Ibeaux

Salut, Un GRAND MERCI en tout cas, ça m'a permis de voir une autre façette de l'informatique Au fait, quelles sont tes qualifications, je suis très imprésionné. Au plaisir et bon courage pour les autres cas.... @+

C'est ok pour le Pc bureau, j'ai aussi désactiver la restaurations systèmes sur les 2 PC et voici le rapport pour Java: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Feb 13 09:18:24 2009 Found and removed: C:\Program Files\Java\jre1.5.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: Software\JavaSoft\Java2D\1.5.0_03 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\JavaPlugin.150_03 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ ------------------------------------ Finished reporting.

Bonjour, J'ai effectué les différentes procédures indiqués, cela à bien fonctionné sur le portable mais pas sur le PC bureau avec JavaRa, il me dit que la connexion à Internet n'est pas bonne, j'arrive pourtant à aller sur Internet, je vais réessayer, voici le rapport pour le portable: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Feb 13 08:59:16 2009 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting.

Bonsoir, Je viens de terminer le scan de l'ordinateur avec MaCfee et il n'a rien trouvé. Je penses que mes problèmes sont résolus, un grand merci pour l'aide sans quoi j'aurais dû formatter l'ordinateur. @+++

voici, le rapport [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\SDFIX: trouvé ! C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\Rsit: trouvé ! C:\ComboFix\Combofix.txt: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HJTInstall.exe: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\Rsit.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HJTInstall.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\ComboFix\Combofix.txt: supprimé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\Rsit.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\SDFIX: supprimé ! C:\Combofix: supprimé ! C:\Qoobox: supprimé ! C:\Rsit: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Corbeille vidée! Fichiers temporaires nettoyés !

Effectivement, il a l'air tronqué. Je pensais n'avoir copier/coller qu'une partie, mais c'est pas le cas. Il n'y a que cela dans le rapport. Je recommance la procédure en mode sans échec peut-être? Le fichier, c'est bien celui qui est dans le répértoire C:\combofix\combofix.txt

Voilà le rapport de combofix: Je peux activer l'option pour visualiser les fichiers cachées ainsi que les dossiers. ComboFix 09-02-10.03 - 2009-02-12 9:47:07.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.281 [GMT 1:00] Lancé depuis: C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: H:\a2h2.com I:\hl80c6b1.com . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 )))))))))))))))))))))))))))))))))))) . 2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit 2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- C:\Program Files\Trend Micro 2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- C:\WINDOWS\ERUNT 2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- C:\Program Files\Prevx 2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ C:\WINDOWS\system32\drivers\pxscan.sys 2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ C:\WINDOWS\wininit.ini 2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- C:\Program Files\Panda Security 2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD 2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ C:\WINDOWS\SonySNCRZ25.ini 2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- C:\Program Files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 08:56 --------- d-----w C:\Program Files\SysMetrix 2009-02-12 08:56 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-12 08:54 --------- d-----w C:\Program Files\PestPatrol 2009-02-10 08:10 --------- d-----w C:\Program Files\Island Top 9 2009-02-09 12:45 91,648 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp 2009-02-09 07:35 6,705,664 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp 2009-02-09 07:35 26,624 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp 2009-02-09 06:47 6,781,952 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp 2009-02-09 06:46 1,489,920 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp 2009-02-09 06:44 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.2 2009-02-06 13:33 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 15:22 --------- d-----w C:\Program Files\UltraVNC 2009-01-28 06:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2009-01-14 11:14 --------- d-----w C:\Program Files\Microsoft ActiveSync 2009-01-09 15:42 --------- d-----w C:\Program Files\INCU 2009-01-09 11:00 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2009-01-09 11:00 249,856 ------w C:\WINDOWS\Setup1.exe 2009-01-09 07:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-12-22 15:33 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss 2008-12-20 22:47 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-12-05 15:51 6,550,016 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp 2008-12-05 15:51 48,640 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp 2008-11-27 15:52 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp 2008-11-27 15:51 20,992 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp 2008-11-27 13:56 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB149.tmp 2008-11-27 13:49 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDB148.tmp 2008-11-27 07:38 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp 2008-11-27 07:32 229,888 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp 2008-11-21 13:59 68,352 ----a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT 2008-07-30 10:23 34,924 -c--a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin 2005-03-02 07:26 560 -c--a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat 2008-08-21 12:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat .

Il est en cours, ça met un peu plus de temps que d'habitude, dès que je l'ai, je le poste. Bonne journée,

Je viens d'envoyer pour analyse le fichier setup1.exe et voici le rapport : Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.04 - AhnLab-V3 2008.12.31.0 2009.01.04 - AntiVir 7.9.0.45 2009.01.04 - Authentium 5.1.0.4 2009.01.04 - Avast 4.8.1281.0 2009.01.04 - AVG 8.0.0.199 2009.01.04 - BitDefender 7.2 2009.01.05 - CAT-QuickHeal 10.00 2009.01.03 - ClamAV 0.94.1 2009.01.04 - Comodo 874 2009.01.04 - DrWeb 4.44.0.09170 2009.01.04 - eTrust-Vet 31.6.6289 2009.01.02 - Ewido 4.0 2008.12.31 - F-Prot 4.4.4.56 2009.01.04 - F-Secure 8.0.14470.0 2009.01.05 - Fortinet 3.117.0.0 2009.01.04 - GData 19 2009.01.05 - Ikarus T3.1.1.45.0 2009.01.03 - K7AntiVirus 7.10.575 2009.01.03 - Kaspersky 7.0.0.125 2009.01.05 - McAfee 5484 2009.01.04 - McAfee+Artemis 5484 2009.01.04 - Microsoft 1.4205 2009.01.05 - NOD32 3735 2009.01.04 - Norman 5.80.02 2009.01.02 - Panda 9.0.0.4 2009.01.04 - PCTools 4.4.2.0 2009.01.04 - Prevx1 V2 2009.01.05 - Rising 21.10.62.00 2009.01.04 - SecureWeb-Gateway 6.7.6 2009.01.04 - Sophos 4.37.0 2009.01.05 - Sunbelt 3.2.1809.2 2008.12.22 - TheHacker 6.3.1.4.205 2009.01.05 - TrendMicro 8.700.0.1004 2009.01.04 - VBA32 3.12.8.10 2009.01.04 - ViRobot 2009.1.3.1541 2009.01.03 - VirusBuster 4.5.11.0 2009.01.04 - Information additionnelle File size: 249856 bytes MD5...: 5365986bd88284801b2e9099a1436574 SHA1..: d3d3982279b2172b0189c9e73afaf2d4861afdbf SHA256: abd1894cfba767db39f26ce0180fda3c95272013569572b8c106512c413f69d4 SHA512: 7ef79a08c963b96e45e4bd636668bca23259e3ab060a0e1c80d357882c74637e 73d4b8300bd4a28070e27fd80cadba7c6adbae282c4cd6c7dee2a898a74440e1 ssdeep: 6144:0ZIKgce2fzNn3mzSAj0UTp1bDQwZefWnwJIB:0Zvaj0UTp1XtV PEiD..: - TrID..: File type identification Win32 Executable Microsoft Visual Basic 6 (71.5%) Win32 Executable MS Visual C++ (generic) (21.3%) Win32 Executable Generic (4.8%) Generic Win/DOS Executable (1.1%) DOS Executable Generic (1.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4037e0 timedatestamp.....: 0x36fb7f82 (Fri Mar 26 12:37:22 1999) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x350ec 0x36000 6.00 2e908fa76d0554a5c14c50b724bdb060 .data 0x37000 0x5390 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x3d000 0x4edc 0x5000 3.53 5a00390dca08fbd73762cd18629c078f ( 1 imports ) > MSVBVM60.DLL: __vbaVarTstGt, __vbaVarSub, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLineInputStr, __vbaLenBstr, -, __vbaStrVarMove, -, -, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaCopyBytes, __vbaResume, __vbaStrCat, __vbaRecDestruct, __vbaSetSystemError, __vbaNameFile, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaLateMemSt, -, __vbaForEachCollObj, __vbaBoolStr, __vbaExitProc, __vbaFileCloseAll, -, __vbaCyAdd, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaBoolVar, __vbaForEachCollVar, -, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, __vbaLateMemStAd, __vbaNextEachCollObj, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, -, __vbaCyI2, __vbaStrCmp, __vbaVarTstEq, __vbaCyI4, __vbaNextEachCollVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaFpCmpCy, __vbaVarMul, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaVarDiv, -, __vbaFPException, __vbaInStrVar, -, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaDateVar, -, __vbaI2Var, -, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, -, __vbaInStr, __vbaNew2, -, __vbaCyMulI2, _adj_fdiv_m32i, -, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, -, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, -, _adj_fdiv_r, -, -, -, -, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaFpI4, __vbaVarCopy, -, __vbaVarLateMemCallLd, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaStrMove, __vbaCastObj, __vbaStrVarCopy, -, _allmul, __vbaLenVarB, __vbaLateIdSt, _CItan, -, __vbaAryUnlock, _CIexp, __vbaMidStmtBstr, -, __vbaFreeStr, __vbaFreeObj, - ( 0 exports ) ThreatExpert info: http://www.threatexpert.com/report.aspx?md...b2e9099a1436574

Bonjour Pear, Hier, j'ai oublié de connecter les clés USB. Je les ai fait ce matin et voici le rapport log.txt : ComboFix 09-02-10.03 - 2009-02-12 8:32:46.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.226 [GMT 1:00] Lancé depuis: c:\documents and settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 )))))))))))))))))))))))))))))))))))) . 2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit 2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- c:\program files\Trend Micro 2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- c:\windows\ERUNT 2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- c:\program files\Prevx 2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ c:\windows\system32\drivers\pxscan.sys 2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ c:\windows\wininit.ini 2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- c:\program files\Panda Security 2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD 2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ c:\windows\SonySNCRZ25.ini 2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- c:\program files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 07:46 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-12 07:45 --------- d-----w c:\program files\SysMetrix 2009-02-12 07:44 --------- d-----w c:\program files\PestPatrol 2009-02-10 08:10 --------- d-----w c:\program files\Island Top 9 2009-02-09 12:45 91,648 ----a-w c:\windows\Internet Logs\xDBB5.tmp 2009-02-09 07:35 6,705,664 ----a-w c:\windows\Internet Logs\xDBB4.tmp 2009-02-09 07:35 26,624 ----a-w c:\windows\Internet Logs\xDBB8.tmp 2009-02-09 06:47 6,781,952 ----a-w c:\windows\Internet Logs\xDBB0.tmp 2009-02-09 06:46 1,489,920 ----a-w c:\windows\Internet Logs\xDBB3.tmp 2009-02-09 06:44 --------- d-----w c:\program files\ScanSpyware v3.8.0.2 2009-02-06 13:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 15:22 --------- d-----w c:\program files\UltraVNC 2009-01-28 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-01-14 11:14 --------- d-----w c:\program files\Microsoft ActiveSync 2009-01-09 15:42 --------- d-----w c:\program files\INCU 2009-01-09 11:00 73,216 ----a-w c:\windows\ST6UNST.EXE 2009-01-09 11:00 249,856 ------w c:\windows\Setup1.exe 2009-01-09 07:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 15:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-05 15:51 6,550,016 ----a-w c:\windows\Internet Logs\xDBAF.tmp 2008-12-05 15:51 48,640 ----a-w c:\windows\Internet Logs\xDBB1.tmp 2008-11-27 15:52 6,521,856 ----a-w c:\windows\Internet Logs\xDBAE.tmp 2008-11-27 15:51 20,992 ----a-w c:\windows\Internet Logs\xDBB2.tmp 2008-11-27 13:56 23,040 ----a-w c:\windows\Internet Logs\xDB149.tmp 2008-11-27 13:49 6,521,856 ----a-w c:\windows\Internet Logs\xDB148.tmp 2008-11-27 07:38 6,521,856 ----a-w c:\windows\Internet Logs\xDBAA.tmp 2008-11-27 07:32 229,888 ----a-w c:\windows\Internet Logs\xDBAB.tmp 2008-11-21 13:59 68,352 ----a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT 2008-07-30 10:23 34,924 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin 2005-03-02 07:26 560 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat 2008-08-21 12:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-11_17.04.01.64 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-16 20:18:31 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:18:31 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:18:31 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:18:31 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:18:32 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:12:20 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:18:32 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:18:32 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:18:32 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:18:32 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:18:35 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:18:35 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:18:36 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:18:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:18:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:18:40 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:18:40 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:18:41 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:18:41 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:18:41 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:18:41 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:18:42 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:18:43 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll - 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-10-16 20:18:31 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 22:46:48 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2008-10-16 20:18:31 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 22:46:48 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-10-16 20:18:31 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 22:46:48 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-10-16 20:18:31 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 22:46:49 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-10-16 13:12:20 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:11:12 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe - 2008-10-16 20:18:32 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 22:46:49 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-10-16 20:18:32 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 22:46:49 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-10-16 20:18:32 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 22:46:50 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 22:46:54 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-10-16 20:18:35 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 22:46:54 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 22:46:54 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2008-10-16 20:18:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 22:46:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 22:46:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2009-01-16 20:15:42 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 20:18:40 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 22:47:01 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-10-16 20:18:40 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 22:47:01 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-10-16 20:18:41 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 22:47:02 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-10-16 20:18:41 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 22:47:02 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-10-16 20:18:41 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 22:47:02 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2008-10-16 20:18:41 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 22:47:02 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-10-16 20:18:42 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 22:47:03 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-10-16 20:18:42 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 22:47:03 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-10-16 20:18:43 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 22:47:04 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 22:46:48 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 22:46:48 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 22:46:49 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:11:12 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 22:46:49 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 22:46:49 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 22:46:50 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 22:46:54 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 22:46:54 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 22:46:54 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 22:46:56 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe + 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe - 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 22:46:56 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2009-01-16 20:15:42 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 22:47:01 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 22:47:01 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 22:47:02 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 22:47:02 102,912 ----a-w c:\windows\system32\occache.dll - 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 22:47:02 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll + 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll - 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 22:47:02 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 22:47:03 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 22:47:03 233,472 ----a-w c:\windows\system32\webcheck.dll + 2009-02-12 07:45:42 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2dc.dat . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176] "MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480] "CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728] "SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-03-14 136512] "PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-04-01 693520] "Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448] "OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 44032] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2004-09-14 684032] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-05-17 36864] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-11-14 1115336] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-11-14 1852314] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-11-14 135168] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-11-10 49254] Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-10 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\ffdshow\ffdshow.ax "msacm.avis"= c:\program files\ffdshow\ffdshow.ax "MSACM.CEGSM"= mobilev.acm "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\stickies\\stickies.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"= "c:\\Program Files\\Island Top 9\\startup.exe"= "c:\\Program Files\\ICQLite\\ICQLite.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"= "c:\\Program Files\\SOTI\\Pocket Controller-Professional\\PocketController.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-02-07 17264] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-06 21512] R0 snapman;Acronis Snapshots Manager;c:\windows\system32\drivers\snapman.sys [2008-07-30 99776] R0 timounter;Acronis True Image Backup Archive Explorer;c:\windows\system32\drivers\timntr.sys [2008-07-30 392320] R1 cdrbsdrv;cdrbsdrv;c:\windows\system32\drivers\cdrbsdrv.sys [2005-02-24 32256] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-05-11 59904] R1 P3;Pilote processeur Intel Pentium III;c:\windows\system32\drivers\p3.sys [2002-08-29 46848] R1 StarOpen;StarOpen;c:\windows\system32\drivers\StarOpen.sys [2008-05-07 5632] R2 AcrSch2Svc;Acronis Scheduler2 Service;c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2006-11-14 397312] R2 bgsvcgen;B's Recorder GOLD Library General Service;c:\windows\system32\bgsvcgen.exe [2008-10-28 86016] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-06 4107832] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2004-12-21 18240] R2 irda;Protocole IrDA;c:\windows\system32\drivers\irda.sys [2004-12-06 88192] R2 Irmon;Moniteur infrarouge;c:\windows\system32\svchost.exe -k netsvcs [2002-08-30 14336] R2 MGABGEXE;MGABGEXE;c:\windows\system32\mgabg.exe [2002-01-16 81920] R2 tifsfilter;Acronis True Image FS Filter;c:\windows\system32\drivers\tifsfilt.sys [2008-07-30 32768] R2 UleadBurningHelper;Ulead Burning Helper;c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2008-02-06 49152] R3 ASAPIW2k;ASAPIW2K;c:\windows\system32\drivers\asapiW2k.sys [2005-07-05 11264] R3 E100B;Pilote de carte Intel ® PRO;c:\windows\system32\drivers\e100b325.sys [2004-11-05 117760] R3 EntDrv51;EntDrv51;c:\windows\system32\drivers\entdrv51.sys [2007-11-26 8320] R3 G200;G200;c:\windows\system32\drivers\g200mini.sys [2004-09-14 260992] R3 Rasirda;Miniport réseau étendu (IrDA);c:\windows\system32\drivers\rasirda.sys [2004-12-06 19584] S1 cdrbsvsd;cdrbsvsd; [x] S2 KC180;IRXpress USB IrDA Device;c:\windows\system32\drivers\kcirusb.sys [2004-12-06 17904] S3 DWMRCS;DameWare Mini Remote Control;c:\windows\SYSTEM32\DWRCS.EXE -service --> c:\windows\SYSTEM32\DWRCS.EXE -service [?] S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [2004-12-06 11856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-10 38496] S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-04-14 20736] S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2008-07-16 299904] S3 MSIRCOMM;Microsoft IR Communications Driver;c:\windows\system32\drivers\msircomm.sys [2004-12-14 22016] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2006-09-05 14468] S3 NdisIP;Connection TV/vidéo Microsoft;c:\windows\system32\drivers\ndisip.sys [2008-07-15 10880] S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2008-07-15 311684] S3 SLIP;Détrameur décalage BDA;c:\windows\system32\drivers\slip.sys [2008-07-15 11136] S3 StillCam;Pilote d'appareil photo numérique série;c:\windows\system32\drivers\serscan.sys [2004-11-16 6912] S3 usb_rndisx;USB RNDIS Adapter;c:\windows\system32\drivers\usb8023x.sys [2004-08-04 12800] S3 wceusbsh;Windows CE USB Serial Host Driver;c:\windows\system32\drivers\wceusbsh.sys [2005-07-26 104576] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ENTDRV51 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - pook.com \Shell\open\Command - pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}] \Shell\AutoRun\command - iqe68o.bat \Shell\explore\Command - iqe68o.bat \Shell\open\Command - iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - I:\hl80c6b1.com \Shell\open\Command - I:\hl80c6b1.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}] \Shell\AutoRun\command - H:\hl80c6b1.com \Shell\open\Command - H:\hl80c6b1.com [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . Contenu du dossier 'Tâches planifiées' 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2005-10-17 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = 1 uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = hxxp://intranet uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: foto.com\be Trusted Zone: foto.com\www TCP: {34A93789-78F4-48BC-8CDF-09F7E9EBDA2A} = 192.168.162.5,192.168.162.3 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://asp.photoprintit.de/microsite/999/defaults/activex/ips/IPSUploader4.cab DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab FF - ProfilePath - c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - component: c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-12 08:42:25 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9e,84,09,44,17, 58,cd,de,a6,f3,14,71,8a,c5,9a,35,74,57,27,9b,54,d1,4d,40,a6,f3,14,71,8a,c5,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a2,fd,9d,69,45, a0,8f,fb,d0,98,d4,bd,0a,e6,79,92,32,ab,5f,41,f9,4f,b5,16,d0,98,d4,bd,0a,e6,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,a9,0f,f6,38, 6b,6b,c7,09,61,1a,a3,11,00,a2,ae,a9,e5,72,73,67,f7,f0,3a,09,61,1a,a3,11,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5c,7a,1e,62,56, 5d,fb,cf,08,e7,68,d6,5c,b4,cd,f1,58,32,c0,f8,46,d9,77,ad,08,e7,68,d6,5c,b4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,25,05,16,9e,6c, 55,a2,d0,8d,be,12,1e,a1,91,16,6f,48,7d,e3,1e,ee,dc,4e,71,8d,be,12,1e,a1,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,23,d0,51,58,ff, e7,ff,8f,a3,c5,b5,43,94,bd,19,2e,ab,02,be,84,78,5c,1f,34,a3,c5,b5,43,94,bd,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,2e,87,ab,e7, de,c7,f0,b8,7b,c0,b9,09,14,fe,bc,cc,31,f7,7b,30,2e,3c,0a,b8,7b,c0,b9,09,14,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8e,a4,de,03,9d, 46,7f,4d,5d,43,4a,2f,77,91,33,47,55,7e,b7,69,06,3d,ce,6d,5d,43,4a,2f,77,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,65,26,17,1a,d2, 81,20,0d,7e,4b,89,21,03,b8,4e,43,45,ba,5d,9a,29,5a,f0,31,7e,4b,89,21,03,b8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,be,1b,47,66,db, 9d,e5,4c,06,f6,ae,ea,2d,07,2a,77,c5,ac,a4,5e,89,d4,5a,bf,06,f6,ae,ea,2d,07,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c1,a8,c5,5d,10, f3,67,f0,f7,e9,ec,6d,49,1d,94,58,a5,24,f1,6b,6a,d0,3f,2c,f7,e9,ec,6d,49,1d,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d3,6a,35,1f,89, 03,cc,cb,4d,88,5b,1b,af,d7,a0,d1,06,82,f8,4f,f7,b5,9a,12,4d,88,5b,1b,af,d7,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(952) c:\windows\system32\relog_ap.dll c:\windows\system32\EntApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\mcshield.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Network Associates\Common Framework\naPrdMgr.exe c:\windows\system32\wwSecure.exe c:\program files\Network Associates\Common Framework\Mctray.exe c:\windows\system32\ntvdm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\stickies\stickies.exe . ************************************************************************** . Heure de fin: 2009-02-12 8:55:08 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-12 07:54:39 ComboFix2.txt 2009-02-11 16:47:29 ComboFix3.txt 2009-02-11 16:09:14 Avant-CF: 8.060.502.016 octets libres Après-CF: 7,972,007,936 octets libres 504 --- E O F --- 2009-02-12 02:08:55

voici le rapport : ComboFix 09-02-10.03 - Ibrahim_Demirel 2009-02-11 16:44:33.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.234 [GMT 1:00] Lancé depuis: c:\documents and settings\Demirel.TECBIOMEDICUS\Bureau\ibeaux.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\mdm.exe E:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 )))))))))))))))))))))))))))))))))))) . 2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit 2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- c:\program files\Trend Micro 2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- c:\windows\ERUNT 2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- c:\program files\Prevx 2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ c:\windows\system32\drivers\pxscan.sys 2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ c:\windows\wininit.ini 2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- c:\program files\Panda Security 2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD 2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ c:\windows\SonySNCRZ25.ini 2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- c:\program files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-11 15:57 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-11 15:56 --------- d-----w c:\program files\SysMetrix 2009-02-11 15:55 --------- d-----w c:\program files\PestPatrol 2009-02-10 08:10 --------- d-----w c:\program files\Island Top 9 2009-02-09 12:45 91,648 ----a-w c:\windows\Internet Logs\xDBB5.tmp 2009-02-09 07:35 6,705,664 ----a-w c:\windows\Internet Logs\xDBB4.tmp 2009-02-09 07:35 26,624 ----a-w c:\windows\Internet Logs\xDBB8.tmp 2009-02-09 06:47 6,781,952 ----a-w c:\windows\Internet Logs\xDBB0.tmp 2009-02-09 06:46 1,489,920 ----a-w c:\windows\Internet Logs\xDBB3.tmp 2009-02-09 06:44 --------- d-----w c:\program files\ScanSpyware v3.8.0.2 2009-02-06 13:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 15:22 --------- d-----w c:\program files\UltraVNC 2009-01-28 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-01-14 11:14 --------- d-----w c:\program files\Microsoft ActiveSync 2009-01-09 15:42 --------- d-----w c:\program files\INCU 2009-01-09 11:00 73,216 ----a-w c:\windows\ST6UNST.EXE 2009-01-09 11:00 249,856 ------w c:\windows\Setup1.exe 2009-01-09 07:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 15:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss 2008-12-11 14:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Canon 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 15:51 6,550,016 ----a-w c:\windows\Internet Logs\xDBAF.tmp 2008-12-05 15:51 48,640 ----a-w c:\windows\Internet Logs\xDBB1.tmp 2008-11-27 15:52 6,521,856 ----a-w c:\windows\Internet Logs\xDBAE.tmp 2008-11-27 15:51 20,992 ----a-w c:\windows\Internet Logs\xDBB2.tmp 2008-11-27 13:56 23,040 ----a-w c:\windows\Internet Logs\xDB149.tmp 2008-11-27 13:49 6,521,856 ----a-w c:\windows\Internet Logs\xDB148.tmp 2008-11-27 07:38 6,521,856 ----a-w c:\windows\Internet Logs\xDBAA.tmp 2008-11-27 07:32 229,888 ----a-w c:\windows\Internet Logs\xDBAB.tmp 2008-11-21 13:59 68,352 ----a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT 2008-07-30 10:23 34,924 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin 2005-03-02 07:26 560 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat 2008-08-21 12:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176] "MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480] "CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728] "SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-03-14 136512] "PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-04-01 693520] "Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448] "OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 44032] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2004-09-14 684032] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-05-17 36864] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-11-14 1115336] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-11-14 1852314] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-11-14 135168] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Demirel\Menu D‚marrer\Programmes\D‚marrage\ Stickies.lnk - c:\program files\stickies\stickies.exe [2007-01-22 700416] c:\documents and settings\Demirel.TECBIOMEDICUS\Menu D‚marrer\Programmes\D‚marrage\ PopTray.lnk - c:\program files\PopTray\PopTray.exe [2006-09-16 1666048] Stickies.lnk - c:\program files\stickies\stickies.exe [2007-01-22 700416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\ffdshow\ffdshow.ax "msacm.avis"= c:\program files\ffdshow\ffdshow.ax "MSACM.CEGSM"= mobilev.acm "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\stickies\\stickies.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"= "c:\\Program Files\\Island Top 9\\startup.exe"= "c:\\Program Files\\ICQLite\\ICQLite.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"= "c:\\Program Files\\SOTI\\Pocket Controller-Professional\\PocketController.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-02-07 17264] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-06 21512] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-05-11 59904] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2004-12-21 18240] R3 G200;G200;c:\windows\system32\drivers\g200mini.sys [2004-09-14 260992] S2 KC180;IRXpress USB IrDA Device;c:\windows\system32\drivers\kcirusb.sys [2004-12-06 17904] S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [2004-12-06 11856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-10 38496] S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-04-14 20736] S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2008-07-16 299904] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2006-09-05 14468] S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2008-07-15 311684] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AcrSch2Svc *Deregistered* - ALG *Deregistered* - AudioSrv *Deregistered* - bgsvcgen *Deregistered* - Browser *Deregistered* - CryptSvc *Deregistered* - CSIScanner *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - helpsvc *Deregistered* - ImapiService *Deregistered* - Irmon *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - McAfeeFramework *Deregistered* - McShield *Deregistered* - McTaskManager *Deregistered* - MDM *Deregistered* - MGABGEXE *Deregistered* - Netlogon *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - UleadBurningHelper *Deregistered* - vsmon *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - wwSecSvc *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - pook.com \Shell\open\Command - pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013271d8-f1dd-11dd-8fef-0030050cc69f}] \Shell\AutoRun\command - H:\a2h2.com \Shell\open\Command - H:\a2h2.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}] \Shell\AutoRun\command - iqe68o.bat \Shell\explore\Command - iqe68o.bat \Shell\open\Command - iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - I:\hl80c6b1.com \Shell\open\Command - I:\hl80c6b1.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}] \Shell\AutoRun\command - H:\hl80c6b1.com \Shell\open\Command - H:\hl80c6b1.com [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . Contenu du dossier 'Tâches planifiées' 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2005-10-17 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe HKLM-Run-PestPatrolCL - (no file) MSConfigStartUp-WinVNC - c:\program files\UltraVNC\WinVNC.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = 1 uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = hxxp://intranet uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: foto.com\be Trusted Zone: foto.com\www TCP: {34A93789-78F4-48BC-8CDF-09F7E9EBDA2A} = 192.168.162.5,192.168.162.3 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://asp.photoprintit.de/microsite/999/defaults/activex/ips/IPSUploader4.cab DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab FF - ProfilePath - c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - component: c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-11 16:54:07 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9e,84,09,44,17, 58,cd,de,a6,f3,14,71,8a,c5,9a,35,74,57,27,9b,54,d1,4d,40,a6,f3,14,71,8a,c5,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a2,fd,9d,69,45, a0,8f,fb,d0,98,d4,bd,0a,e6,79,92,32,ab,5f,41,f9,4f,b5,16,d0,98,d4,bd,0a,e6,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,a9,0f,f6,38, 6b,6b,c7,09,61,1a,a3,11,00,a2,ae,a9,e5,72,73,67,f7,f0,3a,09,61,1a,a3,11,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5c,7a,1e,62,56, 5d,fb,cf,08,e7,68,d6,5c,b4,cd,f1,58,32,c0,f8,46,d9,77,ad,08,e7,68,d6,5c,b4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,25,05,16,9e,6c, 55,a2,d0,8d,be,12,1e,a1,91,16,6f,48,7d,e3,1e,ee,dc,4e,71,8d,be,12,1e,a1,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,23,d0,51,58,ff, e7,ff,8f,a3,c5,b5,43,94,bd,19,2e,ab,02,be,84,78,5c,1f,34,a3,c5,b5,43,94,bd,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,2e,87,ab,e7, de,c7,f0,b8,7b,c0,b9,09,14,fe,bc,cc,31,f7,7b,30,2e,3c,0a,b8,7b,c0,b9,09,14,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8e,a4,de,03,9d, 46,7f,4d,5d,43,4a,2f,77,91,33,47,55,7e,b7,69,06,3d,ce,6d,5d,43,4a,2f,77,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,65,26,17,1a,d2, 81,20,0d,7e,4b,89,21,03,b8,4e,43,45,ba,5d,9a,29,5a,f0,31,7e,4b,89,21,03,b8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,be,1b,47,66,db, 9d,e5,4c,06,f6,ae,ea,2d,07,2a,77,c5,ac,a4,5e,89,d4,5a,bf,06,f6,ae,ea,2d,07,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c1,a8,c5,5d,10, f3,67,f0,f7,e9,ec,6d,49,1d,94,58,a5,24,f1,6b,6a,d0,3f,2c,f7,e9,ec,6d,49,1d,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d3,6a,35,1f,89, 03,cc,cb,4d,88,5b,1b,af,d7,a0,d1,06,82,f8,4f,f7,b5,9a,12,4d,88,5b,1b,af,d7,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\relog_ap.dll c:\windows\system32\EntApi.dll - - - - - - - > 'explorer.exe'(1260) c:\windows\system32\EntApi.dll c:\program files\PANICWARE\DON'T_PANIC_FR!\DPHOOK32.DLL c:\windows\PANICNT.dll c:\program files\Caere\OmniPagePro90\ophook32.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe c:\windows\system32\bgsvcgen.exe c:\program files\Prevx\prevx.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\mcshield.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\mgabg.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Network Associates\Common Framework\naPrdMgr.exe c:\windows\system32\wwSecure.exe c:\program files\Prevx\prevx.exe c:\program files\Network Associates\Common Framework\Mctray.exe c:\windows\system32\ntvdm.exe c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe c:\progra~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Heure de fin: 2009-02-11 17:08:35 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-11 16:08:04 Avant-CF: 8.212.127.744 octets libres AprÞs-CF: 8,131,014,656 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn 412 --- E O F --- 2009-01-14 13:49:37

Premier fichier Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.28 - AhnLab-V3 5.0.0.2 2009.01.28 - AntiVir 7.9.0.60 2009.01.28 - Authentium 5.1.0.4 2009.01.27 - Avast 4.8.1281.0 2009.01.27 - AVG 8.0.0.229 2009.01.28 - BitDefender 7.2 2009.01.28 - CAT-QuickHeal 10.00 2009.01.28 - ClamAV 0.94.1 2009.01.28 - Comodo 948 2009.01.27 - DrWeb 4.44.0.09170 2009.01.28 - eSafe 7.0.17.0 2009.01.27 - eTrust-Vet 31.6.6331 2009.01.28 - F-Prot 4.4.4.56 2009.01.27 - F-Secure 8.0.14470.0 2009.01.28 - Fortinet 3.117.0.0 2009.01.28 - GData 19 2009.01.28 - Ikarus T3.1.1.45.0 2009.01.28 - K7AntiVirus 7.10.607 2009.01.27 - Kaspersky 7.0.0.125 2009.01.28 - McAfee 5508 2009.01.27 - McAfee+Artemis 5508 2009.01.27 - Microsoft 1.4205 2009.01.28 - NOD32 3806 2009.01.28 - Norman 5.93.01 2009.01.27 - nProtect 2009.1.8.0 2009.01.28 - Panda 9.5.1.2 2009.01.27 - PCTools 4.4.2.0 2009.01.27 - Prevx1 V2 2009.01.28 - Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.28 - Sophos 4.37.0 2009.01.28 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.01.28 - TheHacker 6.3.1.5.229 2009.01.26 - TrendMicro 8.700.0.1004 2009.01.28 - VBA32 3.12.8.11 2009.01.27 - ViRobot 2009.1.28.1579 2009.01.28 - VirusBuster 4.5.11.0 2009.01.27 - Information additionnelle File size: 1384448 bytes MD5...: 3e4938d84a2bddb1cb626e6c2340b0fd SHA1..: 889f193e14593d08dfc1a9402f625cc234552b24 SHA256: 577f02adfcc617aca69dfbe6f0949583b62a8c77262d1ed26141edf6a8dbcf02 SHA512: c2a0409810ea02bc7f51b736bc078fb57c3eef382536d1c54bc0c735f6576e47 b098b0037b11fc32c1e7341b1a5ce0c1144340904073e71949e08618c6f66142 ssdeep: 24576:fdDGO6/ZG06NuixCqS0aQIAyUP9PlWfRkFt:6PqOcIqPlWfC PEiD..: Armadillo v1.71 TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40b50 timedatestamp.....: 0x41925b7e (Wed Nov 10 18:18:38 2004) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6807f 0x69000 6.55 fee200ddae0b85be2613b758635ac540 .rdata 0x6a000 0x1565a 0x16000 4.49 b0ed8b2760081902080e11f0d13f19e9 .data 0x80000 0xabc8 0x7000 4.63 e3692db954fb59dacbcb90954cc7309c .rsrc 0x8b000 0xca560 0xcb000 7.26 cc2c846eb5f9f5830b608571e1a796c3 ( 16 imports ) > SHLWAPI.dll: PathAppendA, PathFileExistsA > WININET.dll: DeleteUrlCacheEntry, InternetOpenUrlA, InternetCloseHandle, InternetQueryDataAvailable, InternetReadFile, InternetOpenA > KERNEL32.dll: GetCurrentDirectoryA, GetTickCount, RtlUnwind, GetFileType, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, GetTimeZoneInformation, GetLocalTime, GetACP, ExitThread, HeapSize, HeapReAlloc, SetStdHandle, SetHandleCount, GetStdHandle, LCMapStringA, LCMapStringW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, IsBadCodePtr, WritePrivateProfileStringA, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, DeleteFileA, GetTempFileNameA, GetModuleFileNameA, GlobalFree, SizeofResource, LoadResource, FindResourceA, GlobalAlloc, SetCurrentDirectoryA, InterlockedDecrement, GetVersionExA, GetVersion, lstrlenA, lstrlenW, GetCPInfo, LockResource, lstrcmpiA, GetDriveTypeA, GetWindowsDirectoryA, FileTimeToSystemTime, FileTimeToLocalFileTime, FindClose, FindFirstFileA, GetFileAttributesA, SetFileAttributesA, FindNextFileA, RemoveDirectoryA, WaitForSingleObject, CopyFileA, CloseHandle, GetFileSize, CreateFileA, MulDiv, SetErrorMode, GetOEMCP, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalAlloc, GetCurrentThread, IsBadReadPtr, IsBadWritePtr, GetThreadLocale, GetVolumeInformationA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetCurrentProcess, DuplicateHandle, lstrcmpA, SuspendThread, SetThreadPriority, ResumeThread, SystemTimeToFileTime, FormatMessageA, LocalFree, MultiByteToWideChar, InterlockedIncrement, GlobalLock, GlobalUnlock, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetModuleHandleA, ReadFile, lstrcpynA, GetFileTime, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, WriteFile, GetFullPathNameA, CreateThread, ResetEvent, CreateDirectoryA, TerminateThread, ExpandEnvironmentStringsA, CreateToolhelp32Snapshot, Process32First, Process32Next, GetSystemTime, GetComputerNameA, SetEvent, CreateEventA, Sleep, CreateProcessA, GetLastError, GetExitCodeProcess, HeapAlloc, HeapFree, WideCharToMultiByte, SetLastError, OpenProcess, GetProcAddress, TerminateProcess, GetTempPathA, GetSystemDirectoryA, lstrcatA, WinExec, lstrcpyA, LoadLibraryA, FreeLibrary, Beep > USER32.dll: RegisterClipboardFormatA, SetParent, GetNextDlgGroupItem, CopyAcceleratorTableA, CharNextA, SetCapture, GetDCEx, GetClassNameA, MapDialogRect, SetWindowContextHelpId, CharUpperA, SetRectEmpty, GetMessageA, ValidateRect, DestroyMenu, EndDialog, CreateDialogIndirectParamA, LoadStringA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, IsWindowEnabled, ShowWindow, MoveWindow, SetWindowTextA, SetDlgItemTextA, EndPaint, BeginPaint, SendDlgItemMessageA, MapWindowPoints, SetActiveWindow, SetFocus, AdjustWindowRectEx, EqualRect, DeferWindowPos, SetScrollInfo, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowPos, IntersectRect, GetWindowPlacement, GetFocus, GetCursorPos, SetScrollPos, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode, DestroyCursor, DestroyIcon, RegisterWindowMessageA, MessageBoxA, PostQuitMessage, IsWindowVisible, IsIconic, DrawIcon, GetSystemMenu, LoadIconA, PostThreadMessageA, LockWindowUpdate, GetWindowThreadProcessId, EnumWindows, LoadCursorA, CopyIcon, IsWindow, MessageBeep, SetWindowLongA, TrackPopupMenu, BringWindowToTop, GetMessagePos, ScreenToClient, KillTimer, ReleaseCapture, PtInRect, SetTimer, UpdateWindow, PeekMessageA, DispatchMessageA, IsDialogMessageA, TranslateMessage, GetWindowDC, SetWindowRgn, GrayStringA, GetSubMenu, TabbedTextOutA, GetSysColorBrush, GetMenuStringA, CreateMenu, CreatePopupMenu, GetMenuItemID, GetMenuState, ModifyMenuA, GetMenuItemCount, AppendMenuA, GetWindowLongA, SendMessageA, IsMenu, GetNextDlgTabItem, GetParent, SetCursor, InvalidateRect, GetActiveWindow, WindowFromPoint, ClientToScreen, PostMessageA, GetWindowRect, DrawFocusRect, InflateRect, CopyRect, GetClientRect, OffsetRect, DrawStateA, FillRect, GetSysColor, ReleaseDC, GetDC, CreateIconIndirect, GetIconInfo, LoadImageA, FrameRect, EnableWindow, CopyImage, LoadBitmapA, GetMenuItemInfoA, SetRect, DrawEdge, SystemParametersInfoA, DrawIconEx, DrawTextA, GetDesktopWindow, GetSystemMetrics, GetScrollInfo > GDI32.dll: ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetTextExtentPoint32W, SelectClipRgn, ExcludeClipRect, IntersectClipRect, MoveToEx, LineTo, SetViewportExtEx, GetViewportExtEx, GetWindowExtEx, CreatePatternBrush, GetMapMode, SetRectRgn, CreateRectRgnIndirect, DPtoLP, StretchDIBits, GetCharWidthA, GetTextMetricsA, GetTextColor, LPtoDP, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetClipBox, GetCurrentObject, CreateFontIndirectA, CreateSolidBrush, CreatePen, GetBkMode, GetDeviceCaps, CreateFontA, GetObjectA, GetPixel, SetPixel, CreateBitmap, SelectObject, SetBkColor, CreateRoundRectRgn, GetDIBits, CreateRectRgn, CombineRgn, GetBkColor, StretchBlt, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetTextExtentPointA, CreateDIBitmap, PatBlt, CreateDIBSection, Ellipse, CreateCompatibleBitmap, GetStockObject, DeleteObject, SetTextColor, DeleteDC, BitBlt, CreateCompatibleDC, GetTextExtentPoint32A > comdlg32.dll: GetOpenFileNameA, GetFileTitleA, GetSaveFileNameA > WINSPOOL.DRV: ClosePrinter, OpenPrinterA, DocumentPropertiesA > ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, RegQueryValueA, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, GetUserNameA, RegQueryValueExA > SHELL32.dll: SHBrowseForFolderA, SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderPathA, ShellExecuteA, ShellExecuteExA > COMCTL32.dll: ImageList_GetIconSize, ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageInfo, ImageList_Draw, ImageList_AddMasked, _TrackMouseEvent, ImageList_SetBkColor, ImageList_GetBkColor, -, ImageList_Destroy, ImageList_Create, ImageList_LoadImageA, ImageList_DrawIndirect, ImageList_GetImageCount > oledlg.dll: - > ole32.dll: CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoTaskMemAlloc, CoTaskMemFree, CoFreeUnusedLibraries, CLSIDFromProgID, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, CoCreateInstance, OleRun, CreateStreamOnHGlobal, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoCreateGuid, CLSIDFromString > OLEPRO32.DLL: -, -, - > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, - > urlmon.dll: URLDownloadToCacheFileA > WINMM.dll: PlaySoundA ( 0 exports ) Deuxième fichier Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.11 - AhnLab-V3 5.0.0.2 2009.02.11 - AntiVir 7.9.0.76 2009.02.11 - Authentium 5.1.0.4 2009.02.11 - Avast 4.8.1335.0 2009.02.10 - AVG 8.0.0.229 2009.02.11 - BitDefender 7.2 2009.02.11 - CAT-QuickHeal 10.00 2009.02.11 - ClamAV 0.94.1 2009.02.11 - Comodo 974 2009.02.11 - DrWeb 4.44.0.09170 2009.02.11 - eSafe 7.0.17.0 2009.02.11 - eTrust-Vet 31.6.6350 2009.02.11 - F-Prot 4.4.4.56 2009.02.11 - F-Secure 8.0.14470.0 2009.02.11 - Fortinet 3.117.0.0 2009.02.11 - GData 19 2009.02.11 - Ikarus T3.1.1.45.0 2009.02.11 - K7AntiVirus 7.10.627 2009.02.11 - Kaspersky 7.0.0.125 2009.02.11 - McAfee 5522 2009.02.10 - McAfee+Artemis 5522 2009.02.10 - Microsoft 1.4306 2009.02.11 - NOD32 3846 2009.02.11 - Norman 6.00.02 2009.02.11 - nProtect 2009.1.8.0 2009.02.11 - Panda 10.0.0.10 2009.02.11 - PCTools 4.4.2.0 2009.02.11 - Prevx1 V2 2009.02.11 - Rising 21.16.22.00 2009.02.11 - SecureWeb-Gateway 6.7.6 2009.02.11 - Sophos 4.38.0 2009.02.11 - Sunbelt 3.2.1851.2 2009.02.11 - Symantec 10 2009.02.11 - TheHacker 6.3.1.85.252 2009.02.11 - TrendMicro 8.700.0.1004 2009.02.11 - VBA32 3.12.8.12 2009.02.11 - ViRobot 2009.2.11.1600 2009.02.11 - VirusBuster 4.5.11.0 2009.02.11 - Information additionnelle File size: 1817 bytes MD5...: c3cb3ee13a99744b6ee08727bdf677bd SHA1..: a6ba0fafa75f9e245e61661d81a6f91b2e7da511 SHA256: 96dadfccbe6cf4d00c487634befd75964edaac710d42706a8e02c74f6547e137 SHA512: efa1bac5b9df02fdd378316cd4500723a6f7d01e20733f00d0d2587390078510 02c3e048f3d3e5702f4ef2d0b5bf6a166db839fddac0a28497c90ed320ce9323 ssdeep: 48:XGmjShkZZAiMn5rg4YqSRZOPOyZppFlCaealJ:2EShKw5rg4bGOGyZppZ PEiD..: - TrID..: File type identification Generic INI configuration (100.0%) PEInfo: - Troisième fichier: Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.11 - AhnLab-V3 5.0.0.2 2009.02.11 - AntiVir 7.9.0.76 2009.02.11 - Authentium 5.1.0.4 2009.02.11 - Avast 4.8.1335.0 2009.02.10 - AVG 8.0.0.229 2009.02.11 - BitDefender 7.2 2009.02.11 - CAT-QuickHeal 10.00 2009.02.11 - ClamAV 0.94.1 2009.02.11 - Comodo 974 2009.02.11 - DrWeb 4.44.0.09170 2009.02.11 - eSafe 7.0.17.0 2009.02.11 - eTrust-Vet 31.6.6350 2009.02.11 - F-Prot 4.4.4.56 2009.02.11 - F-Secure 8.0.14470.0 2009.02.11 - Fortinet 3.117.0.0 2009.02.11 - GData 19 2009.02.11 - Ikarus T3.1.1.45.0 2009.02.11 - K7AntiVirus 7.10.627 2009.02.11 - Kaspersky 7.0.0.125 2009.02.11 - McAfee 5522 2009.02.10 - McAfee+Artemis 5522 2009.02.10 - Microsoft 1.4306 2009.02.11 - NOD32 3846 2009.02.11 - Norman 6.00.02 2009.02.11 - nProtect 2009.1.8.0 2009.02.11 - Panda 10.0.0.10 2009.02.11 - PCTools 4.4.2.0 2009.02.11 - Prevx1 V2 2009.02.11 - Rising 21.16.22.00 2009.02.11 - SecureWeb-Gateway 6.7.6 2009.02.11 - Sophos 4.38.0 2009.02.11 - Sunbelt 3.2.1851.2 2009.02.11 - Symantec 10 2009.02.11 - TheHacker 6.3.1.85.252 2009.02.11 - TrendMicro 8.700.0.1004 2009.02.11 - VBA32 3.12.8.12 2009.02.11 - ViRobot 2009.2.11.1600 2009.02.11 - VirusBuster 4.5.11.0 2009.02.11 - Information additionnelle File size: 71 bytes MD5...: 37aa1e187e7401ab0bbb081eed194981 SHA1..: ea7ed3bdd9a64bcc5cce047fab31bc66e4865ec5 SHA256: ddd517e0361562a9af767807e2eec19b553c6b3d151f65a90970e0084c0a3077 SHA512: c256791dd3bbacac8f99dd6b10a0db164bd0809d2c35f0415e5f7d2f9e0cb0b2 7d04776a80c3f8dbee46d30aaf54d5eb35b0ddd1c6e37701f7e2c2abf4dbc2d5 ssdeep: 3:dLhUrcm0bjOPzw3VRLE:du+jEIVRLE PEiD..: - TrID..: File type identification Generic INI configuration (100.0%) PEInfo: -

Pour mon PC Bureau voici le log.txt : Logfile of random's system information tool 1.05 (written by random/random) Run by Ibrahim_Demirel at 2009-02-11 14:14:30 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 8 GB (39%) free of 21 GB Total RAM: 511 MB (20% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:14:51, on 11/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE C:\Program Files\Caere\OmniPagePro90\opware32.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\PopTray\PopTray.exe C:\Program Files\stickies\stickies.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Ibrahim_Demirel.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://intranet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE" O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ibrahim_Demirel" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://be.foto.com O15 - Trusted Zone: www.foto.com O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226574099240 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://www.admincefig.dyndns.org/msrdp.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://192.168.16.34/program/SonySncRz25View.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://asp.photoprintit.de/microsite/999/d...PSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{34A93789-78F4-48BC-8CDF-09F7E9EBDA2A}: NameServer = 192.168.162.5,192.168.162.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 13077 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\XoftSpy.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720] "PestPatrolCL"= [] "PPMemCheck"=c:\PROGRA~1\PESTPA~1\PPMemCheck.exe [2003-04-19 148480] "CookiePatrol"=c:\PROGRA~1\PESTPA~1\CookiePatrol.exe [2005-01-10 73728] "SysMetrix"=C:\Program Files\SysMetrix\SysMetrix.exe [2006-02-25 2637824] "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2008-03-14 136512] "PestPatrol Control Center"=c:\PROGRA~1\PESTPA~1\PPControl.exe [2004-11-15 98304] "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 98304] "Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514] "Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2004-04-01 693520] "Don't Panic!"=C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE [2001-06-16 1384448] "OmniPage"=C:\Program Files\Caere\OmniPagePro90\opware32.exe [1998-10-28 44032] "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-29 196608] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe [2004-09-14 684032] "UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-05-17 36864] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe [2006-11-14 1115336] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe [2006-11-14 1852314] "Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2006-11-14 135168] "OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2006-05-16 40960] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1211176] "MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-14 1695232] "OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2006-05-16 57344] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe [2005-05-20 51200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC] C:\Program Files\UltraVNC\WinVNC.exe -servicehelper [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\Demirel.TECBIOMEDICUS\Menu Démarrer\Programmes\Démarrage PopTray.lnk - C:\Program Files\PopTray\PopTray.exe Stickies.lnk - C:\Program Files\stickies\stickies.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\stickies\stickies.exe"="C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 4.5a" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Panicware\Don't_Panic_FR!\dp.exe"="C:\Program Files\Panicware\Don't_Panic_FR!\dp.exe:*:Enabled:Don't Panic!" "C:\Program Files\Island Top 9\startup.exe"="C:\Program Files\Island Top 9\startup.exe:*:Enabled: " "C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows" "C:\Program Files\WinHTTrack\WinHTTrack.exe"="C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes" "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service" "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe:*:Enabled:Sprite Backup PC Service" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\Office\WINWORD.EXE"="C:\Program Files\Microsoft Office\Office\WINWORD.EXE:*:Enabled:Microsoft Word for Windows" "C:\Program Files\Jeyo Mobile Companion\JeyoMobileCompanion.exe"="C:\Program Files\Jeyo Mobile Companion\JeyoMobileCompanion.exe:*:Enabled:Jeyo Mobile Companion" "C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE:*:Enabled:Microsoft Outlook" "C:\Program Files\SOTI\Pocket Controller-Professional\PocketController.exe"="C:\Program Files\SOTI\Pocket Controller-Professional\PocketController.exe:*:Enabled:Pocket Controller - Professional" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] shell\AutoRun\command - pook.com shell\open\command - pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013271d8-f1dd-11dd-8fef-0030050cc69f}] shell\AutoRun\command - H:\a2h2.com shell\open\command - H:\a2h2.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}] shell\AutoRun\command - iqe68o.bat shell\explore\command - iqe68o.bat shell\open\command - iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}] shell\AutoRun\command - I:\hl80c6b1.com shell\open\command - I:\hl80c6b1.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}] shell\AutoRun\command - H:\hl80c6b1.com shell\open\command - H:\hl80c6b1.com ======List of files/folders created in the last 1 months====== 2009-02-11 14:14:30 ----D---- C:\rsit 2009-02-11 11:42:10 ----D---- C:\Program Files\Trend Micro 2009-02-10 13:55:11 ----D---- C:\WINDOWS\ERUNT 2009-02-10 13:46:22 ----D---- C:\SDFix 2009-02-10 10:18:36 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-06 13:58:26 ----D---- C:\Program Files\Prevx 2009-02-06 13:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57:50 ----A---- C:\WINDOWS\wininit.ini 2009-02-06 09:44:06 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-05 17:04:14 ----D---- C:\Program Files\Panda Security 2009-02-05 15:25:36 ----HD---- C:\Config.Msi 2009-01-28 07:58:51 ----D---- C:\DVD 2009-01-26 11:51:39 ----A---- C:\WINDOWS\SonySNCRZ25.ini 2009-01-22 16:43:08 ----D---- C:\Program Files\RealVNC 2009-01-14 14:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ ======List of files/folders modified in the last 1 months====== 2009-02-11 14:10:50 ----D---- C:\WINDOWS\Temp 2009-02-11 14:05:38 ----D---- C:\Program Files\PestPatrol 2009-02-11 11:58:12 ----A---- C:\WINDOWS\wincmd.ini 2009-02-11 11:42:10 ----D---- C:\Program Files 2009-02-11 11:30:26 ----D---- C:\WINDOWS\system32 2009-02-11 10:43:08 ----D---- C:\WINDOWS\Prefetch 2009-02-11 09:43:34 ----D---- C:\WINDOWS\Internet Logs 2009-02-11 09:26:31 ----D---- C:\Program Files\SysMetrix 2009-02-11 08:33:42 ----A---- C:\WINDOWS\hpbafd.ini 2009-02-10 17:16:08 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-10 14:45:55 ----D---- C:\quarantine 2009-02-10 13:57:59 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-10 13:55:11 ----D---- C:\WINDOWS 2009-02-10 12:27:25 ----D---- C:\Program Files\Mozilla Firefox 2009-02-10 11:32:41 ----D---- C:\WINDOWS\system32\drivers 2009-02-10 09:10:26 ----D---- C:\Program Files\Island Top 9 2009-02-10 08:51:06 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-09 10:15:54 ----D---- C:\WINDOWS\system32\config 2009-02-09 10:12:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-09 10:11:45 ----SHD---- C:\WINDOWS\Installer 2009-02-09 10:05:57 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-02-09 09:29:09 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-09 08:45:34 ----SHD---- C:\WINDOWS\CSC 2009-02-09 08:14:43 ----HD---- C:\WINDOWS\inf 2009-02-09 07:44:11 ----D---- C:\Program Files\ScanSpyware v3.8.0.2 2009-02-06 14:33:42 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 17:03:34 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-05 16:22:18 ----SD---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Microsoft 2009-02-05 16:22:01 ----D---- C:\Program Files\UltraVNC 2009-02-05 16:11:11 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-05 15:29:30 ----D---- C:\WINDOWS\WinSxS 2009-02-04 16:22:38 ----AC---- C:\WINDOWS\NeroDigital.ini 2009-01-28 07:57:39 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2009-01-14 15:27:39 ----D---- C:\WINDOWS\Debug 2009-01-14 14:47:38 ----HD---- C:\WINDOWS\$hf_mig$ 2009-01-14 12:14:30 ----D---- C:\Program Files\Microsoft ActiveSync ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256] R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2007-11-26 59904] R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 DbgMsg;Debug Message; \??\C:\WINDOWS\System32\Drivers\DbgMsg.sys [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-07-30 32768] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-11 11264] R3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-23 117760] R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [] R3 G200;G200; C:\WINDOWS\system32\DRIVERS\g200mini.sys [2004-09-14 260992] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2007-11-26 117024] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S2 KC180;IRXpress USB IrDA Device; C:\WINDOWS\System32\Drivers\kcirusb.sys [2001-10-04 17904] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 KCIRDA;%KCIRDA.ServiceDesc%; C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 11856] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 MosIrUsb;MosIrUsb.sys; C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys [2004-04-14 20736] S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2007-07-05 299904] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2006-09-05 14468] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 P1001VID;Creative WebCam (WDM); C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-06-03 311684] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2006-11-14 397312] R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016] R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-02-06 4107832] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2008-03-14 103744] R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2007-11-26 221191] R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2007-11-26 29184] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2002-01-16 81920] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2004-04-01 824584] R2 wwSecSvc;Washer Security Access; C:\WINDOWS\system32\wwSecure.exe [2005-05-20 486400] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE -service [] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- Et le fichier info.txt : info.txt logfile of random's system information tool 1.05 2009-02-11 14:15:09 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee 8-->MsiExec.exe /I{DD54C6DE-B787-406D-A5A7-A49E0471E45B} Acer MP3 Flash Stick-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025CAFA7-3EC5-4284-8D9C-F401CCCF7A06}\setup.exe" -l0x9 Acronis True Image Enterprise Server-->MsiExec.exe /X{378F9A62-061E-4368-AA0A-1BA004772E98} Acronis DriveCleanser-->C:\Program Files\Acronis\DriveCleanser\MediaBuilder.exe -uninstall Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop Elements-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll" Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Reader for Pocket PC 2.0-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Akimania Crypto Polle 1.0-->"C:\Program Files\Akimania Crypto Polle\uninstall.exe" Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft PhotoBase-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu" Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe" AvantGo Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x40c CP Calcul de Résistances 2.0-->C:\Program Files\Atlence\Calcul de Résistances 2.0\unins000.exe Canon PhotoRecord-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll" Canon ScanGear Toolbox 3.1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\uninst.dll" CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe" Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003} Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Creative WebCam Driver (1.02.08.0807)-->C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll -pluginres P1001Pin.crl DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" Editeur Foto.com 2.3-->"C:\Program Files\Foto.com\Editeur Foto.com\unins000.exe" ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe" FileMaker Pro 5.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\FileMaker\FileMaker Pro 5\System\DeIsL1.isu" GlobalDictio_PPC-->C:\Program Files\Microsoft ActiveSync\GlobalDictio_PPC\Uninstall.exe GlobalDictio_PPC Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" Hide Folders XP 2.9.8 for Windows XP/Vista-->"C:\Program Files\Hide Folders XP 2\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" hp deskjet 970c series (Supprimer uniquement)-->C:\Program Files\hp deskjet 970c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=970c -huninstall ICQ 4.1-->C:\Program Files\ICQLite\ICQLiteUninstall.EXE ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x40c UNINSTALL INCU-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\INCU\ST6UNST.LOG" Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll" IRXpress USB IrDA-->"C:\Program Files\IRXpress\IRXpress USB IrDA\IsStub32.exe" -f"C:\Program Files\IRXpress\IRXpress USB IrDA\DeIsL1.isu" -c"C:\Program Files\IRXpress\IRXpress USB IrDA\_ISREG32.DLL" Island Top-->MsiExec.exe /I{E6BD7B38-E8B0-4868-B849-3302972EA64C} Ismap Inside-->"C:\WINDOWS\psuninst.exe" "C:\Program Files\Microsoft ActiveSync\Inside\uninst.dat" J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Jeyo Mobile Companion 1.1-->"C:\Program Files\Jeyo Mobile Companion\unins000.exe" Kasuei Hitchhiker-->MsiExec.exe /I{40335797-977B-481B-8660-9607986A5A18} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x40c Logiciel graphique Matrox (supprimer seulement)-->C:\WINDOWS\system32\PDesk\PDUninst.exe Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} MailNavigator v.1.11-->"C:\Program Files\MailNavigator\uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3} McAfee VirusScan PDA 1.0-->MsiExec.exe /I{89D5D497-E449-4BAE-B0A5-1E13D73C6EE2} Microsoft .NET Compact Framework 1.0 SP3-->MsiExec.exe /I{7A0BAED2-066E-4B4F-8FA5-472A4655F4C2} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Calculatrice Plus-->MsiExec.exe /I{13922F10-BD74-4912-AB11-E34B35062700} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft FrontPage Express-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxpress.inf, Uninstall Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9} Microsoft Outlook 2002-->MsiExec.exe /I{911A040C-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero 7 Demo-->MsiExec.exe /I{6F9C0903-4311-4619-7B30-F1E19CF11036} OLYMPUS Master-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'" OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Paint Shop Pro 6.0 (CD-ROM)-->C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe Pinnacle Instant PhotoAlbum-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A835519A-4EFC-4554-9D61-0BB4FC54D81B}\Setup.exe" -l0x40c UNINSTALL Pocket Controller-Professional-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 UNINSTALL pocket Theme Manager 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CCBA3A8-A938-4300-9E40-3018EA1FCBEE}\setup.exe" -l0x40c Poi Edit v4.5.1-->C:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE C:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG PoiEdit-->C:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE C:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG PopTray 3.20-->C:\Program Files\PopTray\Uninstall.exe Prevx CSI-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y P-touch Editor 3.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\brother\Ptouch32\Uninst.isu" QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Real Alternative 1.43-->"C:\Program Files\Real Alternative\unins000.exe" Scan Manager 5.2-->MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39} ScanSpyware v3.8.0.2-->"C:\Program Files\ScanSpyware v3.8.0.2\unins000.exe" SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sony Ericsson Communications Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8BC806D-0703-11D4-BB23-006008676AF8}\Setup.exe" -l0x40c -l040c --remove=y Sony Ericsson Image Editor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05E9F134-07C9-4249-9B80-EE5D975F201B}\setup.exe" -l0x40c -l040c --remove=y Sony Ericsson MMS Home Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9462C4AD-D6C4-4365-B4AD-BFE0B1E216C3}\setup.exe" -l0x40c -l040c --remove=y Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Spb Backup-->C:\Program Files\Microsoft ActiveSync\Spb Backup\Uninstall.exe Spb Backup Spb Brain Evolution-->C:\Program Files\Microsoft ActiveSync\Spb Brain Evolution\Uninstall.exe Spb Brain Evolution Spb Bubbles VGA-->C:\Program Files\Microsoft ActiveSync\SpbBubbles\Uninstall.exe Spb Bubbles VGA Spb Bubbles-->C:\Program Files\Microsoft ActiveSync\SpbBubbles\Uninstall.exe Spb Bubbles Spb Diary-->C:\Program Files\Microsoft ActiveSync\Spb Diary\Uninstall.exe Spb Diary Spb Imageer-->C:\Program Files\Microsoft ActiveSync\Spb Imageer\Uninstall.exe Spb Imageer Spb Mobile Shell-->C:\Program Files\Microsoft ActiveSync\SpbMobileShell\Uninstall.exe Spb Mobile Shell Spb Pocket Plus-->C:\Program Files\Microsoft ActiveSync\Spb Pocket Plus\Uninstall.exe Spb Pocket Plus Spb Weather-->C:\Program Files\Microsoft ActiveSync\Spb Weather\Uninstall.exe Spb Weather Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Stickies 6.0a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.0a SysMetrix 3.41-->C:\Program Files\SysMetrix\uninst.exe Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x40c Ultr@VNC Release 1.0.0 RC 18 - Win32-->"C:\Program Files\UltraVNC\unins000.exe" vixy converter uninstall-->"C:\Program Files\vixy.net\unins000.exe" VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe" Window Washer-->C:\WINDOWS\Unwash6.exe Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.33-->"C:\Program Files\WinHTTrack\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Hosts File====== 127.0.0.1 localhost System event log Computer Name: TECH2_NEO Event Code: 8033 Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{03079138-9E80-4BB3-BC14-355D04EF85BB} car un maître explorateur a été arrêté. Record Number: 4284 Source Name: BROWSER Time Written: 20090202083748.000000+060 Event Type: information User: Computer Name: TECH2_NEO Event Code: 7036 Message: Le service VNC Server Version 4 est entré dans l'état : arrêté. Record Number: 4283 Source Name: Service Control Manager Time Written: 20090202082140.000000+060 Event Type: information User: Computer Name: TECH2_NEO Event Code: 7035 Message: Un contrôle Arrêter a correctement été envoyé au service VNC Server Version 4. Record Number: 4282 Source Name: Service Control Manager Time Written: 20090202082140.000000+060 Event Type: information User: TECBIOMEDICUS\Ibrahim_Demirel Computer Name: TECH2_NEO Event Code: 7036 Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution. Record Number: 4281 Source Name: Service Control Manager Time Written: 20090202081850.000000+060 Event Type: information User: Computer Name: TECH2_NEO Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL. Record Number: 4280 Source Name: Service Control Manager Time Written: 20090202081850.000000+060 Event Type: information User: TECBIOMEDICUS\Ibrahim_Demirel Application event log Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041970.vbs\A0041970.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15314 Source Name: Alert Manager Event Interface Time Written: 20080813100856.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041952.inf\A0041952.inf est infecté par le virus Generic!atr (Cheval de Troie). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15313 Source Name: Alert Manager Event Interface Time Written: 20080813100856.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041951.vbs\A0041951.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15312 Source Name: Alert Manager Event Interface Time Written: 20080813100856.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041933.inf\A0041933.inf est infecté par le virus Generic!atr (Cheval de Troie). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15311 Source Name: Alert Manager Event Interface Time Written: 20080813100855.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041932.vbs\A0041932.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15310 Source Name: Alert Manager Event Interface Time Written: 20080813100855.000000+120 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0803 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip -----------------EOF-----------------

Voici le rapport de Toolscleaner : [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\SDFIX: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\Ibo\Bureau\SdFix.exe: trouvé ! C:\Documents and Settings\Ibo\Bureau\HijackThis.lnk: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\Ibo\Bureau\SdFix.exe: supprimé ! C:\Documents and Settings\Ibo\Bureau\HijackThis.lnk: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\SDFIX: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé !

Merci pour l'aide, je ne serais pas arrivé seul. Sans vouloir abusé de votre gentilesse, pourriez-vous me dire si je peux appliquer cette procédure à mon pc de bureau? J'ai le même problème que sur mon portable. Voici le rapport d'HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:44:52, on 11/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE C:\Program Files\Caere\OmniPagePro90\opware32.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\PopTray\PopTray.exe C:\Program Files\stickies\stickies.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://intranet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE" O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ibrahim_Demirel" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://be.foto.com O15 - Trusted Zone: www.foto.com O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226574099240 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://www.admincefig.dyndns.org/msrdp.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://192.168.16.34/program/SonySncRz25View.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://asp.photoprintit.de/microsite/999/d...PSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{34A93789-78F4-48BC-8CDF-09F7E9EBDA2A}: NameServer = 192.168.162.5,192.168.162.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 12891 bytes