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
        + 2006-10-27 14:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll.000
        + 2006-10-17 11:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
        + 2006-10-27 01:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
        + 2006-10-27 01:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
        + 2006-10-27 01:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
        + 2006-10-27 01:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
        + 2006-10-27 01:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
        + 2006-10-27 01:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
        + 2006-10-27 01:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
        + 2006-10-27 01:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll.000
        + 2006-09-05 23:01:26 2,451,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
        + 2006-10-17 11:27:56 380,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
        + 2006-10-27 01:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
        + 2006-10-27 01:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
        + 2006-10-27 14:09:58 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
        + 2006-10-27 01:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
        + 2006-10-27 01:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
        + 2006-10-17 11:57:20 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
        + 2006-10-27 01:44:12 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
        + 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
        + 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
        + 2006-10-27 14:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
        + 2006-10-27 14:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll.000
        + 2006-10-27 14:09:58 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
        + 2006-10-27 14:09:58 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
        + 2006-10-27 14:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
        + 2006-10-27 14:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll.000
        + 2006-10-27 14:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
        + 2006-10-27 14:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll.000
        + 2006-10-17 12:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
        + 2006-10-17 12:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll.000
        + 2006-10-27 14:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
        + 2006-10-27 14:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll.000
        + 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
        + 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
        + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
        + 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
        + 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
        + 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
        + 2006-10-27 14:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
        + 2006-10-27 14:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll.000
        + 2006-10-27 14:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
        + 2006-10-27 14:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
        + 2006-10-27 14:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
        + 2006-10-27 14:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll.000
        + 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
        + 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
        + 2006-10-17 11:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
        + 2006-10-17 11:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll.000
        + 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
        + 2007-10-10 23:49:42 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
        + 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
        + 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll.000
        + 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
        + 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
        + 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
        + 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
        + 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
        + 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
        + 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll.000
        + 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
        + 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
        + 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll.000
        + 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
        + 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
        + 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll.000
        + 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
        + 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
        + 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
        + 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
        + 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
        + 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll.000
        + 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
        + 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll.000
        + 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
        + 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000
        + 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
        + 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll.000
        + 2007-10-10 23:49:44 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
        + 2007-10-10 23:49:45 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
        + 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
        + 2006-10-17 11:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
        + 2006-10-17 11:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll.000
        + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
        + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
        + 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
        + 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
        + 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
        + 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000
        + 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
        + 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
        + 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
        + 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000
        + 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
        + 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
        - 2004-08-05 11:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
        + 2006-10-27 01:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
        - 2004-08-05 11:00:00 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
        + 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
        - 2005-05-02 20:57:10 1,020,416 ----a-w C:\WINDOWS\system32\browseui.dll
        + 2006-09-23 12:12:56 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
        + 2006-10-27 01:44:26 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
        + 2007-12-07 02:08:32 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
        + 2006-09-23 12:12:56 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
        + 2006-10-17 12:03:56 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
        + 2007-12-07 02:08:32 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
        + 2007-12-07 02:08:32 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
        + 2006-10-17 11:44:36 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
        + 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
        + 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
        + 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
        + 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
        + 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
        + 2006-10-17 12:04:50 69,120 ------w C:\WINDOWS\system32\dllcache\iedw.exe
        + 2006-10-17 12:06:00 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
        + 2006-10-27 14:09:58 191,488 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
        + 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
        + 2006-10-27 01:44:26 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
        + 2007-12-06 11:03:16 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
        + 2006-10-17 11:57:58 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
        + 2006-10-27 01:44:08 92,672 ------w C:\WINDOWS\system32\dllcache\inseng.dll
        + 2006-10-17 12:00:00 491,520 ------w C:\WINDOWS\system32\dllcache\jscript.dll
        + 2007-12-07 02:08:33 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
        + 2006-10-17 12:05:10 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
        + 2006-10-17 11:56:10 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
        + 2007-12-08 09:38:36 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
        + 2007-12-07 02:08:34 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
        + 2006-10-17 11:28:56 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
        + 2006-10-27 14:09:58 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
        + 2007-12-07 02:08:34 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
        + 2007-12-07 02:08:34 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
        + 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
        + 2006-09-23 12:12:56 1,497,088 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
        + 2006-09-23 12:12:56 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
        + 2007-12-07 02:08:34 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
        + 2007-12-07 02:08:34 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
        + 2006-10-27 14:09:58 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
        + 2006-10-27 14:09:58 765,952 ------w C:\WINDOWS\system32\dllcache\VGX.dll
        + 2007-12-07 02:08:34 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
        + 2007-12-07 02:08:34 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
        - 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
        + 2008-03-08 20:22:54 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
        + 2007-05-30 23:03:48 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
        + 2007-05-30 23:03:50 119,576 ----a-w C:\WINDOWS\system32\drivers\klif.sys
        - 2004-08-05 11:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
        + 2007-12-19 22:53:23 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
        - 2004-08-05 11:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
        + 2007-12-07 02:08:32 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
        - 2004-08-05 11:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
        + 2007-12-07 02:08:32 133,120 ------w C:\WINDOWS\system32\extmgr.dll
        + 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
        + 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
        - 2004-08-05 11:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
        + 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
        - 2004-08-05 11:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
        + 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
        - 2004-08-05 11:00:00 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
        + 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
        - 2004-08-05 11:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
        + 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
        + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
        + 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
        - 2004-08-05 11:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
        + 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
        - 2004-08-05 11:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
        + 2006-10-17 12:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
        + 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
        - 2005-05-02 20:57:10 250,880 ----a-w C:\WINDOWS\system32\iepeers.dll
        + 2006-10-27 14:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
        - 2004-08-05 11:00:00 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
        + 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
        + 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
        - 2004-08-05 11:00:00 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
        + 2006-10-27 01:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
        + 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
        + 2006-10-27 14:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
        - 2004-08-05 11:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
        + 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
        + 2007-06-21 20:55:28 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
        + 2007-06-21 20:55:28 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
        - 2008-03-08 19:23:23 214,900 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
        + 2008-03-09 20:39:08 214,901 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
        - 2005-05-02 20:57:11 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
        + 2006-10-27 01:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
        - 2004-08-05 11:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
        + 2006-10-17 12:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
        - 2004-08-05 11:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
        + 2007-12-07 02:08:33 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
        + 2007-06-21 20:54:26 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
        - 2004-08-05 11:00:00 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
        + 2006-10-17 12:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
        + 2008-02-04 14:09:48 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
        + 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
        + 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
        + 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
        - 2004-08-05 11:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
        + 2006-10-17 11:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
        - 2005-05-02 12:57:12 3,011,072 ----a-w C:\WINDOWS\system32\mshtml.dll
        + 2007-12-08 09:38:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
        - 2005-09-03 00:06:11 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
        + 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
        - 2004-08-05 11:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
        + 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
        - 2004-08-05 11:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
        + 2006-10-27 14:09:58 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
        - 2005-05-02 20:57:11 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
        + 2007-12-07 02:08:34 193,024 ------w C:\WINDOWS\system32\msrating.dll
        - 2004-08-05 11:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
        + 2007-12-07 02:08:34 671,232 ------w C:\WINDOWS\system32\mstime.dll
        + 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
        + 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
        - 2004-08-05 11:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
        + 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\occache.dll
        - 2005-05-02 20:57:11 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
        + 2008-01-11 05:36:55 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
        - 2005-05-02 20:57:12 1,484,288 ----a-w C:\WINDOWS\system32\shdocvw.dll
        + 2006-09-23 12:12:56 1,497,088 ----a-w C:\WINDOWS\system32\shdocvw.dll
        - 2005-05-02 20:57:12 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
        + 2006-09-23 12:12:56 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
        + 2004-04-27 03:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
        - 2004-08-05 11:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
        + 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
        - 2005-05-02 20:57:12 605,696 ----a-w C:\WINDOWS\system32\urlmon.dll
        + 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
        - 2004-08-05 11:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
        + 2006-10-27 14:09:58 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
        + 2007-06-21 20:54:30 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
        + 2007-06-21 20:54:52 394,984 ----a-w C:\WINDOWS\system32\vsdatant.sys
        + 2007-06-21 20:54:32 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
        + 2007-06-21 20:54:32 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
        + 2007-06-21 20:54:32 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
        + 2007-06-21 20:54:32 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
        + 2007-06-21 20:54:34 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
        + 2007-06-21 20:55:30 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
        + 2007-06-21 20:54:34 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
        + 2007-06-21 20:54:34 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
        - 2004-08-05 11:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
        + 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
        - 2004-08-05 11:00:00 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
        + 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
        + 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
        - 2005-05-02 20:57:12 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
        + 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
        + 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
        + 2006-10-09 22:12:26 230,400 ------w C:\WINDOWS\system32\xpsp3res.dll
        + 2007-06-21 20:54:34 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
        + 2007-06-21 20:54:34 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
        + 2008-03-09 09:45:45 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
        + 2007-06-21 20:54:24 366,112 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
        + 2007-06-21 20:55:26 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll
        + 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
        + 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
        + 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
        + 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
        + 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
        + 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
        + 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
        + 2007-05-30 23:03:16 258,048 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
        + 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
        + 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
        + 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
        + 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
        + 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
        + 2007-05-30 23:03:18 118,784 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
        + 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
        + 2007-06-21 20:54:24 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
        + 2007-06-21 20:55:26 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll
        + 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
        + 2007-06-21 20:54:24 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
        + 2007-06-21 20:54:26 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
        + 2007-06-21 20:54:26 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
        + 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll
        + 2007-06-21 20:55:26 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
        + 2007-06-21 20:55:28 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
        + 2007-06-21 20:54:54 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
        + 2007-06-21 20:54:54 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
        + 2007-06-21 20:54:54 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
        + 2007-06-21 20:56:16 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
        + 2007-06-21 20:56:16 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
        + 2007-06-11 11:43:50 714,472 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
        + 2007-06-11 11:43:52 788,200 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
        + 2007-06-21 20:54:28 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
        + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll
        + 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
        + 2007-06-11 11:43:56 1,496,808 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
        + 2007-06-11 11:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
        + 2007-06-21 20:54:28 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
        + 2007-06-21 20:56:16 210,432 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
        + 2007-06-21 20:56:18 3,229,176 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
        + 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll
        + 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
        + 2008-03-09 10:07:32 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
        + 2007-06-21 20:54:46 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
        + 2007-06-21 20:55:30 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll
        + 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
        + 2007-06-21 20:54:30 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
        + 2007-06-21 20:54:30 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
        + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll
        + 2007-06-21 20:54:46 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        + 2007-06-21 20:55:30 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll
        + 2007-06-21 20:54:32 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
        + 2007-06-21 20:54:32 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
        + 2007-06-21 20:55:30 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll
        + 2007-06-21 20:54:34 243,176 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
        + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll
        + 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
        + 2007-06-21 20:54:36 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
        + 2007-06-21 20:54:36 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
        + 2007-06-21 20:55:32 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll
        + 2007-06-21 20:54:36 378,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
        + 2007-06-21 20:55:32 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll
        + 2007-06-21 20:54:36 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
        + 2007-06-21 20:54:40 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
        + 2008-03-09 20:36:16 47,670,822 ----a-w C:\WINDOWS\Temp\a2cache_474120F8.dat
        + 2008-03-09 20:35:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat
        + 2008-03-09 20:35:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3bc.dat
        + 2007-06-21 20:54:48 75,248 ----a-w C:\WINDOWS\zllsputility.exe
        + 2007-06-21 20:55:32 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
        .
        -- Snapshot reset to current date --
        .
        ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
        "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
        "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
        "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
        "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
        "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
        "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
        "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
        "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
        "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
        "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
        "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
        "Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
        "Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
        "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
        "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
        "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
        "SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
        "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
        "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
        "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
        "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-08 21:22 249896]
        "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
        "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
        "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

        C:\Documents and Settings\Christine & Patrice\Menu D‚marrer\Programmes\D‚marrage\
        Palm Registration.lnk - C:\Program Files\Palm\register.exe [2007-07-01 18:19:33 2494464]

        C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        Acrobat Assistant.lnk - C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
        DataViz Inc Messenger.lnk - C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-06-30 03:27:46 28672]
        HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
        Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-02 21:20:58 671744]
        Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
        path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
        backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
        path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
        backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
        path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
        backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
        path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
        backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

        [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
        path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
        backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
        --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
        --a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
        --a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
        --a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
        "Macromedia Licensing Service"=3 (0x3)

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "C:\\WINDOWS\\system32\\sessmgr.exe"=
        "C:\\Program Files\\Messenger\\msmsgs.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

        R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
        R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
        R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
        S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
        S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
        S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
        S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
        S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
        S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
        S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
        S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
        S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
        S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
        S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
        S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
        S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
        S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
        S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
        S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-09 22:11:40
        Windows 5.1.2600 Service Pack 2 NTFS

        Balayage processus cachés ...

        Balayage caché autostart entries ...

        Balayage des fichiers cachés ...

        Scan terminé avec succès
        Les fichiers cachés: 0

        **************************************************************************
        .
        Temps d'accomplissement: 2008-03-09 22:15:38
        ComboFix-quarantined-files.txt 2008-03-09 21:15:27
        ComboFix2.txt 2008-03-08 19:27:45
        0
      2. yvan3131 Messages postés 54 Statut Membre > yvan3131 Messages postés 54 Statut Membre
         
        Voici hijackthis :

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 22:20:56, on 09/03/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Safe mode

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\HiJackThis\tuecettemerde.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
        O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
        O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
        O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
        O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
        O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
        O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
        O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
        O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
        O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
        O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
        O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
        O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
        O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
        O4 - Global Startup: Logitech SetPoint.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
        O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
        O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
        O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
        O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
        O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
        O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
        O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    1/ # Télécharge RavAntivirus d'Evosla :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!

    2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

    Double-clique sur l’icône.
    Les icônes vont disparaître. C’est normal.
    Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
    Redémarre ensuite le PC.
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Bonjour Jlpjlp,

      Je me suis remis sur le pc et j'ai effectué les tests comme proposé. Le 1er est ok quant au 2ème il n'a pas créé de rapport donc si j'ai bien compris.
      Alors dernie point, au redémarrage à chaque fois a-square me demande si un fihcier pollingmodule.exe peut être lancé (comportement semblable à celui d'un spyware me dit-il). Le détail du fichier l'étiquette comme venant de c://program files/wanadoo
      Société non dispo
      Copyright france telecom
      Je lui dit ok ou pas ?

      Yvan
      0
  • 1
  • 2