Désinstaller barre et bloquage de progFermé

Question

Voilà j'ai la barre d'outils SearchToolbar qui s'est installée et je ne peux la supprimer. Comment faire ???De plus les prog Spybot et Ad-aware se bloquent peu après leur démarrage. Merci de m'aider

Kristopher · Accepted Answer

Bonjour ??Pour faire simple :SearchToolbar = Adware.W32.SearchNugget1/ Télécharge et scanne ton PC avec Ewido Security Suite : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.htmlCopie/colle le rapport entier sur le forum.2/ Scanne ton PC avec cet antivirus en ligne :http://www.bitdefender.com/scan8/ie.htmlClique sur "I Agree" et scanne tout le PC.Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).Copie/colle le rapport entier sur le forum.3/ Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html- Installe le dans son propre dossier.Par exemple, C:\HijackThisChoisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htmBonne chance.++

Albertman · Answer

Rapport HijackThis : Logfile of HijackThis v1.99.1Scan saved at 14:48:02, on 22/03/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\SYSTEM\DRIVER
tuser.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXEC:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYSC:\Program Files\Microsoft Hardware\Keyboard	ype32.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\WINDOWS\System32undll32.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\System32\NotifyPhoneBook.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\WINDOWS\vsnpstd.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\Sophos SWEEP for NT\ICMON.EXEC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\ctfmon.exeC:\Documents and Settings\Administrateur\Bureau\Mathieu\Divers\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dllO3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dllO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard	ype32.exe"O4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLLO4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\System32\NBA Live 2006 crack.exeO4 - HKLM\..\Run: [System service79] C:\WINDOWS\\etb\pokapoka79.exeO4 - HKLM\..\Run: [prgsys0984] MONITER.exeO4 - HKLM\..\Run: [WTFCTF] ftbar.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Pense-Bête] C:\Program Files\Pense-bete\pb79d.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXEO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: SMScatcher Texte - C:\Documents and Settings\Administrateur\Bureau\Thierry\getText.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potf_x.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{5D6912DF-0160-406B-8197-5226CF487B79}: NameServer = 85.255.116.134,85.255.112.5O17 - HKLM\System\CCS\Services\Tcpip\..\{6C68F916-3610-49A9-AECB-1067D4F1155C}: NameServer = 85.255.116.134 85.255.112.5O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7D3BD4-E3BD-4CD6-A22D-DA09FCCDCA25}: NameServer = 85.255.116.134,85.255.112.5O17 - HKLM\System\CCS\Services\Tcpip\..\{B124A2D2-C5A2-42BB-BC68-A86A9D43257B}: NameServer = 85.255.116.134,85.255.112.5O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - AppInit_DLLs: MsgPlusLoader.dllO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER
tuser.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXEO23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYSIl ne veut pas me faire le point 1 il y a tjrs un problème

albertman · Answer

Il doit y avoir autre chose comme virus car je ne sais plus aller sur Word et je ne sais plus utiliser MSN........

Kristopher · Answer

Fais ce qui est demandé et dans l'ordre de préférence.

albertman · Answer

Pour le point 1 : Il me met après 27,5 % d'analyse : SecuritySuite.exe a rencontré un problème et doit fermer .....

albertman · Answer

Voilà ce que j'obtiens dans spybot qui plante aussi --- Search result list --- Erreur lors des vérifications!: All-In-One Telcom [19] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) () Erreur lors des vérifications!: All-In-One Telcom [20] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) () Erreur lors des vérifications!: All-In-One Telcom [21] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) () Erreur lors des vérifications!: All-In-One Telcom [22] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) () Erreur lors des vérifications!: All-In-One Telcom [23] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) () Erreur lors des vérifications!: All-In-One Telcom [24] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) () Erreur lors des vérifications!: All-In-One Telcom [39] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) () Erreur lors des vérifications!: All-In-One Telcom [40] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) () Erreur lors des vérifications!: All-In-One Telcom [54] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) () Erreur lors des vérifications!: All-In-One Telcom [55] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) () Erreur lors des vérifications!: All-In-One Telcom [58] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) () Erreur lors des vérifications!: All-In-One Telcom [60] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) () Erreur lors des vérifications!: All-In-One Telcom [68] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) () Erreur lors des vérifications!: All-In-One Telcom [69] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) () --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-03-22 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-03-19 Includes\Cookies.sbi (*) 2006-03-19 Includes\Dialer.sbi (*) 2006-03-19 Includes\Hijackers.sbi (*) 2006-03-19 Includes\Keyloggers.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2006-03-19 Includes\Malware.sbi (*) 2006-03-19 Includes\PUPS.sbi (*) 2006-03-19 Includes\Revision.sbi (*) 2006-03-19 Includes\Security.sbi (*) 2006-03-19 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti 2006-03-19 Includes\Trojans.sbi (*) --- System information --- Windows XP (Build: 2600) Service Pack 1 / DataAccess: Security Update for Microsoft Data Access Components / Windows Media Player: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] / Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] / Windows XP / SP2: Correctif Windows XP - KB823182 / Windows XP / SP2: Correctif Windows XP - KB824105 / Windows XP / SP2: Correctif Windows XP - KB824141 / Windows XP / SP2: Correctif Windows XP - KB825119 / Windows XP / SP2: Correctif Windows XP - KB826939 / Windows XP / SP2: Correctif Windows XP - KB828035 / Windows XP / SP2: Correctif Windows XP - KB828741 / Windows XP / SP2: Correctif Windows XP - KB835732 / Windows XP / SP2: Correctif Windows XP - KB837001 / Windows XP / SP2: Correctif Windows XP (SP2) Q819696 --- Startup entries list --- Located: HK_LM:Run, AME_CSA command: rundll32 amecsa.cpl,RUN_DLL file: Located: HK_LM:Run, ccApp command: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" file: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe size: 72536 MD5: eb1c955e1d279518ec5d6d13caf24a12 Located: HK_LM:Run, CloseDNF command: C:\WINDOWS\System32\Utility.exe \1008 file: C:\WINDOWS\System32\Utility.exe size: 282624 MD5: 62b05f4886742c430f0b5126626eb97f Located: HK_LM:Run, HP Software Update command: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe size: 49152 MD5: 821f73b833c4daebc33c1a9a4b16bb5a Located: HK_LM:Run, HPDJ Taskbar Utility command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe size: 172032 MD5: efa425c96f30751fcd79d7787fe4b075 Located: HK_LM:Run, I downloaded pirated Software from P2P and now I post my Hijack log whining command: C:\WINDOWS\System32\NBA Live 2006 crack.exe file: Located: HK_LM:Run, IntelliType command: "C:\Program Files\Microsoft Hardware\Keyboard ype32.exe" file: C:\Program Files\Microsoft Hardware\Keyboard ype32.exe size: 94208 MD5: b5eca5948d7f8eaa00333231f33ea31a Located: HK_LM:Run, MessengerPlus3 command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe size: 190024 MD5: f5f3a19013808113b1f3dada4379606a Located: HK_LM:Run, NeroCheck command: C:\WINDOWS\system32\NeroCheck.exe file: C:\WINDOWS\system32\NeroCheck.exe size: 155648 MD5: 3e4c03cefad8de135263236b61a49c90 Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup file: C:\WINDOWS\system32\RUNDLL32.EXE size: 32256 MD5: ac0f912ea7571e9c1ad7b64c83f72bd9 Located: HK_LM:Run, nwiz command: nwiz.exe /install file: C:\WINDOWS\system32 wiz.exe size: 323584 MD5: 99b4b415dd1be7325deda3b88df5938a Located: HK_LM:Run, PE2CKFNT SE command: C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe file: C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe size: 25088 MD5: c0e2547956224aef28de1eb169d5bf94 Located: HK_LM:Run, POINTER command: point32.exe file: Located: HK_LM:Run, prgsys0984 command: MONITER.exe file: Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\qttask.exe" -atboottime file: C:\Program Files\QuickTime\qttask.exe size: 77824 MD5: 5d22b4258489575412f6d18affc847a2 Located: HK_LM:Run, snpstd command: C:\WINDOWS\vsnpstd.exe file: C:\WINDOWS\vsnpstd.exe size: 40960 MD5: f14bd811617d3485ef3a8b6bff880024 Located: HK_LM:Run, System service79 command: C:\WINDOWS\\etb\pokapoka79.exe file: Located: HK_LM:Run, TkBellExe command: "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot file: C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe size: 180269 MD5: 006220ee86eb71c5884f415eaa9e8058 Located: HK_LM:Run, WTFCTF command: ftbar.exe file: Located: HK_LM:Run, WTFCTF command: ftbar.exe file: Located: HK_CU:Run, IncrediMail command: C:\Program Files\IncrediMail\bin\IncMail.exe /c file: Located: HK_CU:Run, msnmsgr command: "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background file: C:\PROGRA~1\MSNMES~1\msnmsgr.exe size: 7094272 MD5: 9aeae16c278de790b083bca987824b36 Located: HK_CU:Run, Pense-Bête command: C:\Program Files\Pense-bete\pb79d.exe file: Located: HK_CU:Run, prcmon command: xsetup.exe file: Located: HK_CU:Run, StatusCheck command: 34763.exe file: Located: HK_CU:Run, SYSTRAV command: avpmondll.exe file: Located: HK_CU:Run, taskdir command: C:\WINDOWS\System32 askdir.exe file: C:\WINDOWS\System32 askdir.exe size: 51127 MD5: 6f2ed1b899c1fc62c0e081a8d24fc455 Located: Démarrage (tous utilisateurs), Adobe Gamma Loader.lnk command: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe file: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe size: 110592 MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa Located: Démarrage (tous utilisateurs), InterCheck Monitor.LNK command: C:\Program Files\Sophos SWEEP for NT\ICMON.EXE file: C:\Program Files\Sophos SWEEP for NT\ICMON.EXE size: 208896 MD5: 3aed3bb5c4f05a9939c9fca170a61f48 Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk command: C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe file: C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe size: 29696 MD5: deb88aef013dd1eefb462d7cad642166 Located: Démarrage (tous utilisateurs), Microsoft Office.lnk command: C:\Program Files\Microsoft Office\Office10\OSA.EXE file: C:\Program Files\Microsoft Office\Office10\OSA.EXE size: 83360 MD5: 5bc65464354a9fd3beaa28e18839734a Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- {08BEC6AA-49FC-4379-3587-4B21E286C19E} (SearchToolbar) BHO name: CLSID name: SearchToolbar Path: C:\WINDOWS\System32\ Long name: sycay.dll Short name: Date (created): 22/03/2006 12:04:10 Date (last access): 22/03/2006 19:11:10 Date (last write): 22/03/2006 12:04:10 Filesize: 155648 Attributes: archive MD5: B88F36AD1B0775AAE6B7FCA1C667032D CRC32: A74BBBED Version: 1.0.0.1 {77701e16-9bfe-4b63-a5b4-7bd156758a37} () BHO name: CLSID name: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) BHO name: CLSID name: Google Toolbar Helper description: Google toolbar classification: Open for discussion known filename: googletoolbar.dll
googletoolbar*.dll
(* = number)
googletoolbar_en_*.**-big.dll
Googletoolbar_en_*.*.**-deleon.dll info link: http://toolbar.google.com/ info source: TonyKlein Path: c:\program files\google\ Long name: GoogleToolbar1.dll Short name: GOOGLE~1.DLL Date (created): 23/02/2006 16:38:46 Date (last access): 22/03/2006 19:11:10 Date (last write): 14/02/2006 20:06:14 Filesize: 1204224 Attributes: readonly archive MD5: D91CB7361D7814035F543C7CCAE9DD60 CRC32: 16D568FF Version: 3.0.131.0 --- ActiveX list --- Yahoo! Pool 2 (Yahoo! Pool 2) DPF name: Yahoo! Pool 2 CLSID name: Installer: Codebase: http://download.games.yahoo.com/games/clients/y/potf_x.cab {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) DPF name: CLSID name: Microsoft Office Template and Media Control Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf Codebase: http://office.microsoft.com/templates/ieawsdc.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: IEAWSDC.DLL Short name: Date (created): 23/08/2004 15:18:14 Date (last access): 22/03/2006 16:11:48 Date (last write): 23/08/2004 15:18:14 Filesize: 87240 Attributes: archive MD5: 4A693868D8FA24258FE3800D94D7629E CRC32: 479B10C8 Version: 11.0.6007.0 {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) DPF name: CLSID name: Shockwave ActiveX Control Installer: C:\WINDOWS\Downloaded Program Files\erma.inf Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab description: Macromedia ShockWave Flash Player 7 classification: Unknown known filename: SWDIR.DLL info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Macromed\Director\ Long name: SwDir.dll Short name: Date (created): 19/05/2004 11:43:38 Date (last access): 22/03/2006 16:25:58 Date (last write): 9/09/2004 14:45:18 Filesize: 54488 Attributes: archive MD5: 12EF836DCCCDD0211F3E09D72812B9C6 CRC32: 8038F1E1 Version: 10.1.0.11 {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) DPF name: CLSID name: MSN Photo Upload Tool Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MSNPupld.inf Codebase: http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ Long name: MsnPUpld.dll Short name: Date (created): 8/10/2004 16:01:22 Date (last access): 22/03/2006 16:11:46 Date (last write): 8/10/2004 16:01:22 Filesize: 372736 Attributes: archive MD5: D2ED523BB0FE94F8F492BEFE1C336040 CRC32: C4677625 Version: 10.0.910.0 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) DPF name: CLSID name: BDSCANONLINE Control Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\oscan8.inf Codebase: http://download.bitdefender.com/resources/scan8/oscan8.cab Path: C:\WINDOWS\DOWNLO~1\CONFLICT.1\ Long name: oscan8.ocx Short name: Date (created): 9/03/2005 15:40:44 Date (last access): 22/03/2006 19:11:00 Date (last write): 9/03/2005 15:40:44 Filesize: 475136 Attributes: archive MD5: 38F3695A3824342E29703D28404B121A CRC32: AD9D0B16 Version: 1.0.0.1 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) DPF name: CLSID name: Zylom Games Player Installer: C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf Codebase: http://game02.zylom.com/activex/zylomgamesplayer.cab Path: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\ Long name: zylomgamesplayer.dll Short name: ZYLOMG~1.DLL Date (created): 13/01/2006 17:03:56 Date (last access): 22/03/2006 15:21:52 Date (last write): 28/04/2005 10:43:12 Filesize: 155648 Attributes: archive MD5: DD952BCB596DB2AA9AF8BD89F77CE98F CRC32: 10FBFA3F Version: 2.0.0.0 --- Process list --- PID: 0 ( 0) [System] PID: 596 ( 4) \SystemRoot\System32\smss.exe PID: 684 ( 596) \??\C:\WINDOWS\system32\csrss.exe PID: 708 ( 596) \??\C:\WINDOWS\system32\winlogon.exe PID: 752 ( 708) C:\WINDOWS\system32\services.exe size: 101888 MD5: FC0691097471EE374907E1024EDCBD43 PID: 764 ( 708) C:\WINDOWS\system32\lsass.exe size: 11776 MD5: B7B1C150AFF59455DB4DF082815F88F5 PID: 952 ( 752) C:\WINDOWS\system32\svchost.exe size: 12800 MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 PID: 980 ( 752) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 PID: 1104 ( 752) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 PID: 1196 ( 752) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 PID: 1392 ( 752) C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe size: 234640 MD5: 1785A754806599D81E32556F3175687E PID: 1460 (1432) C:\WINDOWS\Explorer.EXE size: 1008128 MD5: 82FE0D400CB1AC937234467B927B867A PID: 1500 ( 752) C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe size: 255120 MD5: 9C39485B6BFB8F89E5C352BA3F6AB06D PID: 1644 ( 752) C:\WINDOWS\system32\spoolsv.exe size: 51200 MD5: B1CE5287F096895D9BE26EB86F4D5FAF PID: 1736 ( 752) C:\WINDOWS\System32\drivers\CDAC11BA.EXE size: 54784 MD5: C10D484A89EE0566D6A7B45A1D1F310C PID: 1772 ( 752) C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe size: 270336 MD5: 6E7F3D4829335322156BB1E52E6D45F7 PID: 1816 ( 752) C:\WINDOWS\SYSTEM\DRIVER tuser.exe size: 11776 MD5: 80858F87275634946EED13B514222CDB PID: 1884 ( 752) C:\WINDOWS\System32 vsvc32.exe size: 69632 MD5: 26712CF8BE48BC767854927435C0B6A9 PID: 2016 ( 752) C:\WINDOWS\System32\svchost.exe size: 12800 MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 PID: 156 ( 752) C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE size: 159744 MD5: 99F584C7ABD7E58A5F07799B4544EF58 PID: 212 ( 752) C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS size: 290816 MD5: 1297C94D5EA8CFC63493E4B0FFFC1800 PID: 288 (1460) C:\Program Files\Microsoft Hardware\Keyboard ype32.exe size: 94208 MD5: B5ECA5948D7F8EAA00333231F33EA31A PID: 300 (1460) C:\Program Files\Microsoft Hardware\Mouse\point32.exe size: 176128 MD5: 44FCD222D8A4BCFF2C944C081AEAD78C PID: 332 (1460) C:\WINDOWS\System32 undll32.exe size: 32256 MD5: AC0F912EA7571E9C1AD7B64C83F72BD9 PID: 432 (1460) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe size: 172032 MD5: EFA425C96F30751FCD79D7787FE4B075 PID: 440 ( 752) C:\WINDOWS\System32\wdfmgr.exe size: 38912 MD5: C81B8635DEE0D3EF5F64B3DD643023A5 PID: 448 ( 332) C:\WINDOWS\System32\NotifyPhoneBook.exe size: 81920 MD5: C42292B956DD31B3F79640CE5A462C10 PID: 476 (1460) C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe size: 72536 MD5: EB1C955E1D279518EC5D6D13CAF24A12 PID: 536 (1460) C:\Program Files\MessengerPlus! 3\MsgPlus.exe size: 190024 MD5: F5F3A19013808113B1F3DADA4379606A PID: 544 (1460) C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe size: 49152 MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A PID: 564 (1460) C:\WINDOWS\vsnpstd.exe size: 40960 MD5: F14BD811617D3485EF3A8B6BFF880024 PID: 584 (1460) C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe size: 180269 MD5: 006220EE86EB71C5884F415EAA9E8058 PID: 1288 (1460) C:\Program Files\Sophos SWEEP for NT\ICMON.EXE size: 208896 MD5: 3AED3BB5C4F05A9939C9FCA170A61F48 PID: 2448 ( 952) C:\PROGRA~1\INCRED~1\bin\IMApp.exe size: 131113 MD5: 9867991369A9EE0DDB78A80CDE38AA4B PID: 2268 ( 964) C:\WINDOWS\System32\ctfmon.exe size: 13312 MD5: 2C856908EE61424238772508E9FBCBC8 PID: 2844 (1460) C:\Program Files\Messenger\msmsgs.exe size: 1491216 MD5: 86E14CA9134602A7A75C108279D263E0 PID: 2892 (1460) C:\Program Files\ewido anti-malware\SecuritySuite.exe size: 528448 MD5: 87DE2E52B80DDBE0673A20512588DA3C PID: 2872 (2892) C:\WINDOWS\System32\dwwin.exe size: 180224 MD5: 50BBAE1656237FBFE88D8C492A0B5C69 PID: 224 (1460) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 22/03/2006 19:27:11 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL about:blank HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.google.com/ie HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.google.be/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant about:blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.google.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.google.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.google.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/ie HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: NL MSAFD Tcpip [TCP/IP] GUID: {B99D5C5D-BFC6-4DF3-A1BA-6005DEF61424} Filename: C:\Program Files\NetLimiter l_lsp.dll Protocol 1: NL MSAFD Tcpip [UDP/IP] GUID: {8C355D72-E2B2-46BB-AD5E-ECF3651F7897} Filename: C:\Program Files\NetLimiter l_lsp.dll Protocol 2: NL MSAFD Tcpip [RAW/IP] GUID: {BCA02D14-673B-45A5-987A-CCB9CE4325CA} Filename: C:\Program Files\NetLimiter l_lsp.dll Protocol 3: NL RSVP UDP Service Provider GUID: {A6DCBB8A-D425-44D3-99E5-C8739649D012} Filename: C:\Program Files\NetLimiter l_lsp.dll Protocol 4: NL RSVP TCP Service Provider GUID: {4C13D038-0579-4CDC-98A6-D6ACDC2B402E} Filename: C:\Program Files\NetLimiter l_lsp.dll Protocol 10: MSAFD ATM AAL5 GUID: {C3656046-3AAF-11D1-A8C3-00C04FC99C9C} Filename: %SystemRoot%\system32\mswsock.dll Protocol 23: NL LSP GUID: {FFC85092-6E55-4039-B7ED-00DBFD3F3189} Filename: C:\Program Files\NetLimiter l_lsp.dll --- Uninstall list --- a-squared Free 1.6 1.6 (a-squared Free_is1) install location: C:\Program Files\a2 Free\ uninstall cmd: "C:\Program Files\a2 Free\unins000.exe" publisher: Emsi Software GmbH help link: http://forum.emsisoft.com Le Maillon Faible (Activision_lmfUninstallKey) uninstall cmd: C:\PROGRA~1\ACTIVI~1\LEMAIL~1\UNINST~1\UNINST~1.EXE C:\Program Files\Activision\Le Maillon Faible\uninstall\Le Maillon Faible.log Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal) uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG publisher: Lavasoft help link: http://www.lavasoft.com (AddressBook) Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0) version (major): 5 install location: C:\Program Files\Adobe\Acrobat 5.0 install source: C:\Documents and Settings\Administrateur\Local Settings\Temp\pftA~tmp\ uninstall cmd: C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" publisher: Adobe Systems, Inc. help link: http://www.adobe.com/prodindex/acrobat/main.html Adobe Photoshop 7.0.1 7.0.1 (Adobe Photoshop 7.0.1) version (major): 7 install location: C:\Program Files\Adobe\Photoshop 7.0 install source: C:\Documents and Settings\Administrateur\Local Settings\Temp\pft5B~tmp\ uninstall cmd: C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" publisher: Adobe Systems, Inc. Adobe Download Manager 1.2 (Remove Only) (AdobeESD) uninstall cmd: "C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe" (Branding) SafeCast Shared Components (CdaC13Ba) version (major): 2 version (minor): 20 install location: C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\ uninstall cmd: C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall publisher: Macrovision CleanUp! (CleanUp!) uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe (Connection Manager) CopyToDVD Suite 3 3.0.20 (CopyToDVD_is1) install location: C:\Program Files\VSO\ uninstall cmd: "C:\Program Files\VSO\unins000.exe" publisher: VSO Software (DirectAnimation) (DirectDrawEx) DivX 5.0.2 Pro Bundle (DivX 5.0.2 Pro Bundle) uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log DivXG400 (DivXG400) uninstall cmd: "C:\WINDOWS\IPUI_DivXG400.exe" /U /D DJMixStation 2 feat. Virtual DJ (DJMixStation 2 feat. Virtual DJ) uninstall cmd: C:\eJay\DJMIXS~1\UNWISE.EXE C:\eJay\DJMIXS~1\INSTALL.LOG (DjVu) DVD Shrink 3.2 (DVD Shrink_is1) install location: C:\Program Files\DVD Shrink\ uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe" publisher: DVD Shrink help link: http://www.dvdshrink.org (DXM_Runtime) Easy CD-DA Extractor 6.2 (Easy CD-DA Extractor 6.2) uninstall cmd: C:\WINDOWS\iun6002.exe "C:\Program Files\Easy CD-DA Extractor 6\irunin.ini" easyplanet features (easyplanet) uninstall cmd: rundll32.exe C:\PROGRA~1\EASYPL~1\INSTAL~1/INSTAL~1.DLL,EUninstall (EG003) uninstall cmd: C:\WINDOWS\IsUn040c.exe -fc:\Hager\EG003\Uninst.isu Select CashBack (ek1c6msm) uninstall cmd: C:\WINDOWS\ek1c6msm.exe Hager - Tehalit 4.0 (Elcom 4.0) uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"c:\Hager\Elcom 4.0\Uninst.isu" eMule (eMule) uninstall cmd: "C:\Program Files\eMule\Uninstall.exe" ewido anti-malware (ewidoantimalware) install location: C:\Program Files\ewido anti-malware uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe publisher: ewido networks help link: http://www.ewido.net ffdshow (remove only) (ffdshow) uninstall cmd: "C:\Program Files\ffdshow\uninstall.exe" (Fontcore) FusionSoft DVD Player XP Version 4.5 (FusionSoft DVD Player XP_is1) uninstall cmd: "C:\Program Files\FusionSoft DVD Player XP\unins000.exe" publisher: FusionSoft help link: http://fusionsoft.multimania.com HijackThis 1.99.1 1.99.1 (HijackThis) uninstall cmd: C:\Documents and Settings\Administrateur\Bureau\Mathieu\Divers\HijackThis.exe /uninstall publisher: Soeperman Enterprises Ltd. hp deskjet 5100 series (hp deskjet 5100 series_Driver) uninstall cmd: rundll32 hpzcon08.dll,VendorJettison hp deskjet 5100 series hp print screen utility (hp print screen utility) uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe Huffyuv AVI lossless video codec (Remove Only) (HUFFYUV) uninstall cmd: rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF (ICW) (IE40) (IE4Data) (IE5BAKEX) (IEData) Internet Explorer Q832894 (ieupdate) uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf IKEA Home Planner Office (IKEA Home Planner Office) uninstall cmd: C:\PROGRA~1\IKEAHO~1\UNWISE.EXE C:\PROGRA~1\IKEAHO~1\INSTALL.LOG IncrediMail Xe (IncrediMail) uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log (InstallShield Uninstall Information) PowerQuest PartitionMagic 8.0 8.00.000 (InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}) version: 134217728 version (major): 8 estimated size: 46074 install date: 20031017 install location: C:\Program Files\PowerQuest\PartitionMagic 8.0\ install source: D:\Partition Magic 8.0\Setup\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} publisher: PowerQuest comments: PowerQuest Inc. contact: Customer Support Department help link: http://www.powerquest.com/support help telephone: 1-801-226-6834 readme: Readme.txt Electronic Arts Product Registration 1.01.0000 (InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) version: 16842752 version (major): 1 version (minor): 1 estimated size: 1689 install date: 20031214 install source: E:\Support\eapr\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D7D50E0C-27DD-4999-BC05-E026B580F93A} /l1036 publisher: Electronic Arts comments: Vos remarques contact: Service support clientèle help link: http://www.uk.ea.com help telephone: 09067 53 22 53 InterActual Player (InterActual Player) uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe Correctif Windows XP - KB823182 20030724.164137 (KB823182) uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=823182 Correctif Windows XP - KB824105 20030724.164954 (KB824105) uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=824105 Correctif Windows XP - KB824141 20030925.103830 (KB824141) uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=824141 Correctif Windows XP - KB825119 20030828.114011 (KB825119) uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=825119 Correctif Windows XP - KB826939 20030902.221438 (KB826939) uninstall cmd: C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=826939 Correctif Windows XP - KB828035 20031021.165340 (KB828035) uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=828035 Correctif Windows XP - KB828741 20040305.182524 (KB828741) uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=828741 Correctif Windows XP - KB835732 20040329.175712 (KB835732) uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=835732 Correctif Windows XP - KB837001 20040317.231038 (KB837001) uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=837001 LiveUpdate 1.90 (Symantec Corporation) 1.90.15.0 (LiveUpdate) install location: C:\Program Files\Symantec\LiveUpdate uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U publisher: Symantec Corporation Macromedia Shockwave Player (Macromedia Shockwave Player) uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Configurateur électronique (magnet) uninstall cmd: C:\WINDOWS\IsUn040c.exe -fc:\Hager\Magnet\Uninst.isu Micro Application - Kit d'Impression CD 2000 (Micro Application - Kit d'Impression CD 2000) uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Kit d'Impression CD 2000\Uninst.isu" (Microsoft NetShow Player 2.0) (MobileOptionPack) (MPlayer2) Messenger Plus! 3 (MsgPlus! Plugin) uninstall cmd: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove (MsJavaVM) Barre d'outils MSN (MSN Toolbar) uninstall cmd: C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\mtbs.exe c Complément MSN pour Windows Messenger (MSNEXT) uninstall cmd: rundll32.exe "C:\Program Files\Messenger\MSGSC.dll",UnregisterMSNExt Neodivx 9.2 Crystal Fusion (Neodivx 9.2 Crystal Fusion_is1) uninstall cmd: "C:\Program Files\Neodivx\unins000.exe" publisher: Neodivx 9.2 Crystal Fusion help link: http://www.neodivx.org Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey) uninstall cmd: C:\Program Files\Ahead ero\uninstall\UNNERO.exe /UNINSTALL NetLimiter 1.30 (remove only) (NetLimiter) uninstall cmd: "C:\Program Files\NetLimiter luninst.exe" (NetMeeting) Nikon FotoShare 1.0.1.0 (Nikon FotoShare) uninstall cmd: C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG contact: FotoSharefr@pixology.com NVIDIA Windows 2000/XP Display Drivers (NVIDIA) uninstall cmd: C:\WINDOWS\System32\msiuins.exe Outlook Express Q837009 (oeupdate) uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf (OutlookExpress) (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Plitote boeder Sm@rtScan (Plitote boeder Sm@rtScan) uninstall cmd: C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\TWAIN_32\Sm@rtScan\Uninst.isu Intel(R) PRO Network Adapters and Drivers (PROSet) uninstall cmd: Prounstl.exe Correctif Windows XP (SP2) Q819696 20030513.103008 (Q819696) uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=819696 Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] (Q828026) uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=828026 QuickTime (QuickTime) uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log (RealJukebox 1.0) uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB 1puninst.exe RealNetworks|RealPlayer|6.0 RealPlayer (RealPlayer 6.0) uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB 1puninst.exe RealNetworks|RealPlayer|6.0 (SchedulingAgent) Semiolog (Semiolog2) uninstall cmd: C:\WINDOWS\IsUn040c.exe -fc:\Hager\Semiolog\Uninst.isu (Sevinst) Shockwave (Shockwave) uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Macromedia Flash Player 8 8 (ShockwaveFlash) uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 publisher: Macromedia help link: http://www.macromedia.com/go/flashplayer_support/ SMScatcher (SMScatcher) uninstall cmd: C:\WINDOWS\GPInstall.exe "/UNINST=C:\Documents and Settings\Administrateur\Bureau\Thierry\UnInst.log" "/APPNAME=SMScatcher" Sophos Anti-Virus version 3.86.1 (Sophos-SweepNT) uninstall cmd: "C:\Program Files\Sophos SWEEP for NT\setup.exe" remove Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1) install location: C:\Program Files\Spybot - Search & Destroy\ uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe" publisher: Safer Networking Limited TextBridge Classic 2.0 (TextBridge Classic 2.0) uninstall cmd: "C:\Program Files\TextBridge Classic 2.0\bin\setup.exe" -funinst.ins Top Congés 1.2.0.5 (Top Congés_is1) install location: C:\Program Files\Top Conges\ uninstall cmd: "C:\Program Files\Top Conges\unins000.exe" publisher: LOGIC ANTILLES help link: mailto:support@logicantilles.com Ulead Photo Express 2.0 SE (Ulead Photo Express 2.0 SE) uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\IS32Inst.dll" (UninstallWipModem) Windows Media Format Runtime (Windows Media Format Runtime) uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Lecteur Windows Media 10 (Windows Media Player) uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall WinISO 5.3 (WinISO_is1) uninstall cmd: "C:\Program Files\WinISO\unins000.exe" publisher: WinISO Computing Inc. help link: http://www.winiso.com Archiveur WinRAR (WinRAR archiver) uninstall cmd: C:\Program Files\WinRAR\uninstall.exe WinZip 8.1 SR-1 (5266f) (WinZip) version (major): 8 version (minor): 1 install location: C:\PROGRA~1\WINZIP\ uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall publisher: WinZip Computing, Inc. help link: http://www.winzip.com/wzredir.cgi?FRSWZX XviD Video Codec 24062003-1 (Koepi's developer build) (XviD) uninstall cmd: "C:\Program Files\XviD\UninstXviD.exe" Zylom Games Player Plugin (Zylom Games Player Plugin) install location: C:\Program Files\Zylom Games\ uninstall cmd: "C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall publisher: Zylom Games Microsoft Office 2000 CD-ROM 2 9.00.2720 ({0004040C-78E1-11D2-B60F-006097C998E7}) version: 150997664 version (major): 9 estimated size: 67249 install date: 20031019 install source: E:\ uninstall cmd: MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7} publisher: Microsoft Corporation help link: http://www.microsoft.com/support Adobe Photoshop Album 2.0 Edition Découverte 2.00.000 ({11B569C2-4BF6-4ED0-9D17-A4273943CB24}) version: 33554432 version (major): 2 estimated size: 15975 install date: 20050328 install source: C:\WINDOWS\Downloaded Installations\{FB590DCB-74FE-4352-A2C5-1BEAAC216F7E}\ uninstall cmd: MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24} publisher: Adobe Systems, Inc. readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0 eadme.txt HP Software Update 3.0.5.001 ({15EE79F4-4ED1-4267-9B0F-351009325D7D}) version: 50331653 version (major): 3 estimated size: 3910 install date: 20050404 install source: C:\WINDOWS\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\ uninstall cmd: MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} publisher: Hewlett-Packard contact: http://www.hp.com/support AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC}) install location: C:\Program Files\DivX Microsoft IntelliPoint 4.1 4.10.0851 ({1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}) version: 67765075 version (major): 4 version (minor): 10 estimated size: 6040 install date: 20031015 install source: e:\mouse\Setup\ publisher: Microsoft Corporation help link: http://microsoft.com/support help telephone: Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F}) uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" J2SE Runtime Environment 5.0 Update 1 1.5.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0150010}) version: 17104896 version (major): 1 version (minor): 5 estimated size: 154001 install date: 20050613 install source: http://java.sun.com/webapps/download/GetFile/1.5.0_01-b08/windows-i586/ uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010} publisher: Sun Microsystems, Inc. contact: http://java.com help link: http://java.com readme: C:\Program Files\Java\jre1.5.0_01\README.txt WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227}) version: 154278257 version (major): 9 version (minor): 50 estimated size: 2652 install date: 20031014 install source: C:\WINDOWS\System32\ publisher: Microsoft Corporation help link: http://www.microsoft.com/windows USB PC Camera 4.6.0.1 ({57383270-6F61-4DC8-A9B8-C1745FC29F38}) version: 67502080 install location: C:\Program Files\Sonix\USB PC Camera uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9 PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Symantec Network Driver Update 5.3.2 ({6AF90EF6-F7F9-466C-99F4-1774826FBB40}) version: 84082690 version (major): 5 version (minor): 3 estimated size: 2253 install date: 20040723 install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.0_E\ uninstall cmd: MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40} publisher: Symantec Corporation PartitionMagic 8.00.000 ({6BE2A4A4-99FB-48ED-AE1E-4E850389F804}) version: 134217728 version (major): 8 estimated size: 46074 install date: 20031017 install location: C:\Program Files\PowerQuest\PartitionMagic 8.0\ install source: D:\Partition Magic 8.0\Setup\ publisher: PowerQuest comments: PowerQuest Inc. contact: Customer Support Department help link: http://www.powerquest.com/support help telephone: 1-801-226-6834 readme: Readme.txt Java 2 Runtime Environment, SE v1.4.2_03 1.4.2_03 ({7148F0A8-6813-11D6-A77B-00B0D0142030}) version (major): 1 version (minor): 4 estimated size: 109952 install date: 20040907 install source: C:\Documents and Settings\Administrateur\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\ uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} publisher: Sun Microsystems, Inc. comments: http://www.java.com contact: http://www.java.com help link: http://www.java.com help telephone: http://www.java.com readme: Lisez-moi.txt DivX 6.0.3 ({7B63B2922B174135AFC0E1377DD81EC2}) install location: C:\Program Files\DivX uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC publisher: DivXNetworks, Inc. DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9}) install location: C:\Program Files\DivX uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER publisher: DivXNetworks, Inc. Microsoft Office XP Professional 10.0.2627.5 ({9211040C-6000-11D3-8CFE-0050048383C9}) version: 167774787 version (major): 10 estimated size: 508394 install date: 20031014 install location: INSTALLLOCATION install source: D:\ uninstall cmd: MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM Découvrez la photographie numérique HP ({92B3EF78-3DB2-4DED-8DD1-F2DDF6EC2DF3}) uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B3EF78-3DB2-4DED-8DD1-F2DDF6EC2DF3}\Setup.exe" -l0x40c CopyToDVD 2.4.15 ({93884E34-FD8F-46A9-A4D4-402868A5D51F}_is1) uninstall cmd: "C:\Program Files\vso\CopyToDVD\unins000.exe" publisher: VSO Software Microsoft IntelliType Pro 2.2 2.20.447.0 ({9DE006A5-B384-4EDE-A760-0F217136B9EA}) version: 34865599 version (major): 2 version (minor): 20 estimated size: 6717 install date: 20031015 install source: e:\keyboard\Setup\ publisher: Microsoft help link: http://microsoft.com/support help telephone: Adobe Reader 7.0 - Français 7.0.0 ({AC76BA86-7AD7-1036-7B44-A70000000000}) version: 117440512 version (major): 7 estimated size: 74760 install date: 20060313 install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA\ uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000} publisher: Adobe Systems Incorporated comments: contact: help link: http://www.adobe.fr/support/main.html help telephone: readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm Disque de souvenirs HP 1.0.4.805 ({B376402D-58EA-45EA-BD50-DD924EB67A70}) version: 16777220 version (major): 1 estimated size: 23760 install date: 20031020 install source: E:\applications\cue\HPMD\ uninstall cmd: MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70} publisher: Hewlett-Packard Company comments: logiciel Créateur de disque de souvenirs HP help link: http://www.hp.com help telephone: (208) 323-2551 MSN Messenger 7.5 7.5.0324.0 ({BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}) version: 117768516 version (major): 7 version (minor): 5 estimated size: 67111 install date: 20060210 install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\ uninstall cmd: MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5} publisher: Microsoft Corporation Produit Suite driver modem ADSL ({BEBED42E-0BF4-11D5-928C-0060677630C4}) uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEBED42E-0BF4-11D5-928C-0060677630C4}\Setup.exe" Nikon Message Center 0.91.000 ({D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) version: 5963776 install location: C:\Program Files\Fichiers communs\Nikon\Message Center uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL Symantec Script Blocking Installer 1.0.0 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138}) version: 16777216 version (major): 1 estimated size: 385 install date: 20041007 install source: D:\Support\ScrBlock\ uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} publisher: Symantec CC_ccStart 2.0.0.635 ({D6414CC7-F215-467F-88B1-546ED863F35B}) version: 33554432 version (major): 2 install date: 20041007 install source: D:\Support\ccStart\ uninstall cmd: MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B} publisher: Symantec Corporation Electronic Arts Product Registration 1.01.0000 ({D7D50E0C-27DD-4999-BC05-E026B580F93A}) version: 16842752 version (major): 1 version (minor): 1 estimated size: 1689 install date: 20031214 install source: E:\Support\eapr\ publisher: Electronic Arts comments: Vos remarques contact: Service support clientèle help link: http://www.uk.ea.com help telephone: 09067 53 22 53 ccCommon 2.0.0.635 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB}) version: 33554432 version (major): 2 estimated size: 4340 install date: 20041007 install source: D:\Support\ccCommon\ uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} publisher: Symantec SymNet 4.7.1 ({E47EE8FB-ACC0-4608-859C-4E2851B18A6A}) version: 67567617 version (major): 4 version (minor): 7 estimated size: 60 install date: 20041007 install source: D:\Support\SymNet\ uninstall cmd: MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A} publisher: Symantec Corp Norton AntiVirus Parent MSI 10.0.0 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43}) version: 167772160 version (major): 10 estimated size: 1 install date: 20041007 install source: D:\NAV\ uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} publisher: Symantec Corp. 1.9.2.1705 ({E9F81423-211E-46B6-9AE0-38568BC5CF6F}) version: 17367042 version (major): 1 version (minor): 9 estimated size: 3925 install date: 20051219 install source: C:\Documents and Settings\Administrateur\Bureau\Mathieu\Divers\Alcohol 120% v1.9.2.1705 Multilanguage Serial (Ok)\Alcohol 120% v1.9.2.1705 Multilanguage + serial (OK)\ uninstall cmd: MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} help link: alcohol_dev@alcohol-soft.com MP3 Player 2.0.0 ({EA470D3B-058E-4772-B020-3C8C1F652A2E}) version: 33554432 version (major): 2 estimated size: 2220 install date: 20041020 install source: D:\PCTOOLS\ uninstall cmd: MsiExec.exe /I{EA470D3B-058E-4772-B020-3C8C1F652A2E} publisher: MP3 CM 03-04 4.1.0 ({F71C0208-1D32-439D-9257-F90F0BAACE6A}) version: 67174400 version (major): 4 version (minor): 1 estimated size: 429317 install date: 20040730 install source: D:\ publisher: Eidos comments: Please contact Eidos Technical Support with any issues concerning CM4 contact: Technical Support help link: http://www.eidos.co.uk/support/index.html help telephone: 0870 9000 0222 readme: http://www.sigames.com hp deskjet 5100 1.00.0000 ({FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}) version: 16777216 version (major): 1 estimated size: 36925 install date: 20031020 install source: E:\ uninstall cmd: msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D} publisher: Hewlett-Packard help link: http://www.hp.com help telephone: - readme: 0 PictureProject 1.0 ({FF3999BE-1A7B-4738-88AA-97BF14094A4A}) version: 16777216 install location: C:\Program Files\Nikon\PictureProject uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL --- System Services --- Service (registry key): a347bus Image path: System32\DRIVERS\a347bus.sys Image size: 160640 Image MD5: 1F61CACACB521215F39061789147968C Start: 0 Type: 1 Error Control: 1 Service (registry key): a347scsi Image path: System32\Drivers\a347scsi.sys Image size: 5248 Image MD5: 113E4B318BBAA7483CA4E582A4D63F49 Start: 0 Type: 1 Error Control: 0 Service (registry key): Abiosdsk Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Display name: Pilote ACPI Microsoft Image path: System32\DRIVERS\ACPI.sys Image size: 180224 Image MD5: FFDEF54A7A4519CF7117536D43DEEFAB Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Start: 4 Type: 1 Error Control: 1 Service (registry key): aec Display name: Suppresseur d'écho acoustique (Noyau Microsoft) Image path: system32\drivers\aec.sys Image size: 142208 Image MD5: FF773FEDA15E8BD97FD54FE87A0ACDBE Start: 3 Type: 1 Error Control: 1 Service (registry key): AFD Display name: Environnement de prise en charge de réseau AFD Image path: \SystemRoot\System32\drivers\afd.sys Start: 2 Type: 1 Error Control: 1 Service (registry key): AFS2K Display name: AFS2k Start: 1 Type: 1 Error Control: 1 Service (registry key): agp440 Display name: Filtre de bus AGP Intel Image path: System32\DRIVERS\agp440.sys Image size: 25472 Image MD5: 65880045C51AA36184841CEE915A61DF Start: 0 Type: 1 Error Control: 1 Service (registry key): Aha154x Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Start: 4 Type: 1 Error Control: 1 Service (registry key): ALCXWDM Display name: Service for Realtek AC97 Audio (WDM) Image path: system32\drivers\ALCXWDM.SYS Image size: 752764 Image MD5: 02D94D2D336D3DE8C5E8FE04A62D552D Start: 3 Type: 1 Error Control: 1 Service (registry key): Alerter Display name: Avertissement Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ALG Display name: Service de la passerelle de la couche Application Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 41984 Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8 Start: 3 Type: 16 Error Control: 1 Service (registry key): AliIde Start: 4 Type: 1 Error Control: 1 Service (registry key): AmeAtmPc Display name: AmeAtmPc Image path: System32\DRIVERS\AmeAtmPc.sys Image size: 110179 Image MD5: D857FFF08F9EF56C81CD23C3CB583805 Start: 3 Type: 1 Error Control: 1 Service (registry key): amsint Start: 4 Type: 1 Error Control: 1 Service (registry key): AppMgmt Display name: Gestion d'applications Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Start: 3 Type: 32 Error Control: 1 Service (registry key): asc Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Start: 4 Type: 1 Error Control: 1 Service (registry key): Aspi32 Start: 0 Type: 0 Error Control: 0 Service (registry key): AsyncMac Display name: Pilote de média asynchrone RAS Description: Pilote de média asynchrone RAS Image path: System32\DRIVERS\asyncmac.sys Image size: 13568 Image MD5: 03F403B07A884FC2AA54A0916C410931 Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Display name: Contrôleur de disque dur IDE/ESDI standard Image path: System32\DRIV

Kristopher · Answer

Re,Ton dernier message où tu postes ton rapport Spybot est très long et totalement inutile - cela nous gênera juste pour la lecture de nos futures postes liés à tes problèmes. Fais seulement ce qui est demandé si non on va y passez toute la vie...À cause de MessengerPlus! 3 ton PC est devenu une fontaine de spywares ! Désinstalle donc ce programme.Ton PC reste toujours profondément infecté.1/Coche et fixe ces lignes à l'aide de HijackThis :O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dllO2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dllO3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dllO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028Ainsi que ces 017 qui t'envoie directement en Ukraine :O17 - HKLM\System\CCS\Services\Tcpip\..\{5D6912DF-0160-406B-8197-5226CF487B79}: NameServer = 85.255.116.134,85.255.112.5O17 - HKLM\System\CCS\Services\Tcpip\..\{6C68F916-3610-49A9-AECB-1067D4F1155C}: NameServer = 85.255.116.134 85.255.112.5O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7D3BD4-E3BD-4CD6-A22D-DA09FCCDCA25}: NameServer = 85.255.116.134,85.255.112.5O17 - HKLM\System\CCS\Services\Tcpip\..\{B124A2D2-C5A2-42BB-BC68-A86A9D43257B}: NameServer = 85.255.116.134,85.255.112.5 O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER
tuser.exe2/ Clique sur "démarrer"-> "Exécuter…" et tape "services.msc"  Repère ce service néfaste :NTBOOTMGR (NTBOOT)Double clic sur ce service, puis clique sur "Arrêter" et mets les sur "Désactivé".3/ Cherche et efface ce fichier (en gras) :C:\WINDOWS\SYSTEM\DRIVER
tuser.exe4/ Comme les virus ont pénétré dans ton PC :Scanne ton PC avec cet antivirus en ligne : http://www.bitdefender.com/scan8/ie.html Clique sur "I Agree" et scanne tout le PC.Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).Copie/colle le rapport sur le forum.EnsuiteScanne ton PC avec cet antivirus en ligne : http://www.pandasoftware.com/activescan/fr/activescan_principal.htm Copie/colle le rapport sur le forum.5/ Après avoir tout fait dans cet ordre, reposte un nouveau log HijackThis et je te dirai les dernières lignes à fixer.Bien à Toi ;)

albertman · Answer

voilà le rapport de Bitdefender : BitDefender Online Scanner - Real Time Virus Report     Generated at: Thu, Mar 23, 2006 - 16:19:26 --------------------------------------------------------------------------------      Scan Info     Scanned Files 473504 Infected Files 21            Virus Detected     Trojan.Downloader.FFZ 12 Trojan.Fakealert 1 Trojan.Downloader.Tibs.BT 1 Adware.Iectr.A 7             --------------------------------------------------------------------------------     This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

albertman · Answer

Rapport Hijackthis : Logfile of HijackThis v1.99.1Scan saved at 16:22:02, on 23/03/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXEC:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYSC:\Program Files\Microsoft Hardware\Keyboard	ype32.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\WINDOWS\System32undll32.exeC:\WINDOWS\System32\NotifyPhoneBook.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\WINDOWS\vsnpstd.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\System32\wdfmgr.exeC:\PROGRA~1\MSNMES~1\msnmsgr.exeC:\Program Files\Sophos SWEEP for NT\ICMON.EXEC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\dwwin.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\WINDOWS\System32\dwwin.exeC:\Documents and Settings\Administrateur\Bureau\Mathieu\Divers\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard	ype32.exe"O4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLLO4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [prgsys0984] MONITER.exeO4 - HKLM\..\Run: [WTFCTF] ftbar.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Pense-Bête] C:\Program Files\Pense-bete\pb79d.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXEO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: SMScatcher Texte - C:\Documents and Settings\Administrateur\Bureau\Thierry\getText.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potf_x.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6C68F916-3610-49A9-AECB-1067D4F1155C}: NameServer = 85.255.116.134 85.255.112.5O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXEO23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Kristopher · Answer

Re,Tu sais, t'as le droit de t'exprimer et ne pas te contenter de coller seulement les rapports.Aussi, un peu de politesse ne ferait pas de mal à personne…De plus, tu fais empirer la situation après avoir installé un second antivirus - je ne me rappel pas t'avoir dit le faire ?!Si tu n’es pas sûr, tu ferais mieux de demander...Sache une chose : il faut absolument désinstaller un antivirus pour n'en garder qu'un seul, à défaut de voir son PC fortement ralenti entre autres.Le log HT est déjà en meilleur état, mais ce n'est pas encore le top.-> Effectue le scan en ligne de Panda dont tu colleras le rapport (au lieu de faire fi de mes conseils) suivi subséquemment d’un nouveau log HijackThis.bye bye

charlotte901 · Answer

svp j aimerais desactiver le site de zylom.com merci

biboss2a · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:38, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\QWRtaW4\command.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\mrofinu1000106.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
d:\windows\system32\jkwnw64l.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\WINDOWS\system32\sistray.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32svp.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\Rundll32.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32undll32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\VideoLAN\VLC\vlc.exe
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\OLANWPQJ\HiJackThis[1].exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - D:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - D:\WINDOWS\system32\hgGxULEU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D87DCB45-FAA1-4ED0-8550-ECFCF79C3C6C} - D:\WINDOWS\system32\ssqQjHBS.dll
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [{3B-BF-F4-4E-DW}] d:\windows\system32\jkwnw64l.exe DWram
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] D:\WINDOWS\system32
cntlkdn.exe DWram
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Deewoo.lnk = D:\WINDOWS\system32
cntlkdn.exe
O4 - Startup: DW_Start.lnk = D:\WINDOWS\system32\jkwnw64l.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - D:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - D:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: hgGxULEU - D:\WINDOWS\SYSTEM32\hgGxULEU.dll
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\QWRtaW4\command.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE

jammes · Answer

Je désire d'ésinstaller mystart

dexter74 · Answer

Télécharger combofix.
tu le lance , il te ferme le processus explorer , vire les merde et c'est bon.
Tu t'inquiète pas si ta plus le bureau , c'est lui qui le ferme pour empecher les virus qui se met en cache dans le processus explorer.
A la fin du processus fait ce qu'il dise et c'est bon.


Problème résolus.

Marion76 · Answer

Moi aussi j ai se gros proubleme est  ce que quelq un pourais nous aider ??

claude · Answer

Pourquoi est-ce si facile a instler, et si compliquer de faire l'inversse.  D'ou l'expression pourquoi faire simple
lorsque l'on peu faire compliqé.  Claude

arlet · Answer

je n'arrive a debloquer le processus explorer .merci de m'aider

Désinstaller barre et bloquage de prog

17 réponses

Discussions similaires

Newsletters