Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Virus dans mon PC

Ibeaux

Par Ibeaux
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

C'est mieux, mais vous n'avez toujours pas désinstallé Avast !

Faites le.

postez un rapport Hijackthis,

Dites moi comment va le pc ?

Ibeaux Member

Ibeaux

Posté(e)
  • Auteur
Posté(e)

Désinstallation d'Avast effectué.

Avant le problème, je n'arrivais pas à afficher les dossiers et fichiers cachées dans l'option des Dossiers en allant dans poste de travail/outils/options des dossiers/onglet affichage, j'activais l'option afficher les fichiers cachées et quand je retournais voir et l'option se désactivais tout seul.

 

Voici le rapport:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:07:35, on 11/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe

C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe

C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AVKWebIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AVKWebIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll

O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe

O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

 

--

End of file - 12299 bytes

Ibeaux Member

Ibeaux

Posté(e)
  • Auteur
Posté(e)

Slt,

 

Je trouve que le PC va mieux, il ne me fait pas des trucs bizarre et surtout moins lent que d'habitude.

Que me conseillé vous comme antivirus?

G Data et en période d'évaluation sur mon PC, j'utilisais McAfee ver 8.0 i, antivirus du boulot, mais il 'a rien vu venir...

pear Devil Member !

pear

Posté(e)
Posté(e)
Que me conseillé vous comme antivirus?

 

Je ne connais pas GDATA, par contre Antivir , gratuit est excellent;

bien meilleur que beaucoup de payants.

 

Télécharger Avira AntiVir Personal Edition en Anglais

Télécharger Avira AntiVir Personal Edition en Français

 

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

....AntiVir ne laisse pas entrer Bagle, sauf si l'utilisateur lui force la main pour récupérer un crack

 

Paramètres conseillés

Clic droit sur le parapluie---------------------->Configure-Configurer

Cliquer Expert mode----------------------------->Scan-Recherche:

Cocher: ----------------------------------------------->All files -Tous les Fichiers

Additionnal Settings-Autres réglages:--->tout cocher

Clic sur Scan+ -Recherche+

Action for concerning files -Action en cas de résultat positif:

Cocher-------------------------------------------------->Copie file to quarantine before action-Copier le fichier dans la quarantaine avant l'action:

Primary action-Action principale............>: Repair :Réparer ( au cas ou ce serait un fichier système corrompu)

Secondary action.-Action secondaire...>.: Delete-Supprimer ( s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine)

Ibeaux Member

Ibeaux

Posté(e)
  • Auteur
Posté(e)

Merci pour l'aide, je ne serais pas arrivé seul.

Sans vouloir abusé de votre gentilesse, pourriez-vous me dire si je peux appliquer cette procédure à mon pc de bureau?

J'ai le même problème que sur mon portable.

Voici le rapport d'HijackThis :

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:44:52, on 11/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Prevx\prevx.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\mgabg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\wwSecure.exe

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\SysMetrix\SysMetrix.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\McTray.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE

C:\Program Files\Caere\OmniPagePro90\opware32.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\PopTray\PopTray.exe

C:\Program Files\stickies\stickies.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://intranet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE"

O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ibrahim_Demirel"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe

O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://be.foto.com

O15 - Trusted Zone: www.foto.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226574099240

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://www.admincefig.dyndns.org/msrdp.cab

O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://192.168.16.34/program/SonySncRz25View.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://asp.photoprintit.de/microsite/999/d...PSUploader4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34A93789-78F4-48BC-8CDF-09F7E9EBDA2A}: NameServer = 192.168.162.5,192.168.162.3

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

 

--

End of file - 12891 bytes

pear Devil Member !

pear

Posté(e)
Posté(e)

IL faut d'abord en finir avec le portable.

 

Puisqu'il est ok:

 

Pour enlever les programmes utilisés pendant la procédure.

Télécharger ToolsCleaner2 de A.Rothstein

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant que Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

L'outil supprimera sans que vous ayez à intervenir.

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Votre pc de bureau ne parait pas infecté,du moins à lire le rapport Hijackthis.

On va creuser un peu:

Téléchargezrandom's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

 

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

Ibeaux Member

Ibeaux

Posté(e)
  • Auteur
Posté(e)

Voici le rapport de Toolscleaner :

 

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

 

-->- Recherche:

 

C:\Combofix.txt: trouvé !

C:\SDFIX: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !

C:\Documents and Settings\Ibo\Bureau\SdFix.exe: trouvé !

C:\Documents and Settings\Ibo\Bureau\HijackThis.lnk: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !

C:\Documents and Settings\Ibo\Bureau\SdFix.exe: supprimé !

C:\Documents and Settings\Ibo\Bureau\HijackThis.lnk: supprimé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\Combofix.txt: supprimé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !

C:\SDFIX: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !

C:\Program Files\Trend Micro\HijackThis: supprimé !

Ibeaux Member

Ibeaux

Posté(e)
  • Auteur
Posté(e)

Pour mon PC Bureau voici le log.txt :

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Ibrahim_Demirel at 2009-02-11 14:14:30

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 8 GB (39%) free of 21 GB

Total RAM: 511 MB (20% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:14:51, on 11/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Prevx\prevx.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\mgabg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\wwSecure.exe

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\SysMetrix\SysMetrix.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\McTray.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE

C:\Program Files\Caere\OmniPagePro90\opware32.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\PopTray\PopTray.exe

C:\Program Files\stickies\stickies.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Ibrahim_Demirel.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://intranet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE"

O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ibrahim_Demirel"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe

O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://be.foto.com

O15 - Trusted Zone: www.foto.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226574099240

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://www.admincefig.dyndns.org/msrdp.cab

O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://192.168.16.34/program/SonySncRz25View.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://asp.photoprintit.de/microsite/999/d...PSUploader4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34A93789-78F4-48BC-8CDF-09F7E9EBDA2A}: NameServer = 192.168.162.5,192.168.162.3

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

 

--

End of file - 13077 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\XoftSpy.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

"PestPatrolCL"= []

"PPMemCheck"=c:\PROGRA~1\PESTPA~1\PPMemCheck.exe [2003-04-19 148480]

"CookiePatrol"=c:\PROGRA~1\PESTPA~1\CookiePatrol.exe [2005-01-10 73728]

"SysMetrix"=C:\Program Files\SysMetrix\SysMetrix.exe [2006-02-25 2637824]

"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2008-03-14 136512]

"PestPatrol Control Center"=c:\PROGRA~1\PESTPA~1\PPControl.exe [2004-11-15 98304]

"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 98304]

"Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]

"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2004-04-01 693520]

"Don't Panic!"=C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE [2001-06-16 1384448]

"OmniPage"=C:\Program Files\Caere\OmniPagePro90\opware32.exe [1998-10-28 44032]

"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-29 196608]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe [2004-09-14 684032]

"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-05-17 36864]

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe [2006-11-14 1115336]

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe [2006-11-14 1852314]

"Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2006-11-14 135168]

"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2006-05-16 40960]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1211176]

"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-14 1695232]

"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2006-05-16 57344]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe [2005-05-20 51200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]

C:\Program Files\UltraVNC\WinVNC.exe -servicehelper []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

C:\Documents and Settings\Demirel.TECBIOMEDICUS\Menu Démarrer\Programmes\Démarrage

PopTray.lnk - C:\Program Files\PopTray\PopTray.exe

Stickies.lnk - C:\Program Files\stickies\stickies.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\stickies\stickies.exe"="C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 4.5a"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Panicware\Don't_Panic_FR!\dp.exe"="C:\Program Files\Panicware\Don't_Panic_FR!\dp.exe:*:Enabled:Don't Panic!"

"C:\Program Files\Island Top 9\startup.exe"="C:\Program Files\Island Top 9\startup.exe:*:Enabled: "

"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"

"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

"C:\Program Files\WinHTTrack\WinHTTrack.exe"="C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes"

"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service"

"C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe:*:Enabled:Sprite Backup PC Service"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft Office\Office\WINWORD.EXE"="C:\Program Files\Microsoft Office\Office\WINWORD.EXE:*:Enabled:Microsoft Word for Windows"

"C:\Program Files\Jeyo Mobile Companion\JeyoMobileCompanion.exe"="C:\Program Files\Jeyo Mobile Companion\JeyoMobileCompanion.exe:*:Enabled:Jeyo Mobile Companion"

"C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE:*:Enabled:Microsoft Outlook"

"C:\Program Files\SOTI\Pocket Controller-Professional\PocketController.exe"="C:\Program Files\SOTI\Pocket Controller-Professional\PocketController.exe:*:Enabled:Pocket Controller - Professional"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

shell\AutoRun\command - pook.com

shell\open\command - pook.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013271d8-f1dd-11dd-8fef-0030050cc69f}]

shell\AutoRun\command - H:\a2h2.com

shell\open\command - H:\a2h2.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}]

shell\AutoRun\command - iqe68o.bat

shell\explore\command - iqe68o.bat

shell\open\command - iqe68o.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}]

shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}]

shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}]

shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}]

shell\AutoRun\command - I:\hl80c6b1.com

shell\open\command - I:\hl80c6b1.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}]

shell\AutoRun\command - H:\hl80c6b1.com

shell\open\command - H:\hl80c6b1.com

 

 

======List of files/folders created in the last 1 months======

 

2009-02-11 14:14:30 ----D---- C:\rsit

2009-02-11 11:42:10 ----D---- C:\Program Files\Trend Micro

2009-02-10 13:55:11 ----D---- C:\WINDOWS\ERUNT

2009-02-10 13:46:22 ----D---- C:\SDFix

2009-02-10 10:18:36 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes

2009-02-10 10:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-02-10 10:18:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-02-06 13:58:26 ----D---- C:\Program Files\Prevx

2009-02-06 13:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI

2009-02-06 13:57:50 ----A---- C:\WINDOWS\wininit.ini

2009-02-06 09:44:06 ----A---- C:\WINDOWS\ntbtlog.txt

2009-02-05 17:04:14 ----D---- C:\Program Files\Panda Security

2009-02-05 15:25:36 ----HD---- C:\Config.Msi

2009-01-28 07:58:51 ----D---- C:\DVD

2009-01-26 11:51:39 ----A---- C:\WINDOWS\SonySNCRZ25.ini

2009-01-22 16:43:08 ----D---- C:\Program Files\RealVNC

2009-01-14 14:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

 

======List of files/folders modified in the last 1 months======

 

2009-02-11 14:10:50 ----D---- C:\WINDOWS\Temp

2009-02-11 14:05:38 ----D---- C:\Program Files\PestPatrol

2009-02-11 11:58:12 ----A---- C:\WINDOWS\wincmd.ini

2009-02-11 11:42:10 ----D---- C:\Program Files

2009-02-11 11:30:26 ----D---- C:\WINDOWS\system32

2009-02-11 10:43:08 ----D---- C:\WINDOWS\Prefetch

2009-02-11 09:43:34 ----D---- C:\WINDOWS\Internet Logs

2009-02-11 09:26:31 ----D---- C:\Program Files\SysMetrix

2009-02-11 08:33:42 ----A---- C:\WINDOWS\hpbafd.ini

2009-02-10 17:16:08 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-10 14:45:55 ----D---- C:\quarantine

2009-02-10 13:57:59 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-02-10 13:55:11 ----D---- C:\WINDOWS

2009-02-10 12:27:25 ----D---- C:\Program Files\Mozilla Firefox

2009-02-10 11:32:41 ----D---- C:\WINDOWS\system32\drivers

2009-02-10 09:10:26 ----D---- C:\Program Files\Island Top 9

2009-02-10 08:51:06 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\stickies

2009-02-09 10:15:54 ----D---- C:\WINDOWS\system32\config

2009-02-09 10:12:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-02-09 10:11:45 ----SHD---- C:\WINDOWS\Installer

2009-02-09 10:05:57 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-02-09 09:29:09 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-09 08:45:34 ----SHD---- C:\WINDOWS\CSC

2009-02-09 08:14:43 ----HD---- C:\WINDOWS\inf

2009-02-09 07:44:11 ----D---- C:\Program Files\ScanSpyware v3.8.0.2

2009-02-06 14:33:42 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\U3

2009-02-05 17:03:34 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-02-05 16:22:18 ----SD---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Microsoft

2009-02-05 16:22:01 ----D---- C:\Program Files\UltraVNC

2009-02-05 16:11:11 ----SD---- C:\WINDOWS\system32\Microsoft

2009-02-05 15:29:30 ----D---- C:\WINDOWS\WinSxS

2009-02-04 16:22:38 ----AC---- C:\WINDOWS\NeroDigital.ini

2009-01-28 07:57:39 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2009-01-14 15:27:39 ----D---- C:\WINDOWS\Debug

2009-01-14 14:47:38 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-14 12:14:30 ----D---- C:\Program Files\Microsoft ActiveSync

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]

R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2007-11-26 59904]

R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]

R2 DbgMsg;Debug Message; \??\C:\WINDOWS\System32\Drivers\DbgMsg.sys []

R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]

R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-07-30 32768]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R2 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-11 11264]

R3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-23 117760]

R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []

R3 G200;G200; C:\WINDOWS\system32\DRIVERS\g200mini.sys [2004-09-14 260992]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2007-11-26 117024]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S2 KC180;IRXpress USB IrDA Device; C:\WINDOWS\System32\Drivers\kcirusb.sys [2001-10-04 17904]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 KCIRDA;%KCIRDA.ServiceDesc%; C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 11856]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

S3 MosIrUsb;MosIrUsb.sys; C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys [2004-04-14 20736]

S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2007-07-05 299904]

S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2006-09-05 14468]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 P1001VID;Creative WebCam (WDM); C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-06-03 311684]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2006-11-14 397312]

R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]

R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-02-06 4107832]

R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2008-03-14 103744]

R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2007-11-26 221191]

R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2007-11-26 29184]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]

R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2002-01-16 81920]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2004-04-01 824584]

R2 wwSecSvc;Washer Security Access; C:\WINDOWS\system32\wwSecure.exe [2005-05-20 486400]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE -service []

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

 

Et le fichier info.txt :

 

info.txt logfile of random's system information tool 1.05 2009-02-11 14:15:09

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ACDSee 8-->MsiExec.exe /I{DD54C6DE-B787-406D-A5A7-A49E0471E45B}

Acer MP3 Flash Stick-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025CAFA7-3EC5-4284-8D9C-F401CCCF7A06}\setup.exe" -l0x9

Acronis True Image Enterprise Server-->MsiExec.exe /X{378F9A62-061E-4368-AA0A-1BA004772E98}

Acronis DriveCleanser-->C:\Program Files\Acronis\DriveCleanser\MediaBuilder.exe -uninstall

Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop Elements-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"

Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}

Adobe Reader for Pocket PC 2.0-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}

Akimania Crypto Polle 1.0-->"C:\Program Files\Akimania Crypto Polle\uninstall.exe"

Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ArcSoft PhotoBase-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu"

Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"

AvantGo Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x40c CP

Calcul de Résistances 2.0-->C:\Program Files\Atlence\Calcul de Résistances 2.0\unins000.exe

Canon PhotoRecord-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"

Canon ScanGear Toolbox 3.1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\uninst.dll"

CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"

Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}

Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Creative WebCam Driver (1.02.08.0807)-->C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll -pluginres P1001Pin.crl

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

Editeur Foto.com 2.3-->"C:\Program Files\Foto.com\Editeur Foto.com\unins000.exe"

ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"

FileMaker Pro 5.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\FileMaker\FileMaker Pro 5\System\DeIsL1.isu"

GlobalDictio_PPC-->C:\Program Files\Microsoft ActiveSync\GlobalDictio_PPC\Uninstall.exe GlobalDictio_PPC

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"

Hide Folders XP 2.9.8 for Windows XP/Vista-->"C:\Program Files\Hide Folders XP 2\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

hp deskjet 970c series (Supprimer uniquement)-->C:\Program Files\hp deskjet 970c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=970c -huninstall

ICQ 4.1-->C:\Program Files\ICQLite\ICQLiteUninstall.EXE

ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x40c UNINSTALL

INCU-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\INCU\ST6UNST.LOG"

Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"

IRXpress USB IrDA-->"C:\Program Files\IRXpress\IRXpress USB IrDA\IsStub32.exe" -f"C:\Program Files\IRXpress\IRXpress USB IrDA\DeIsL1.isu" -c"C:\Program Files\IRXpress\IRXpress USB IrDA\_ISREG32.DLL"

Island Top-->MsiExec.exe /I{E6BD7B38-E8B0-4868-B849-3302972EA64C}

Ismap Inside-->"C:\WINDOWS\psuninst.exe" "C:\Program Files\Microsoft ActiveSync\Inside\uninst.dat"

J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Jeyo Mobile Companion 1.1-->"C:\Program Files\Jeyo Mobile Companion\unins000.exe"

Kasuei Hitchhiker-->MsiExec.exe /I{40335797-977B-481B-8660-9607986A5A18}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x40c

Logiciel graphique Matrox (supprimer seulement)-->C:\WINDOWS\system32\PDesk\PDUninst.exe

Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}

MailNavigator v.1.11-->"C:\Program Files\MailNavigator\uninstall.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}

McAfee VirusScan PDA 1.0-->MsiExec.exe /I{89D5D497-E449-4BAE-B0A5-1E13D73C6EE2}

Microsoft .NET Compact Framework 1.0 SP3-->MsiExec.exe /I{7A0BAED2-066E-4B4F-8FA5-472A4655F4C2}

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}

Microsoft Calculatrice Plus-->MsiExec.exe /I{13922F10-BD74-4912-AB11-E34B35062700}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft FrontPage Express-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxpress.inf, Uninstall

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9}

Microsoft Outlook 2002-->MsiExec.exe /I{911A040C-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe

Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nero 7 Demo-->MsiExec.exe /I{6F9C0903-4311-4619-7B30-F1E19CF11036}

OLYMPUS Master-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL

OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'"

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Paint Shop Pro 6.0 (CD-ROM)-->C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

Pinnacle Instant PhotoAlbum-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A835519A-4EFC-4554-9D61-0BB4FC54D81B}\Setup.exe" -l0x40c UNINSTALL

Pocket Controller-Professional-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 UNINSTALL

pocket Theme Manager 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CCBA3A8-A938-4300-9E40-3018EA1FCBEE}\setup.exe" -l0x40c

Poi Edit v4.5.1-->C:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE C:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG

PoiEdit-->C:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE C:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG

PopTray 3.20-->C:\Program Files\PopTray\Uninstall.exe

Prevx CSI-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y

P-touch Editor 3.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\brother\Ptouch32\Uninst.isu"

QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

Real Alternative 1.43-->"C:\Program Files\Real Alternative\unins000.exe"

Scan Manager 5.2-->MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39}

ScanSpyware v3.8.0.2-->"C:\Program Files\ScanSpyware v3.8.0.2\unins000.exe"

SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

Sony Ericsson Communications Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8BC806D-0703-11D4-BB23-006008676AF8}\Setup.exe" -l0x40c -l040c --remove=y

Sony Ericsson Image Editor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05E9F134-07C9-4249-9B80-EE5D975F201B}\setup.exe" -l0x40c -l040c --remove=y

Sony Ericsson MMS Home Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9462C4AD-D6C4-4365-B4AD-BFE0B1E216C3}\setup.exe" -l0x40c -l040c --remove=y

Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

Spb Backup-->C:\Program Files\Microsoft ActiveSync\Spb Backup\Uninstall.exe Spb Backup

Spb Brain Evolution-->C:\Program Files\Microsoft ActiveSync\Spb Brain Evolution\Uninstall.exe Spb Brain Evolution

Spb Bubbles VGA-->C:\Program Files\Microsoft ActiveSync\SpbBubbles\Uninstall.exe Spb Bubbles VGA

Spb Bubbles-->C:\Program Files\Microsoft ActiveSync\SpbBubbles\Uninstall.exe Spb Bubbles

Spb Diary-->C:\Program Files\Microsoft ActiveSync\Spb Diary\Uninstall.exe Spb Diary

Spb Imageer-->C:\Program Files\Microsoft ActiveSync\Spb Imageer\Uninstall.exe Spb Imageer

Spb Mobile Shell-->C:\Program Files\Microsoft ActiveSync\SpbMobileShell\Uninstall.exe Spb Mobile Shell

Spb Pocket Plus-->C:\Program Files\Microsoft ActiveSync\Spb Pocket Plus\Uninstall.exe Spb Pocket Plus

Spb Weather-->C:\Program Files\Microsoft ActiveSync\Spb Weather\Uninstall.exe Spb Weather

Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Stickies 6.0a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.0a

SysMetrix 3.41-->C:\Program Files\SysMetrix\uninst.exe

Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe

Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x40c

Ultr@VNC Release 1.0.0 RC 18 - Win32-->"C:\Program Files\UltraVNC\unins000.exe"

vixy converter uninstall-->"C:\Program Files\vixy.net\unins000.exe"

VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"

Window Washer-->C:\WINDOWS\Unwash6.exe

Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinHTTrack Website Copier 3.33-->"C:\Program Files\WinHTTrack\unins000.exe"

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

 

======Hosts File======

 

127.0.0.1 localhost

 

System event log

 

Computer Name: TECH2_NEO

Event Code: 8033

Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{03079138-9E80-4BB3-BC14-355D04EF85BB} car un maître explorateur a été arrêté.

 

Record Number: 4284

Source Name: BROWSER

Time Written: 20090202083748.000000+060

Event Type: information

User:

 

Computer Name: TECH2_NEO

Event Code: 7036

Message: Le service VNC Server Version 4 est entré dans l'état : arrêté.

 

Record Number: 4283

Source Name: Service Control Manager

Time Written: 20090202082140.000000+060

Event Type: information

User:

 

Computer Name: TECH2_NEO

Event Code: 7035

Message: Un contrôle Arrêter a correctement été envoyé au service VNC Server Version 4.

 

Record Number: 4282

Source Name: Service Control Manager

Time Written: 20090202082140.000000+060

Event Type: information

User: TECBIOMEDICUS\Ibrahim_Demirel

 

Computer Name: TECH2_NEO

Event Code: 7036

Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution.

 

Record Number: 4281

Source Name: Service Control Manager

Time Written: 20090202081850.000000+060

Event Type: information

User:

 

Computer Name: TECH2_NEO

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL.

 

Record Number: 4280

Source Name: Service Control Manager

Time Written: 20090202081850.000000+060

Event Type: information

User: TECBIOMEDICUS\Ibrahim_Demirel

 

Application event log

 

Computer Name: TECH2_NEO

Event Code: 257

Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041970.vbs\A0041970.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de)

 

Record Number: 15314

Source Name: Alert Manager Event Interface

Time Written: 20080813100856.000000+120

Event Type: error

User:

 

Computer Name: TECH2_NEO

Event Code: 257

Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041952.inf\A0041952.inf est infecté par le virus Generic!atr (Cheval de Troie). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de)

 

Record Number: 15313

Source Name: Alert Manager Event Interface

Time Written: 20080813100856.000000+120

Event Type: error

User:

 

Computer Name: TECH2_NEO

Event Code: 257

Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041951.vbs\A0041951.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de)

 

Record Number: 15312

Source Name: Alert Manager Event Interface

Time Written: 20080813100856.000000+120

Event Type: error

User:

 

Computer Name: TECH2_NEO

Event Code: 257

Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041933.inf\A0041933.inf est infecté par le virus Generic!atr (Cheval de Troie). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de)

 

Record Number: 15311

Source Name: Alert Manager Event Interface

Time Written: 20080813100855.000000+120

Event Type: error

User:

 

Computer Name: TECH2_NEO

Event Code: 257

Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041932.vbs\A0041932.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de)

 

Record Number: 15310

Source Name: Alert Manager Event Interface

Time Written: 20080813100855.000000+120

Event Type: error

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0803

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

 

-----------------EOF-----------------

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Rendez vous à cette addresse:

http://www.virustotal.com/fr/

 

Cliquez sur parcourir pour trouver les fichiers, en gras:

C:\Program Files\ScanSpyware v3.8.0.2

C:\WINDOWS\wincmd.ini

C:\WINDOWS\wininit.ini

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

Ibeaux Member

Ibeaux

Posté(e)
  • Auteur
Posté(e)

Premier fichier

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.73 2009.01.28 -

AhnLab-V3 5.0.0.2 2009.01.28 -

AntiVir 7.9.0.60 2009.01.28 -

Authentium 5.1.0.4 2009.01.27 -

Avast 4.8.1281.0 2009.01.27 -

AVG 8.0.0.229 2009.01.28 -

BitDefender 7.2 2009.01.28 -

CAT-QuickHeal 10.00 2009.01.28 -

ClamAV 0.94.1 2009.01.28 -

Comodo 948 2009.01.27 -

DrWeb 4.44.0.09170 2009.01.28 -

eSafe 7.0.17.0 2009.01.27 -

eTrust-Vet 31.6.6331 2009.01.28 -

F-Prot 4.4.4.56 2009.01.27 -

F-Secure 8.0.14470.0 2009.01.28 -

Fortinet 3.117.0.0 2009.01.28 -

GData 19 2009.01.28 -

Ikarus T3.1.1.45.0 2009.01.28 -

K7AntiVirus 7.10.607 2009.01.27 -

Kaspersky 7.0.0.125 2009.01.28 -

McAfee 5508 2009.01.27 -

McAfee+Artemis 5508 2009.01.27 -

Microsoft 1.4205 2009.01.28 -

NOD32 3806 2009.01.28 -

Norman 5.93.01 2009.01.27 -

nProtect 2009.1.8.0 2009.01.28 -

Panda 9.5.1.2 2009.01.27 -

PCTools 4.4.2.0 2009.01.27 -

Prevx1 V2 2009.01.28 -

Rising 21.13.42.00 2009.01.23 -

SecureWeb-Gateway 6.7.6 2009.01.28 -

Sophos 4.37.0 2009.01.28 -

Sunbelt 3.2.1835.2 2009.01.16 -

Symantec 10 2009.01.28 -

TheHacker 6.3.1.5.229 2009.01.26 -

TrendMicro 8.700.0.1004 2009.01.28 -

VBA32 3.12.8.11 2009.01.27 -

ViRobot 2009.1.28.1579 2009.01.28 -

VirusBuster 4.5.11.0 2009.01.27 -

Information additionnelle

File size: 1384448 bytes

MD5...: 3e4938d84a2bddb1cb626e6c2340b0fd

SHA1..: 889f193e14593d08dfc1a9402f625cc234552b24

SHA256: 577f02adfcc617aca69dfbe6f0949583b62a8c77262d1ed26141edf6a8dbcf02

SHA512: c2a0409810ea02bc7f51b736bc078fb57c3eef382536d1c54bc0c735f6576e47

b098b0037b11fc32c1e7341b1a5ce0c1144340904073e71949e08618c6f66142

 

ssdeep: 24576:fdDGO6/ZG06NuixCqS0aQIAyUP9PlWfRkFt:6PqOcIqPlWfC

 

PEiD..: Armadillo v1.71

TrID..: File type identification

Win64 Executable Generic (59.6%)

Win32 Executable MS Visual C++ (generic) (26.2%)

Win32 Executable Generic (5.9%)

Win32 Dynamic Link Library (generic) (5.2%)

Generic Win/DOS Executable (1.3%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x40b50

timedatestamp.....: 0x41925b7e (Wed Nov 10 18:18:38 2004)

machinetype.......: 0x14c (I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x6807f 0x69000 6.55 fee200ddae0b85be2613b758635ac540

.rdata 0x6a000 0x1565a 0x16000 4.49 b0ed8b2760081902080e11f0d13f19e9

.data 0x80000 0xabc8 0x7000 4.63 e3692db954fb59dacbcb90954cc7309c

.rsrc 0x8b000 0xca560 0xcb000 7.26 cc2c846eb5f9f5830b608571e1a796c3

 

( 16 imports )

> SHLWAPI.dll: PathAppendA, PathFileExistsA

> WININET.dll: DeleteUrlCacheEntry, InternetOpenUrlA, InternetCloseHandle, InternetQueryDataAvailable, InternetReadFile, InternetOpenA

> KERNEL32.dll: GetCurrentDirectoryA, GetTickCount, RtlUnwind, GetFileType, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, GetTimeZoneInformation, GetLocalTime, GetACP, ExitThread, HeapSize, HeapReAlloc, SetStdHandle, SetHandleCount, GetStdHandle, LCMapStringA, LCMapStringW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, IsBadCodePtr, WritePrivateProfileStringA, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, DeleteFileA, GetTempFileNameA, GetModuleFileNameA, GlobalFree, SizeofResource, LoadResource, FindResourceA, GlobalAlloc, SetCurrentDirectoryA, InterlockedDecrement, GetVersionExA, GetVersion, lstrlenA, lstrlenW, GetCPInfo, LockResource, lstrcmpiA, GetDriveTypeA, GetWindowsDirectoryA, FileTimeToSystemTime, FileTimeToLocalFileTime, FindClose, FindFirstFileA, GetFileAttributesA, SetFileAttributesA, FindNextFileA, RemoveDirectoryA, WaitForSingleObject, CopyFileA, CloseHandle, GetFileSize, CreateFileA, MulDiv, SetErrorMode, GetOEMCP, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalAlloc, GetCurrentThread, IsBadReadPtr, IsBadWritePtr, GetThreadLocale, GetVolumeInformationA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetCurrentProcess, DuplicateHandle, lstrcmpA, SuspendThread, SetThreadPriority, ResumeThread, SystemTimeToFileTime, FormatMessageA, LocalFree, MultiByteToWideChar, InterlockedIncrement, GlobalLock, GlobalUnlock, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetModuleHandleA, ReadFile, lstrcpynA, GetFileTime, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, WriteFile, GetFullPathNameA, CreateThread, ResetEvent, CreateDirectoryA, TerminateThread, ExpandEnvironmentStringsA, CreateToolhelp32Snapshot, Process32First, Process32Next, GetSystemTime, GetComputerNameA, SetEvent, CreateEventA, Sleep, CreateProcessA, GetLastError, GetExitCodeProcess, HeapAlloc, HeapFree, WideCharToMultiByte, SetLastError, OpenProcess, GetProcAddress, TerminateProcess, GetTempPathA, GetSystemDirectoryA, lstrcatA, WinExec, lstrcpyA, LoadLibraryA, FreeLibrary, Beep

> USER32.dll: RegisterClipboardFormatA, SetParent, GetNextDlgGroupItem, CopyAcceleratorTableA, CharNextA, SetCapture, GetDCEx, GetClassNameA, MapDialogRect, SetWindowContextHelpId, CharUpperA, SetRectEmpty, GetMessageA, ValidateRect, DestroyMenu, EndDialog, CreateDialogIndirectParamA, LoadStringA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, IsWindowEnabled, ShowWindow, MoveWindow, SetWindowTextA, SetDlgItemTextA, EndPaint, BeginPaint, SendDlgItemMessageA, MapWindowPoints, SetActiveWindow, SetFocus, AdjustWindowRectEx, EqualRect, DeferWindowPos, SetScrollInfo, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowPos, IntersectRect, GetWindowPlacement, GetFocus, GetCursorPos, SetScrollPos, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode, DestroyCursor, DestroyIcon, RegisterWindowMessageA, MessageBoxA, PostQuitMessage, IsWindowVisible, IsIconic, DrawIcon, GetSystemMenu, LoadIconA, PostThreadMessageA, LockWindowUpdate, GetWindowThreadProcessId, EnumWindows, LoadCursorA, CopyIcon, IsWindow, MessageBeep, SetWindowLongA, TrackPopupMenu, BringWindowToTop, GetMessagePos, ScreenToClient, KillTimer, ReleaseCapture, PtInRect, SetTimer, UpdateWindow, PeekMessageA, DispatchMessageA, IsDialogMessageA, TranslateMessage, GetWindowDC, SetWindowRgn, GrayStringA, GetSubMenu, TabbedTextOutA, GetSysColorBrush, GetMenuStringA, CreateMenu, CreatePopupMenu, GetMenuItemID, GetMenuState, ModifyMenuA, GetMenuItemCount, AppendMenuA, GetWindowLongA, SendMessageA, IsMenu, GetNextDlgTabItem, GetParent, SetCursor, InvalidateRect, GetActiveWindow, WindowFromPoint, ClientToScreen, PostMessageA, GetWindowRect, DrawFocusRect, InflateRect, CopyRect, GetClientRect, OffsetRect, DrawStateA, FillRect, GetSysColor, ReleaseDC, GetDC, CreateIconIndirect, GetIconInfo, LoadImageA, FrameRect, EnableWindow, CopyImage, LoadBitmapA, GetMenuItemInfoA, SetRect, DrawEdge, SystemParametersInfoA, DrawIconEx, DrawTextA, GetDesktopWindow, GetSystemMetrics, GetScrollInfo

> GDI32.dll: ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetTextExtentPoint32W, SelectClipRgn, ExcludeClipRect, IntersectClipRect, MoveToEx, LineTo, SetViewportExtEx, GetViewportExtEx, GetWindowExtEx, CreatePatternBrush, GetMapMode, SetRectRgn, CreateRectRgnIndirect, DPtoLP, StretchDIBits, GetCharWidthA, GetTextMetricsA, GetTextColor, LPtoDP, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetClipBox, GetCurrentObject, CreateFontIndirectA, CreateSolidBrush, CreatePen, GetBkMode, GetDeviceCaps, CreateFontA, GetObjectA, GetPixel, SetPixel, CreateBitmap, SelectObject, SetBkColor, CreateRoundRectRgn, GetDIBits, CreateRectRgn, CombineRgn, GetBkColor, StretchBlt, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetTextExtentPointA, CreateDIBitmap, PatBlt, CreateDIBSection, Ellipse, CreateCompatibleBitmap, GetStockObject, DeleteObject, SetTextColor, DeleteDC, BitBlt, CreateCompatibleDC, GetTextExtentPoint32A

> comdlg32.dll: GetOpenFileNameA, GetFileTitleA, GetSaveFileNameA

> WINSPOOL.DRV: ClosePrinter, OpenPrinterA, DocumentPropertiesA

> ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, RegQueryValueA, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, GetUserNameA, RegQueryValueExA

> SHELL32.dll: SHBrowseForFolderA, SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderPathA, ShellExecuteA, ShellExecuteExA

> COMCTL32.dll: ImageList_GetIconSize, ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageInfo, ImageList_Draw, ImageList_AddMasked, _TrackMouseEvent, ImageList_SetBkColor, ImageList_GetBkColor, -, ImageList_Destroy, ImageList_Create, ImageList_LoadImageA, ImageList_DrawIndirect, ImageList_GetImageCount

> oledlg.dll: -

> ole32.dll: CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoTaskMemAlloc, CoTaskMemFree, CoFreeUnusedLibraries, CLSIDFromProgID, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, CoCreateInstance, OleRun, CreateStreamOnHGlobal, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoCreateGuid, CLSIDFromString

> OLEPRO32.DLL: -, -, -

> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -

> urlmon.dll: URLDownloadToCacheFileA

> WINMM.dll: PlaySoundA

 

( 0 exports )

 

Deuxième fichier

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.93 2009.02.11 -

AhnLab-V3 5.0.0.2 2009.02.11 -

AntiVir 7.9.0.76 2009.02.11 -

Authentium 5.1.0.4 2009.02.11 -

Avast 4.8.1335.0 2009.02.10 -

AVG 8.0.0.229 2009.02.11 -

BitDefender 7.2 2009.02.11 -

CAT-QuickHeal 10.00 2009.02.11 -

ClamAV 0.94.1 2009.02.11 -

Comodo 974 2009.02.11 -

DrWeb 4.44.0.09170 2009.02.11 -

eSafe 7.0.17.0 2009.02.11 -

eTrust-Vet 31.6.6350 2009.02.11 -

F-Prot 4.4.4.56 2009.02.11 -

F-Secure 8.0.14470.0 2009.02.11 -

Fortinet 3.117.0.0 2009.02.11 -

GData 19 2009.02.11 -

Ikarus T3.1.1.45.0 2009.02.11 -

K7AntiVirus 7.10.627 2009.02.11 -

Kaspersky 7.0.0.125 2009.02.11 -

McAfee 5522 2009.02.10 -

McAfee+Artemis 5522 2009.02.10 -

Microsoft 1.4306 2009.02.11 -

NOD32 3846 2009.02.11 -

Norman 6.00.02 2009.02.11 -

nProtect 2009.1.8.0 2009.02.11 -

Panda 10.0.0.10 2009.02.11 -

PCTools 4.4.2.0 2009.02.11 -

Prevx1 V2 2009.02.11 -

Rising 21.16.22.00 2009.02.11 -

SecureWeb-Gateway 6.7.6 2009.02.11 -

Sophos 4.38.0 2009.02.11 -

Sunbelt 3.2.1851.2 2009.02.11 -

Symantec 10 2009.02.11 -

TheHacker 6.3.1.85.252 2009.02.11 -

TrendMicro 8.700.0.1004 2009.02.11 -

VBA32 3.12.8.12 2009.02.11 -

ViRobot 2009.2.11.1600 2009.02.11 -

VirusBuster 4.5.11.0 2009.02.11 -

Information additionnelle

File size: 1817 bytes

MD5...: c3cb3ee13a99744b6ee08727bdf677bd

SHA1..: a6ba0fafa75f9e245e61661d81a6f91b2e7da511

SHA256: 96dadfccbe6cf4d00c487634befd75964edaac710d42706a8e02c74f6547e137

SHA512: efa1bac5b9df02fdd378316cd4500723a6f7d01e20733f00d0d2587390078510

02c3e048f3d3e5702f4ef2d0b5bf6a166db839fddac0a28497c90ed320ce9323

 

ssdeep: 48:XGmjShkZZAiMn5rg4YqSRZOPOyZppFlCaealJ:2EShKw5rg4bGOGyZppZ

 

PEiD..: -

TrID..: File type identification

Generic INI configuration (100.0%)

PEInfo: -

 

Troisième fichier:

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.93 2009.02.11 -

AhnLab-V3 5.0.0.2 2009.02.11 -

AntiVir 7.9.0.76 2009.02.11 -

Authentium 5.1.0.4 2009.02.11 -

Avast 4.8.1335.0 2009.02.10 -

AVG 8.0.0.229 2009.02.11 -

BitDefender 7.2 2009.02.11 -

CAT-QuickHeal 10.00 2009.02.11 -

ClamAV 0.94.1 2009.02.11 -

Comodo 974 2009.02.11 -

DrWeb 4.44.0.09170 2009.02.11 -

eSafe 7.0.17.0 2009.02.11 -

eTrust-Vet 31.6.6350 2009.02.11 -

F-Prot 4.4.4.56 2009.02.11 -

F-Secure 8.0.14470.0 2009.02.11 -

Fortinet 3.117.0.0 2009.02.11 -

GData 19 2009.02.11 -

Ikarus T3.1.1.45.0 2009.02.11 -

K7AntiVirus 7.10.627 2009.02.11 -

Kaspersky 7.0.0.125 2009.02.11 -

McAfee 5522 2009.02.10 -

McAfee+Artemis 5522 2009.02.10 -

Microsoft 1.4306 2009.02.11 -

NOD32 3846 2009.02.11 -

Norman 6.00.02 2009.02.11 -

nProtect 2009.1.8.0 2009.02.11 -

Panda 10.0.0.10 2009.02.11 -

PCTools 4.4.2.0 2009.02.11 -

Prevx1 V2 2009.02.11 -

Rising 21.16.22.00 2009.02.11 -

SecureWeb-Gateway 6.7.6 2009.02.11 -

Sophos 4.38.0 2009.02.11 -

Sunbelt 3.2.1851.2 2009.02.11 -

Symantec 10 2009.02.11 -

TheHacker 6.3.1.85.252 2009.02.11 -

TrendMicro 8.700.0.1004 2009.02.11 -

VBA32 3.12.8.12 2009.02.11 -

ViRobot 2009.2.11.1600 2009.02.11 -

VirusBuster 4.5.11.0 2009.02.11 -

Information additionnelle

File size: 71 bytes

MD5...: 37aa1e187e7401ab0bbb081eed194981

SHA1..: ea7ed3bdd9a64bcc5cce047fab31bc66e4865ec5

SHA256: ddd517e0361562a9af767807e2eec19b553c6b3d151f65a90970e0084c0a3077

SHA512: c256791dd3bbacac8f99dd6b10a0db164bd0809d2c35f0415e5f7d2f9e0cb0b2

7d04776a80c3f8dbee46d30aaf54d5eb35b0ddd1c6e37701f7e2c2abf4dbc2d5

 

ssdeep: 3:dLhUrcm0bjOPzw3VRLE:du+jEIVRLE

 

PEiD..: -

TrID..: File type identification

Generic INI configuration (100.0%)

PEInfo: -

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...