Malware, virus, pages de pub, difficultés d'installation [RESOLU]

salut,
C'est Jazcasasoft,
Je suis vraiment très :??: inquiets et bouleversé par ces virus insupprimables (Smitfraud-C.Toolbar888+WIN32), ce message d'erreur de chargement de SISPower.dll, ces pages pub intempestives inévitables, cette réinstallation impossible de mon imprimante CanoniP1200, et ce "electrinic-group" dans éditeurs approuvés!!! :fou: et qui sait encore...Je suis déjà atteint d'une infection chronique et j'essaye de lire dans les pages web comment vivre avec...mais C impossible avec tous ça "j'avais cru que le monde est meilleur..." je lance un appel aux âmes charitables de me venir en aide, je suis nouveau dans ce domaine et je ne sais quoi faire.
A vrai dire , je me suis inscrit dans d'autres sites mais c'était très difficile d'envoyer un message. J'espère qu'ici ça marcherait.
Puisque c'est ma 1ère fois, ça ne me pose pas de prob -si vous voulez bien- de me répondre à mon adresse mail.
pour commencer et j'espère que je ne suis pas allé trop vite: voici un HijackThis tout frais :
--------
Logfile of HijackThis v1.99.1
Scan saved at 21:42:55, on 19-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\domino.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VMSnap1.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\hddbdcso.dll
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\levtkvjy.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nhhwoulo.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: ssqonon - C:\WINDOWS\SYSTEM32\ssqonon.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

-----[b][/b]

Message édité par Jazcasasoft le 29-04-2007 à 17:58:27

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Tu as un Windows piraté ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

:hello: Bonjour Angeldark,
Merci d'avoir répondu aussi vite à mon secours. En ce qui concerne Windows c'est une histoire que je vins d'apprendre et je souhaite la régler dès que possible.
J'ai 2 RUNDLL : Erreur de chargement de: "C:\WINDOWS\system32\nhhwoulo.dll" et de "SISPower.dll":
Voici les rapports:
----

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 22:26:08 19-04-2007

Listing files found while scanning....

C:\WINDOWS\system32\apxpepfo.dll
C:\WINDOWS\system32\bkrfjmos.dll
C:\WINDOWS\system32\bmdyxmjl.dll
C:\WINDOWS\system32\bwghxqkx.dll
C:\WINDOWS\system32\cghaqhjo.ini
C:\WINDOWS\system32\eceyswwu.dll
C:\WINDOWS\system32\edyalhgv.dll
C:\WINDOWS\system32\fkyokyxb.dll
C:\WINDOWS\system32\ggnybnqb.dll
C:\WINDOWS\system32\gsdamfgl.dll
C:\WINDOWS\system32\gsmucvoi.dll
C:\WINDOWS\system32\hddbdcso.dll
C:\WINDOWS\system32\hdyxertn.dll
C:\WINDOWS\system32\herdsrdm.dll
C:\WINDOWS\system32\kyhxwvbj.dll
C:\WINDOWS\system32\lgfmadsg.ini
C:\WINDOWS\system32\nhhwoulo.dll
C:\WINDOWS\system32\ntrexydh.ini
C:\WINDOWS\system32\nwhprtgu.dll
C:\WINDOWS\system32\odokpuei.dll
C:\WINDOWS\system32\ojhqahgc.dll
C:\WINDOWS\system32\oluowhhn.ini
C:\WINDOWS\system32\oluowhhn.ini2
C:\WINDOWS\system32\oluowhhn.tmp
C:\WINDOWS\system32\omravkmf.dll
C:\WINDOWS\system32\onjshkje.dll
C:\WINDOWS\system32\orawhnbk.dll
C:\WINDOWS\system32\orvsatuc.dll
C:\WINDOWS\system32\ratihsmk.dll
C:\WINDOWS\system32\sqvdeswq.dll
C:\WINDOWS\system32\srocdsjw.dll
C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\tbtmokpj.dll
C:\WINDOWS\system32\tyethhfb.dll
C:\WINDOWS\system32\ulyaidmx.dll
C:\WINDOWS\system32\vmuhrnqc.dll
C:\WINDOWS\system32\whejtblt.dll
C:\WINDOWS\system32\wkdrmjmf.dll
C:\WINDOWS\system32\wobnvlry.dll
C:\WINDOWS\system32\xkqxhgwb.ini
C:\WINDOWS\system32\ypomdylm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\apxpepfo.dll
C:\WINDOWS\system32\apxpepfo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bkrfjmos.dll
C:\WINDOWS\system32\bkrfjmos.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bmdyxmjl.dll
C:\WINDOWS\system32\bmdyxmjl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bwghxqkx.dll
C:\WINDOWS\system32\bwghxqkx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cghaqhjo.ini
C:\WINDOWS\system32\cghaqhjo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eceyswwu.dll
C:\WINDOWS\system32\eceyswwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\edyalhgv.dll
C:\WINDOWS\system32\edyalhgv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fkyokyxb.dll
C:\WINDOWS\system32\fkyokyxb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggnybnqb.dll
C:\WINDOWS\system32\ggnybnqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsdamfgl.dll
C:\WINDOWS\system32\gsdamfgl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsmucvoi.dll
C:\WINDOWS\system32\gsmucvoi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hddbdcso.dll
C:\WINDOWS\system32\hddbdcso.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdyxertn.dll
C:\WINDOWS\system32\hdyxertn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\herdsrdm.dll
C:\WINDOWS\system32\herdsrdm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kyhxwvbj.dll
C:\WINDOWS\system32\kyhxwvbj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lgfmadsg.ini
C:\WINDOWS\system32\lgfmadsg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nhhwoulo.dll
C:\WINDOWS\system32\nhhwoulo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ntrexydh.ini
C:\WINDOWS\system32\ntrexydh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwhprtgu.dll
C:\WINDOWS\system32\nwhprtgu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\odokpuei.dll
C:\WINDOWS\system32\odokpuei.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ojhqahgc.dll
C:\WINDOWS\system32\ojhqahgc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.ini
C:\WINDOWS\system32\oluowhhn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.ini2
C:\WINDOWS\system32\oluowhhn.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.tmp
C:\WINDOWS\system32\oluowhhn.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\omravkmf.dll
C:\WINDOWS\system32\omravkmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onjshkje.dll
C:\WINDOWS\system32\onjshkje.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orawhnbk.dll
C:\WINDOWS\system32\orawhnbk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orvsatuc.dll
C:\WINDOWS\system32\orvsatuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ratihsmk.dll
C:\WINDOWS\system32\ratihsmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sqvdeswq.dll
C:\WINDOWS\system32\sqvdeswq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\srocdsjw.dll
C:\WINDOWS\system32\srocdsjw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tbtmokpj.dll
C:\WINDOWS\system32\tbtmokpj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tyethhfb.dll
C:\WINDOWS\system32\tyethhfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ulyaidmx.dll
C:\WINDOWS\system32\ulyaidmx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vmuhrnqc.dll
C:\WINDOWS\system32\vmuhrnqc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\whejtblt.dll
C:\WINDOWS\system32\whejtblt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wkdrmjmf.dll
C:\WINDOWS\system32\wkdrmjmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wobnvlry.dll
C:\WINDOWS\system32\wobnvlry.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xkqxhgwb.ini
C:\WINDOWS\system32\xkqxhgwb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ypomdylm.dll
C:\WINDOWS\system32\ypomdylm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 22:37:15 19-04-2007

Listing files found while scanning....

C:\WINDOWS\system32\ssqonon.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Performing Repairs to the registry.
Done!
---------
et,
----
Logfile of HijackThis v1.99.1
Scan saved at 23:05:06, on 19-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\domino.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VMSnap1.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\hddbdcso.dll (file missing)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\levtkvjy.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nhhwoulo.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
--------------
Bonne réception...

Répondre à Jazcasasoft

Tu pourrais répondre à ma question ?

Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bonjour Monsieur,
Merci de votre patience...car je dois reconnaitre que je ne comprend pas la langue anglaise
Après ouverture du combofixe.exe, il m'a donné un message, pour choisir entre le "1" ou le "2"-il n'avait ni y ni n j'ai opté pour le "1" et je crois que ça a marché...enfin j'espère
---------
"Administrateur" - 07-04-20 13:47:04 Service Pack 2
ComboFix 07-04-20V - Running from: C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\

/wow section not completed

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\ajphbhtj.dll
C:\WINDOWS\system32\bcnlpwpd.dll
C:\WINDOWS\system32\afvyvxhu.dll
C:\WINDOWS\system32\aotcxqed.dll
C:\WINDOWS\system32\blpnrwmn.dll
C:\WINDOWS\system32\dkfrwfqi.dll
C:\WINDOWS\system32\frqkfruo.dll
C:\WINDOWS\system32\hbiobpjm.dll
C:\WINDOWS\system32\jbwoaqkt.dll
C:\WINDOWS\system32\mgbfkhrf.dll
C:\WINDOWS\system32\pxajgrry.dll
C:\WINDOWS\system32\qagcagop.dll
C:\WINDOWS\system32\quatfruc.dll
C:\WINDOWS\system32\rvhjeevb.dll
C:\WINDOWS\system32\twatjrxg.dll
C:\WINDOWS\system32\uiditjit.dll
C:\WINDOWS\system32\wfecliwv.dll
C:\WINDOWS\system32\yuhtvfmd.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\bxsvmerj.dll
C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\pmnlk.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\nvs2.inf
C:\Program Files\vsadd-in
C:\WINDOWS\system32\nwkxtvljz_navps.dat
C:\WINDOWS\system32\nwkxtvljz.exe
C:\WINDOWS\system32\nwkxtvljz.dat

((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 ))))))))))))))))))))))))))))))))))

2007-04-20 12:41 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\MailFrontier
2007-04-20 01:07 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-20 01:07 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-04-20 01:07 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-04-20 01:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-20 01:07 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-04-20 01:07 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-04-20 01:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-04-20 01:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-20 01:07 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-20 01:01 125,460 --a------ C:\WINDOWS\system32\vtliijgb.dll
2007-04-19 22:26 <REP> d-------- C:\VundoFix Backups
2007-04-18 13:53 2,658 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-17 23:13 125,460 --a------ C:\WINDOWS\system32\levtkvjy.dll
2007-04-13 22:57 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-04-13 17:18 46,892 --a------ C:\WINDOWS\system32\adadix16.dll
2007-04-13 17:18 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll
2007-04-13 17:18 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin
2007-04-13 17:18 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
2007-04-13 17:18 152,308 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN
2007-04-13 17:18 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN
2007-04-13 17:18 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN
2007-04-13 17:18 152,146 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN
2007-04-13 17:18 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN
2007-04-13 17:18 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN
2007-04-13 17:18 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN
2007-04-13 17:18 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN
2007-04-13 17:18 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN
2007-04-13 17:18 143,360 --a------ C:\WINDOWS\adiras.exe
2007-04-13 17:18 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe
2007-04-13 17:18 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe
2007-04-13 17:18 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2007-04-13 17:18 126,489 --a------ C:\WINDOWS\system32\adiusbaw.sys
2007-04-13 17:18 114,616 --a------ C:\WINDOWS\system32\e4usbaw.sys
2007-04-13 17:10 <REP> d-------- C:\Program Files\Menara
2007-04-13 15:23 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\SYSTRAN
2007-04-13 15:19 <REP> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-04-13 00:07 <REP> d-------- C:\WINDOWS\Prefetch
2007-04-13 00:01 0 --a------ C:\AUTOEXEC.BAT
2007-04-12 23:45 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-12 23:45 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-12 23:33 <REP> d-------- C:\WINDOWS\setup.pss
2007-04-12 19:02 <REP> d-------- C:\DOCUME~1\MONDEN~1\APPLIC~1\Adobe
2007-04-12 17:37 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-04-12 17:37 24,576 --a------ C:\WINDOWS\system32\IdleTrac.dll
2007-04-12 17:37 <REP> d-------- C:\Program Files\Mailinfo
2007-04-12 17:34 <REP> d-------- C:\Program Files\SpeedOptimizer
2007-04-12 17:33 <REP> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-04-12 17:33 <REP> d-------- C:\Program Files\AskPBar
2007-04-12 17:20 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-12 17:19 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-04-12 17:19 <REP> d-------- C:\Program Files\DAP
2007-04-12 15:33 76,082 --a------ C:\WINDOWS\system32\perfc040.dat
2007-04-12 15:33 482,706 --a------ C:\WINDOWS\system32\perfh040.dat
2007-04-12 11:49 492,373 ---hs---- C:\WINDOWS\system32\orqss.bak2
2007-04-12 01:30 <REP> d-------- C:\Program Files\Lavalys
2007-04-11 22:17 <REP> d-------- C:\Program Files\Shareaza
2007-04-11 20:41 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-04-11 11:49 484,741 --ahs---- C:\WINDOWS\system32\orqss.bak1
2007-04-10 17:50 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-10 09:23 <REP> d-------- C:\DOCUME~1\MONDEN~1\APPLIC~1\Google
2007-04-10 09:19 1,048,576 --ah----- C:\DOCUME~1\MONDEN~1\NTUSER.DAT
2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Mes documents
2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Menu D‚marrer
2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Favoris
2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Voisinage r‚seau
2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Voisinage d'impression
2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Modٹles
2007-04-10 09:19 <REP> d-------- C:\DOCUME~1\MONDEN~1\Bureau
2007-04-09 14:25 <REP> d-------- C:\Program Files\SpywareBlaster
2007-04-08 16:36 <REP> d---s---- C:\DOCUME~1\Anass\UserData
2007-04-06 00:52 6,422,611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe
2007-04-04 16:44 <REP> d-------- C:\WINDOWS\RegisteredPackages
2007-04-02 00:16 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-03-31 15:43 229,467 --a------ C:\WINDOWS\RACHook36.dll
2007-03-31 15:43 199,680 --a------ C:\WINDOWS\MediaR36.dll
2007-03-31 15:43 1,770,496 --a------ C:\WINDOWS\MediaDico36Dll.dll
2007-03-31 15:43 <REP> d-------- C:\Program Files\Micro Application
2007-03-30 20:09 <REP> d-------- C:\Program Files\RegCleaner
2007-03-29 21:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-03-29 13:46 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\Talkback
2007-03-28 18:13 <REP> d-------- C:\Program Files\WinZip Self-Extractor
2007-03-28 15:30 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-03-28 15:30 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-03-28 15:30 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-28 15:30 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-03-28 15:30 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-03-28 15:30 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-03-28 15:30 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-03-28 15:30 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-03-28 15:30 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-03-28 15:30 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-03-28 15:30 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-03-28 15:30 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-03-28 15:30 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-03-28 15:30 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-03-28 15:30 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-03-28 15:30 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-03-28 15:30 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-03-28 13:05 <REP> d-------- C:\Program Files\ZIO Interactive
2007-03-28 11:12 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-28 03:32 <REP> d-------- C:\Program Files\Disc2Phone
2007-03-28 03:00 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-27 22:18 <REP> d-------- C:\Program Files\Recuva
2007-03-27 17:43 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-03-27 16:28 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-03-24 19:07 94,208 --a------ C:\WINDOWS\VMCap.exe
2007-03-24 19:07 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2007-03-24 19:07 57,344 --a------ C:\WINDOWS\StillCap.exe
2007-03-24 19:07 49,152 --a------ C:\WINDOWS\VMSnap1.exe
2007-03-24 19:07 49,152 --a------ C:\WINDOWS\domino.exe
2007-03-24 19:07 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-03-24 19:07 195,299 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-03-24 19:07 176,128 --a------ C:\WINDOWS\amcap.exe
2007-03-24 19:07 <REP> d-------- C:\WINDOWS\CatRoot
2007-03-24 19:07 <REP> d-------- C:\Program Files\Vimicro
2007-03-23 21:06 6,029,312 --a------ C:\DOCUME~1\Anass\ntuser.dat
2007-03-23 19:21 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-23 19:21 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-23 19:21 <REP> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-03-22 20:46 49,532 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-03-21 18:15 <REP> d-------- C:\Program Files\SuperUtility
2007-03-21 17:08 <REP> d-------- C:\WINDOWS\speech
2007-03-21 17:08 <REP> d-------- C:\WINDOWS\Lhsp
2007-03-20 22:02 286,720 --a------ C:\WINDOWS\iun506.exe
2007-03-20 17:40 <REP> d-------- C:\Program Files\CCleaner
2007-03-20 13:52 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\Symantec

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-14 07:47 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-14 07:47 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-14 07:45 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-14 07:44 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-14 07:43 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-14 07:42 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-04-13 17:21 -------- d--h----- C:\Program Files\installshield installation information
2007-04-13 00:17 83892 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-04-13 00:17 507178 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-04-12 23:59 23660 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-11 23:25 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\skype
2007-04-10 11:18 712832 --a------ C:\WINDOWS\system32\aswboot.exe
2007-04-09 01:04 241066 --a------ C:\WINDOWS\system32\nwkxtvljz_nav.dat
2007-04-08 20:35 -------- d-------- C:\Program Files\Fichiers communs\real
2007-04-08 20:35 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\real
2007-04-04 13:53 -------- d-------- C:\Program Files\windows media connect 2
2007-04-02 02:23 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\dvdcss
2007-04-02 00:16 -------- d-------- C:\Program Files\skype
2007-03-28 23:50 11739 --a------ C:\WINDOWS\mozver.dat
2007-03-28 07:54 -------- d-------- C:\Program Files\quicktime
2007-03-19 21:21 5954520 --a------ C:\Program Files\windows-kb890830-v1.27.exe
2007-03-19 16:03 509 --a------ C:\WINDOWS\system32\gdnqxvsm_navps.dat
2007-03-19 16:02 6422 --a------ C:\WINDOWS\system32\gdnqxvsm.dat
2007-03-17 20:57 218653 --a------ C:\WINDOWS\system32\gdnqxvsm_nav.dat
2007-03-17 09:50 -------- d-------- C:\Program Files\internetgamebox
2007-03-16 14:39 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\sun
2007-03-16 12:25 315904 --a------ C:\WINDOWS\system32\gdnqxvsm.exe
2007-03-16 12:25 314880 --a------ C:\WINDOWS\system32\gdtfnl.exe
2007-03-13 21:51 -------- d-------- C:\Program Files\google
2007-03-13 21:15 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\google
2007-03-13 20:35 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\leadertech
2007-03-12 13:57 -------- d-------- C:\Program Files\msn messenger
2007-03-12 01:02 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\itslabel
2007-03-11 14:50 -------- d-------- C:\Program Files\alwil software
2007-03-11 13:40 -------- d-------- C:\Program Files\elaborate bytes
2007-03-10 01:01 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-10 01:00 -------- d-------- C:\Program Files\viewpoint
2007-03-10 00:59 -------- d-------- C:\Program Files\java
2007-03-05 13:36 -------- d-------- C:\Program Files\msbuild
2007-03-05 13:32 -------- d-------- C:\Program Files\reference assemblies
2007-03-05 00:21 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\shareaza
2007-03-04 23:37 247207 --a------ C:\WINDOWS\piolet_toolbar_uninstaller_4000.exe
2007-03-03 20:18 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\cyberlink
2007-03-03 16:11 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\nasa
2007-03-03 16:09 -------- d-------- C:\Program Files\nasa
2007-03-03 13:54 -------- d-------- C:\Program Files\Fichiers communs\wise installation wizard
2007-03-03 13:54 -------- d-------- C:\Program Files\ageia technologies
2007-03-02 21:22 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\media player classic
2007-03-02 20:30 -------- d-------- C:\Program Files\Fichiers communs\java
2007-03-02 20:03 -------- d-------- C:\Program Files\mpcstar
2007-03-02 14:07 -------- d-------- C:\Program Files\yahoo!
2007-03-02 12:41 -------- d-------- C:\Program Files\lavasoft
2007-03-02 12:41 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\lavasoft
2007-03-01 22:31 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-03-01 00:05 -------- d-------- C:\Program Files\windows live toolbar
2007-02-28 20:46 -------- d-------- C:\Program Files\windows live safety center
2007-02-27 16:22 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\vlc
2007-02-27 16:11 -------- d-------- C:\Program Files\videolan
2007-02-27 13:49 -------- d-------- C:\Program Files\smart projects
2007-02-27 07:54 2560 --a------ C:\WINDOWS\_msrstrt.exe
2007-02-27 07:51 -------- d-------- C:\Program Files\Fichiers communs\teleca shared
2007-02-27 03:19 -------- d-------- C:\Program Files\messenger
2007-02-27 03:05 -------- d-------- C:\Program Files\msxml 4.0
2007-02-26 21:29 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\adobeum
2007-02-25 22:06 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\ahead
2007-02-24 09:20 -------- d-------- C:\Program Files\winamp3
2007-02-24 09:05 -------- d-------- C:\Program Files\netscape
2007-02-22 21:28 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\apple computer
2007-02-22 20:57 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\teleca
2007-02-22 20:53 -------- d-------- C:\Program Files\Fichiers communs\installshield
2007-02-21 19:54 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\help
2007-02-20 22:41 18432 --a------ C:\WINDOWS\ss3unstl.exe
2007-02-20 19:17 -------- d-------- C:\Program Files\Fichiers communs\ms shared
2007-02-20 18:48 -------- d-------- C:\Program Files\jargon informatique
2007-02-17 17:54 544256 --a------ C:\WINDOWS\system32\autopartnt.exe
2007-02-17 17:17 62 --ahs---- C:\DOCUME~1\Anass\APPLIC~1\desktop.ini
2007-02-17 17:05 37888 --a------ C:\WINDOWS\system32\setupnt.dll
2007-02-17 16:25 0 -rahs---- C:\MSDOS.SYS
2007-02-17 16:25 0 -rahs---- C:\IO.SYS
2007-02-17 16:25 0 --a------ C:\CONFIG.SYS
2007-01-24 15:36 45305 --a------ C:\Program Files\dxdllreg_x86.cab
2007-01-24 15:36 198275 --a------ C:\Program Files\feb2007_xact_x64.cab
2007-01-24 15:36 151583 --a------ C:\Program Files\feb2007_xact_x86.cab
2007-01-24 15:27 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-01-24 15:21 976020 --a------ C:\Program Files\bdaxp.cab
2007-01-24 15:21 917318 --a------ C:\Program Files\apr2006_mdx1_x86.cab
2007-01-24 15:21 91265 --a------ C:\Program Files\oct2006_xinput_x64.cab
2007-01-24 15:21 88102 --a------ C:\Program Files\aug2006_xinput_x64.cab
2007-01-24 15:21 87989 --a------ C:\Program Files\apr2006_xinput_x64.cab
2007-01-24 15:21 86925 --a------ C:\Program Files\oct2005_xinput_x64.cab
2007-01-24 15:21 85235 --a------ C:\Program Files\dxupdate.cab
2007-01-24 15:21 77160 --a------ C:\WINDOWS\dsetup.dll
2007-01-24 15:21 77160 --a------ C:\Program Files\dsetup.dll
2007-01-24 15:21 503144 --a------ C:\WINDOWS\dxsetup.exe
2007-01-24 15:21 49149 --a------ C:\Program Files\oct2006_xinput_x86.cab
2007-01-24 15:21 47018 --a------ C:\Program Files\aug2006_xinput_x86.cab
2007-01-24 15:21 46898 --a------ C:\Program Files\apr2006_xinput_x86.cab
2007-01-24 15:21 46247 --a------ C:\Program Files\oct2005_xinput_x86.cab
2007-01-24 15:21 4163518 --a------ C:\Program Files\apr2006_mdx1_x86_archive.cab
2007-01-24 15:21 213767 --a------ C:\Program Files\dec2006_d3dx10_00_x64.cab
2007-01-24 15:21 193435 --a------ C:\Program Files\dec2006_xact_x64.cab
2007-01-24 15:21 192680 --a------ C:\Program Files\dec2006_d3dx10_00_x86.cab
2007-01-24 15:21 183863 --a------ C:\Program Files\aug2006_xact_x64.cab
2007-01-24 15:21 183321 --a------ C:\Program Files\oct2006_xact_x64.cab
2007-01-24 15:21 181745 --a------ C:\Program Files\jun2006_xact_x64.cab
2007-01-24 15:21 180021 --a------ C:\Program Files\apr2006_xact_x64.cab
2007-01-24 15:21 179247 --a------ C:\Program Files\feb2006_xact_x64.cab
2007-01-24 15:21 1673576 --a------ C:\WINDOWS\dsetup32.dll
2007-01-24 15:21 1673576 --a------ C:\Program Files\dsetup32.dll
2007-01-24 15:21 1575336 --a------ C:\Program Files\dec2006_d3dx9_32_x86.cab
2007-01-24 15:21 1572114 --a------ C:\Program Files\dec2006_d3dx9_32_x64.cab
2007-01-24 15:21 146559 --a------ C:\Program Files\dec2006_xact_x86.cab
2007-01-24 15:21 1413862 --a------ C:\Program Files\oct2006_d3dx9_31_x64.cab
2007-01-24 15:21 1398718 --a------ C:\Program Files\apr2006_d3dx9_30_x64.cab
2007-01-24 15:21 138977 --a------ C:\Program Files\oct2006_xact_x86.cab
2007-01-24 15:21 138195 --a------ C:\Program Files\aug2006_xact_x86.cab
2007-01-24 15:21 1363684 --a------ C:\Program Files\feb2006_d3dx9_29_x64.cab
2007-01-24 15:21 1358864 --a------ C:\Program Files\dec2005_d3dx9_28_x64.cab
2007-01-24 15:21 1351430 --a------ C:\Program Files\aug2005_d3dx9_27_x64.cab
2007-01-24 15:21 1348242 --a------ C:\Program Files\apr2005_d3dx9_25_x64.cab
2007-01-24 15:21 134631 --a------ C:\Program Files\jun2006_xact_x86.cab
2007-01-24 15:21 133991 --a------ C:\Program Files\apr2006_xact_x86.cab
2007-01-24 15:21 1336890 --a------ C:\Program Files\jun2005_d3dx9_26_x64.cab
2007-01-24 15:21 133297 --a------ C:\Program Files\feb2006_xact_x86.cab
2007-01-24 15:21 13265040 --a------ C:\Program Files\dxnt.cab
2007-01-24 15:21 1248387 --a------ C:\Program Files\feb2005_d3dx9_24_x64.cab
2007-01-24 15:21 1156363 --a------ C:\Program Files\bdant.cab
2007-01-24 15:21 1128177 --a------ C:\Program Files\oct2006_d3dx9_31_x86.cab
2007-01-24 15:21 1116109 --a------ C:\Program Files\apr2006_d3dx9_30_x86.cab
2007-01-24 15:21 1085608 --a------ C:\Program Files\feb2006_d3dx9_29_x86.cab
2007-01-24 15:21 1080344 --a------ C:\Program Files\dec2005_d3dx9_28_x86.cab
2007-01-24 15:21 1079850 --a------ C:\Program Files\apr2005_d3dx9_25_x86.cab
2007-01-24 15:21 1078532 --a------ C:\Program Files\aug2005_d3dx9_27_x86.cab
2007-01-24 15:21 1065813 --a------ C:\Program Files\jun2005_d3dx9_26_x86.cab
2007-01-24 15:21 1014113 --a------ C:\Program Files\feb2005_d3dx9_24_x86.cab

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{0A94B111-4504-4e26-AB05-E61E474AA38B} C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\bxsvmerj.dll [x]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{733FD72F-103E-4B9E-BCB9-A76064AF3C72} C:\WINDOWS\system32\ssqonon.dll [x]
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} C:\WINDOWS\system32\ssqro.dll [x]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{CC3F4F56-4E51-4B23-B177-BFA34D3608F9} C:\WINDOWS\system32\vtliijgb.dll
{F4D76F01-7896-458a-890F-E1F05C46069F} C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"domino"="C:\\WINDOWS\\domino.exe"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"VMSnap1"="C:\\WINDOWS\\VMSnap1.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"SpeedOptimizer"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"E06FDXRC_8323390"="\"E:\\Program Files\\Collection Microsoft Encarta 2006\\EDICT.EXE\" -m"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="CLKERN.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\DSLMON.lnk"
"backup"="C:\\WINDOWS\\pss\\DSLMON.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Menara\\dslmon.exe "
"item"="DSLMON"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Outil de mise à jour Google.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk.disabled"
"item"="Outil de mise à jour Google.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrayIcon"
"hkey"="HKLM"
"command"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\domino]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="domino"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\domino.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FDXRC_8323390]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Collection Microsoft Encarta 2006\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sfaiwemc"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\sfaiwemc.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VMSnap1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VMSnap1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2f6c7a-c10f-11db-95e6-4d6564696130}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa981390-ddf9-11db-86ba-4d6564696130}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a5d913-dca9-11db-86dd-4d6564696130}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-20 13:57:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-20 13:57
-------
je vous signale que je viens d'installer ZoneAlarm: il me signale déjà un programme qui me parait bizarre et à qui j'ai prohibé sa manip. en guise de prudence en voici sa fiche technique pour toutes les fins jugées utiles :
nwkxtvljz.exe tente de se connecter à Internet ou à votre réseau local
ZoneAlarm demande si vous souhaitez autoriser la connexion. Aucune brèche n'a été ouverte dans votre système de sécurité. Votre ordinateur est sain.

Dans l'alerte de programme

Propriété de l'alerte Valeur de la propriété de l'alerte Explication technique
Nom du programme nwkxtvljz.exe Un programme de votre ordinateur qui a tenté d'envoyer un paquet IP par Internet ou attend un paquet entrant.
Nom du fichier nwkxtvljz.exe Le nom de fichier du programme que ZoneAlarm a trouvé sur votre ordinateur.
Taille du programme 321536 La taille du fichier exécutable en octets.
Programme MD5 267e1ded90851f42f3ac20242cd1fd38 Le hachage MD5 ou le numéro, identifiant uniquement l'exécutable.
Smart Checksum 134265b5bd6bb6b6bd011a0f4e147694 Le hachage SKIMP ou le numéro, identifiant uniquement l'exécutable.
Date de modification Mar-14-2007 08:23:58 PM Dernière date de modification de nwkxtvljz.exe.
Type de connexion Accès Cette valeur peut représenter tout accès correspondant à une tentative de connexion à Internet de la part de nwkxtvljz.exe ou d'un serveur, ce qui indique que nwkxtvljz.exe attends des connexions provenant d'Internet.
Port distant 1115 Le port que nwkxtvljz.exe utilise sur l'ordinateur distant.
Adresse IP distante 127.0.0.1 L'adresse IP de l'ordinateur distant responsable de l'alerte.
Date de l'alerte Apr-20-2007 06:10:58 AM PDT Heure à laquelle ZoneAlarm a détecté l'alerte sur votre ordinateur.

ZoneAlarm application de la sécurité lors de l'alerte

Propriété de l'alerte Valeur de la propriété de l'alerte Explication technique
Etat du programme Programme connu nwkxtvljz.exe a sollicité l'accès à Internet ou réseau local auparavant et réitère actuellement sa demande.
Zone zone sûre Cette zone ZoneAlarm contient tous les ordinateurs et réseaux que vous jugez fiables tels que les autres ordinateurs de votre réseau local professionnel ou privé.
Cordialement,... :jap:

Répondre à Jazcasasoft

Tu peux reposter un rapport Hijackthis ?

Message édité par Angeldark le 20-04-2007 à 17:03:43

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

:hello:
Merci à vous infiniment d'être très patient avec moi. J'espère que je ne vous dérange pas. Je me sens déjà bien et en bonne main. :jap: Voici le rapport en mode normal (je suis tjrs connecté à Internet):
---------
Logfile of HijackThis v1.99.1
Scan saved at 16:47:55, on 20-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\domino.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VMSnap1.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\bxsvmerj.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------
Bonne réception.
P.S: Lorsque je déplace une page sur le bureau, je vois parfois que les icônes s'y effacent.

Répondre à Jazcasasoft

Re,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,
Fri 04/20/2007 a 17:54:58.79

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\InternetGameBox\" FOUND
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
---
Remerciements...

Répondre à Jazcasasoft

Re,

Avant de commencer, lis la licence de Blacklight (F-Secure)
En lisant ce document, tu as pris connaissance et accepté les conditions d'utilisation de ce programme inclus dans Navilog1.zip.

Télécharge maintenant Navilog1.zip (Il Mafioso)
Enregistre-le sur ton Bureau.
Dézippe le contenu de l'archive en faisant un Clique droit sur Navilog1.zip puis en choisissant Tout Extraire.

Double clique sur Navilog1.bat.
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,
Voici le rapport:
--------
Search Navipromo version 1.1.5 commencé le Fri 04/20/2007 à 18:36:33.25

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\Navilog1_Il Mafioso
Mise a jour le 13.04.2007 a 20h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox trouvé !

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Anass\Application Data ***

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight [...] _help.html

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 04/20/07 at 18:36:35.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ............................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 04/20/07 at 18:43:15 (return code = 0).

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Recherche Clé Magic Control

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\orqss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\orqss.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
C:\WINDOWS\system32\gdnqxvsm.dat trouvé !
**
C:\WINDOWS\system32\gdnqxvsm.dat trouvé !
***
****
C:\WINDOWS\system32\gdnqxvsm_navps.dat trouvé !
*****
C:\WINDOWS\system32\gdnqxvsm_nav.dat trouvé !
C:\WINDOWS\system32\nwkxtvljz_nav.dat trouvé !
******
*******
********
C:\WINDOWS\system32\gdnqxvsm.exe trouvé !
C:\WINDOWS\system32\gdtfnl.exe trouvé !

*** Analyse Terminé le Fri 04/20/2007 à 18:43:41.42 ***
----------
Meilleurs salutations les plus parfaites.

Répondre à Jazcasasoft

Re,

Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, choisis Add more files ?
Rajoute dans la première ligne :

C:\WINDOWS\system32\orqss.bak1
Dans la deuxième :
C:\WINDOWS\system32\orqss.bak2

Clique successivement sur :

- Add Files
- Close Windows
- Remove Vundo

Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt

Redémarre en mode sans échec

Double clique sur Navilog1.bat.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

Ton bureau va disparaître, c'est normal !

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver en mode normal.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
Redémarre normalement puis poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), supprime-les :

electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,
j'espère que je n'ai pas fait une fausse manip. Vraiment, comme un débutant, j'essaye de faire de mon mieux pour ne pas envoyer en l'air un joli travail fait par un Chef. :jap:

--------
VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 22:26:08 19-04-2007

Listing files found while scanning....

C:\WINDOWS\system32\apxpepfo.dll
C:\WINDOWS\system32\bkrfjmos.dll
C:\WINDOWS\system32\bmdyxmjl.dll
C:\WINDOWS\system32\bwghxqkx.dll
C:\WINDOWS\system32\cghaqhjo.ini
C:\WINDOWS\system32\eceyswwu.dll
C:\WINDOWS\system32\edyalhgv.dll
C:\WINDOWS\system32\fkyokyxb.dll
C:\WINDOWS\system32\ggnybnqb.dll
C:\WINDOWS\system32\gsdamfgl.dll
C:\WINDOWS\system32\gsmucvoi.dll
C:\WINDOWS\system32\hddbdcso.dll
C:\WINDOWS\system32\hdyxertn.dll
C:\WINDOWS\system32\herdsrdm.dll
C:\WINDOWS\system32\kyhxwvbj.dll
C:\WINDOWS\system32\lgfmadsg.ini
C:\WINDOWS\system32\nhhwoulo.dll
C:\WINDOWS\system32\ntrexydh.ini
C:\WINDOWS\system32\nwhprtgu.dll
C:\WINDOWS\system32\odokpuei.dll
C:\WINDOWS\system32\ojhqahgc.dll
C:\WINDOWS\system32\oluowhhn.ini
C:\WINDOWS\system32\oluowhhn.ini2
C:\WINDOWS\system32\oluowhhn.tmp
C:\WINDOWS\system32\omravkmf.dll
C:\WINDOWS\system32\onjshkje.dll
C:\WINDOWS\system32\orawhnbk.dll
C:\WINDOWS\system32\orvsatuc.dll
C:\WINDOWS\system32\ratihsmk.dll
C:\WINDOWS\system32\sqvdeswq.dll
C:\WINDOWS\system32\srocdsjw.dll
C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\tbtmokpj.dll
C:\WINDOWS\system32\tyethhfb.dll
C:\WINDOWS\system32\ulyaidmx.dll
C:\WINDOWS\system32\vmuhrnqc.dll
C:\WINDOWS\system32\whejtblt.dll
C:\WINDOWS\system32\wkdrmjmf.dll
C:\WINDOWS\system32\wobnvlry.dll
C:\WINDOWS\system32\xkqxhgwb.ini
C:\WINDOWS\system32\ypomdylm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\apxpepfo.dll
C:\WINDOWS\system32\apxpepfo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bkrfjmos.dll
C:\WINDOWS\system32\bkrfjmos.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bmdyxmjl.dll
C:\WINDOWS\system32\bmdyxmjl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bwghxqkx.dll
C:\WINDOWS\system32\bwghxqkx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cghaqhjo.ini
C:\WINDOWS\system32\cghaqhjo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eceyswwu.dll
C:\WINDOWS\system32\eceyswwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\edyalhgv.dll
C:\WINDOWS\system32\edyalhgv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fkyokyxb.dll
C:\WINDOWS\system32\fkyokyxb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggnybnqb.dll
C:\WINDOWS\system32\ggnybnqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsdamfgl.dll
C:\WINDOWS\system32\gsdamfgl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsmucvoi.dll
C:\WINDOWS\system32\gsmucvoi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hddbdcso.dll
C:\WINDOWS\system32\hddbdcso.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdyxertn.dll
C:\WINDOWS\system32\hdyxertn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\herdsrdm.dll
C:\WINDOWS\system32\herdsrdm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kyhxwvbj.dll
C:\WINDOWS\system32\kyhxwvbj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lgfmadsg.ini
C:\WINDOWS\system32\lgfmadsg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nhhwoulo.dll
C:\WINDOWS\system32\nhhwoulo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ntrexydh.ini
C:\WINDOWS\system32\ntrexydh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwhprtgu.dll
C:\WINDOWS\system32\nwhprtgu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\odokpuei.dll
C:\WINDOWS\system32\odokpuei.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ojhqahgc.dll
C:\WINDOWS\system32\ojhqahgc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.ini
C:\WINDOWS\system32\oluowhhn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.ini2
C:\WINDOWS\system32\oluowhhn.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.tmp
C:\WINDOWS\system32\oluowhhn.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\omravkmf.dll
C:\WINDOWS\system32\omravkmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onjshkje.dll
C:\WINDOWS\system32\onjshkje.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orawhnbk.dll
C:\WINDOWS\system32\orawhnbk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orvsatuc.dll
C:\WINDOWS\system32\orvsatuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ratihsmk.dll
C:\WINDOWS\system32\ratihsmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sqvdeswq.dll
C:\WINDOWS\system32\sqvdeswq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\srocdsjw.dll
C:\WINDOWS\system32\srocdsjw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tbtmokpj.dll
C:\WINDOWS\system32\tbtmokpj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tyethhfb.dll
C:\WINDOWS\system32\tyethhfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ulyaidmx.dll
C:\WINDOWS\system32\ulyaidmx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vmuhrnqc.dll
C:\WINDOWS\system32\vmuhrnqc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\whejtblt.dll
C:\WINDOWS\system32\whejtblt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wkdrmjmf.dll
C:\WINDOWS\system32\wkdrmjmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wobnvlry.dll
C:\WINDOWS\system32\wobnvlry.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xkqxhgwb.ini
C:\WINDOWS\system32\xkqxhgwb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ypomdylm.dll
C:\WINDOWS\system32\ypomdylm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 22:37:15 19-04-2007

Listing files found while scanning....

C:\WINDOWS\system32\ssqonon.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.bak2 Has been deleted!

Performing Repairs to the registry.
Done!
--------
Clean Navipromo version 1.1.5 commencé le Fri 04/20/2007 à 19:26:21.85

Fix lancé depuis C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\Navilog1_Il Mafioso
Mise a jour le 13.04.2007 a 20h00 by IL-MAFIOSO

Executé en mode sans echec

Mode suppression automatique avec prise en charge résultats Blacklight

*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox ...suppression...
C:\Program Files\InternetGameBox supprimé !

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\Anass\Application Data ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Anass\Local Settings\Temp effectué !

*** Sauvegarde du registre vers dossier Backupnavi***

sauvegarde du registre realise avec succes !

*** Nettoyage registre ***

Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche et Suppression Heuristique :

*
C:\WINDOWS\System32\gdnqxvsm.dat trouvé !
Copie C:\WINDOWS\system32\gdnqxvsm.dat realise avec succes !
C:\WINDOWS\system32\gdnqxvsm.dat supprimé !

**
***
****
C:\WINDOWS\System32\gdnqxvsm_navps.dat trouvé !
Copie C:\WINDOWS\system32\gdnqxvsm_navps.dat realise avec succes !
C:\WINDOWS\system32\gdnqxvsm_navps.dat supprimé !

*****
C:\WINDOWS\System32\gdnqxvsm_nav.dat trouvé !
Copie C:\WINDOWS\system32\gdnqxvsm_nav.dat realise avec succes !
C:\WINDOWS\system32\gdnqxvsm_nav.dat supprimé !

C:\WINDOWS\System32\nwkxtvljz_nav.dat trouvé !
Copie C:\WINDOWS\system32\nwkxtvljz_nav.dat realise avec succes !
C:\WINDOWS\system32\nwkxtvljz_nav.dat supprimé !

******
*******
********
C:\WINDOWS\System32\gdnqxvsm.exe trouvé !
Copie C:\WINDOWS\system32\gdnqxvsm.exe realise avec succes !
C:\WINDOWS\system32\gdnqxvsm.exe supprimé !

C:\WINDOWS\System32\gdtfnl.exe trouvé !
Copie C:\WINDOWS\system32\gdtfnl.exe realise avec succes !
C:\WINDOWS\system32\gdtfnl.exe supprimé !

*** Nettoyage termine le Fri 04/20/2007 à 19:27:21.04 ***

--------
Logfile of HijackThis v1.99.1
Scan saved at 19:34:45, on 20-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\domino.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VMSnap1.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\bxsvmerj.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-------
En ce qui concerne les programmes à supprimer dans Editeurs approuvés; j'aivais trouvé : electronic-group que j'ai suppr avant présente manip. et jusqu'à maintenant, ce prog n'a pas encore donné signe d'une quelconque présence :wahoo: . En outre, jusqu'à présent pas de popup, pas de pages pub... :wahoo: Cependant, je n'ai pas encore pu réinstallé mon imprimante Canon iP1200 et ce message d'erreur de chargement SISPower :heink: .
Bonne réception, et merci beaucoup

Répondre à Jazcasasoft

Tu connais AskPBar ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,
Non je ne le connais pas. Il parait qu'il s'agit d'un moteur de recherche que je n'ai jamais utilisé...si je ne me trompe pas.
Je crois qu'il a été téléchargé avec Download Accelerateur Plus (DAP) dont des fichiers que je n'utiliserai jamais car ils sont tous en anglais...C'était la manip d'un ami. Quoiqu'il télécharge aussi vite, je préfère le désinstaller. Il comprend (Malinfo for Outlook-speedBit Video Accelerator-Fle Shredder-DAP Games Center et My Completed Downloads).

Répondre à Jazcasasoft

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\bxsvmerj.dll (file missing)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll (file missing)
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN

Clique sur Fix checked (en bas à gauche)

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\WINDOWS\domino.exe
C:\WINDOWS\VMSnap1.exe
C:\WINDOWS\system32\vtliijgb.dll

---> Clique-droit puis Copier

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur MoveIt!

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,
Si je ne me trompe pas est-ce bien celui-ci?
------------
C:\WINDOWS\domino.exe moved successfully.
C:\WINDOWS\VMSnap1.exe moved successfully.
C:\WINDOWS\system32\vtliijgb.dll unregistered successfully.
C:\WINDOWS\system32\vtliijgb.dll moved successfully.

Created on 04-20-2007 21:21:42
------------

Répondre à Jazcasasoft

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,
j'ai oublié de vous annoncer qu'aucune invitation au démarrage m'a été demandée après la manip du OTMovIt.
-------
Logfile of HijackThis v1.99.1
Scan saved at 21:38:56, on 20-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------

Répondre à Jazcasasoft

Bonjour, Cher Angeldark,
:pfff: :??: En ce qui concerne les popup et les pages de pub, je crois jusqu'ici que c'est résolus . Cependant Spybot S&D détecte encore ce Diabolique Malware :fou: : Smitfraud-C.Toolbar888 et autres choses. Sans entrer dans les détails, je me suis permis de vous adresser pour toutes fins utiles -j'espère-, le rapport de Spybot S&D (veuillez le recevoir avec bon gré) :
-----

--- Search result list ---
Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\aldd

Winsoftware: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

Avenue A, Inc.: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

DoubleClick: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

Smitfraud-C.Toolbar888: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

BlueStreak: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

MediaPlex: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: setupapi.log (Sauver le fichier, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Ahead Nero Burning Rom: Compilation directory (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

MS Management Console: Recent command list (3 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: Last search folder (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SearchPath!=

MS Media Player: Last selected node (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=

MS Media Player: Anonymous ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS Direct3D: Most recent application (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Most recent application (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

MS DirectInput: Most recent application ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

MS Office 11.0: Last typed search text (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Common\Search\Last Query\LastSearchText

MS Office 11.0 (Word): Recent file list (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: Recent open key (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

MS Search Assistant: Typed search terms history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Search Assistant\ACMru

Windows.OpenWith: Open with list - .AVI extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BIN extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CSS extension (3 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

Windows Explorer: Recent wallpaper list (57 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Stream history (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history IE (15 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (48 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Recent file global history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Last Copy/MoveTo folder (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Media SDK: Computer name (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinZip: Number of times run (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Nico Mak Computing\WinZip\rrs\Opened!=

Cookie: Cookie (19) (Cookie, nothing done)

Cache: Cache (112) (Cache, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-03-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
/ Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0

--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
size: 57344
MD5: 57657b09d386137c7501367985b9741e

Located: HK_LM:Run, AGEIA PhysX SysTray
command: C:\Program Files\AGEIA Technologies\TrayIcon.exe
file: C:\Program Files\AGEIA Technologies\TrayIcon.exe
size: 339968
MD5: 9541b0241e8819ecc3b3e8c36dfa2af3

Located: HK_LM:Run, a-squared
command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 1164896
MD5: 996b405bf4a1c893836e13f4eec851d9

Located: HK_LM:Run, DownloadAccelerator
command: "C:\Program Files\DAP\DAP.EXE" /STARTUP
file: C:\Program Files\DAP\DAP.EXE
size: 3364616
MD5: 0ff7d32fe53a06520d825bec72ba19ee

Located: HK_LM:Run, SiSPower
command: Rundll32.exe SiSPower.dll,ModeAgent
file: C:\WINDOWS\system32\Rundll32.exe
size: 33792
MD5: f5402cd47b7389ddc21f92119a906eee

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: fbef9f9c97b6b93e2041e65d3cd81c9c

Located: HK_LM:Run, SpeedOptimizer
command: C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
file: C:\PROGRA~1\SPEEDO~1\SPO.EXE
size: 607232
MD5: 9e39286bd9af22d5991df64d58556f43

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919280
MD5: 3e1731c55f77d150791d4c7e87ad4e5c

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247b568c2e53934873f4b655fe6a

Located: HK_CU:Run, E06FDXRC_8323390
command: "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
file: E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
size: 301776
MD5: 7de00ec41f65b590753f0d15ec95b3f6

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: e616a6a6e91b0a86f2f6217cde835ffe

Located: HK_CU:Run, Skype (DISABLED)
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 25268776
MD5: 009239d4ca9029478c5e5088629fe991

Located: Démarrage (tous utilisateurs), DSLMON.lnk
command: C:\Program Files\Menara\dslmon.exe
file: C:\Program Files\Menara\dslmon.exe
size: 839680
MD5: 36a9acc51a3c72a3afc7a05959cf499e

Located: Démarrage (désactivé), DSLMON (DISABLED)
command: C:\PROGRA~1\Menara\dslmon.exe
file: C:\PROGRA~1\Menara\dslmon.exe
size: 839680
MD5: 36a9acc51a3c72a3afc7a05959cf499e

Located: Démarrage (désactivé), Outil de mise à jour Google.lnk (DISABLED)
command: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk.disabled
file:

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 02-03-2007 14:07:48
Date (last access): 20-04-2007 23:28:28
Date (last write): 26-10-2006 10:28:40
Filesize: 440384
Attributes: archive
MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
CRC32: 9ED93A02
Version: 2006.10.26.1

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\PROGRA~1\Skype\Phone\IEPlugin\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 02-03-2007 23:54:04
Date (last access): 20-04-2007 23:28:22
Date (last write): 23-03-2007 13:49:34
Filesize: 722472
Attributes: archive
MD5: 248E81013040C3821B349E753C50D505
CRC32: C11603E2
Version: 2.2.0.78

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 20-03-2007 9:32:02
Date (last access): 20-04-2007 23:19:30
Date (last write): 31-05-2005 1:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 07-07-2006 12:29:52
Date (last access): 20-04-2007 23:28:16
Date (last write): 07-07-2006 12:29:52
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll googletoolbar*.dll (* = number) googletoolbar_en_*.**-big.dll Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 05-03-2007 17:22:52
Date (last access): 20-04-2007 23:28:14
Date (last write): 05-03-2007 17:22:52
Filesize: 2436160
Attributes: readonly archive
MD5: 6D44E0C3B43D27484FBB355E470C4188
CRC32: 2DE875CD
Version: 4.0.1601.4978

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 10-10-2006 23:26:40
Date (last access): 20-04-2007 23:27:40
Date (last write): 10-10-2006 23:26:40
Filesize: 544032
Attributes: archive
MD5: D638AFC241FCC42D15886CD26A3F1461
CRC32: EC0AD183
Version: 3.1.0.72

{CC3F4F56-4E51-4B23-B177-BFA34D3608F9} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: vtliijgb.dll

{F4D76F01-7896-458a-890F-E1F05C46069F} (Ask Toolbar BHO)
BHO name: Ask Toolbar BHO
CLSID name: Ask Toolbar BHO
Path: C:\Program Files\AskPBar\bar\1.bin\
Long name: ASKPBAR.DLL__BHODemonDisabled

--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/p [...] tor/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 24-02-2007 20:57:36
Date (last access): 19-04-2007 22:29:38
Date (last write): 03-09-2006 23:10:30
Filesize: 54960
Attributes: archive
MD5: EB271B21EA6104B7C6946EF32D558C91
CRC32: CEC4E0C2
Version: 10.1.4.20

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 17-05-2006 11:23:38
Date (last access): 20-04-2007 19:33:14
Date (last write): 15-03-2007 18:19:28
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 1.7.18.5

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01)
DPF name: Java Runtime Environment 1.4.0_01
CLSID name: Java Plug-in 1.4.0_01
Installer:
Codebase: http://java.sun.com/products/plugi [...] 01-win.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.0\bin\
Long name: NPJPI140_01.dll
Short name: NPJPI1~1.DLL
Date (created): 10-03-2007 0:59:20
Date (last access): 20-04-2007 0:56:06
Date (last write): 06-06-2002 9:14:00
Filesize: 86122
Attributes: archive
MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
CRC32: F63AEFBB
Version: 1.4.0.10

{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01)
DPF name: Java Runtime Environment 1.4.0_01
CLSID name: Java Plug-in 1.4.0_01
Installer:
Codebase: http://java.sun.com/products/plugi [...] 01-win.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.0\bin\
Long name: NPJPI140_01.dll
Short name: NPJPI1~1.DLL
Date (created): 10-03-2007 0:59:20
Date (last access): 20-04-2007 23:30:02
Date (last write): 06-06-2002 9:14:00
Filesize: 86122
Attributes: archive
MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
CRC32: F63AEFBB
Version: 1.4.0.10

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/j [...] s-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 13-04-2005 3:48:56
Date (last access): 20-04-2007 0:56:06
Date (last write): 13-04-2005 4:06:32
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

--- Process list ---
PID: 0 ( 0) [System]
PID: 612 ( 4) \SystemRoot\System32\smss.exe
PID: 676 ( 612) \??\C:\WINDOWS\system32\csrss.exe
PID: 708 ( 612) \??\C:\WINDOWS\system32\winlogon.exe
PID: 752 ( 708) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 764 ( 708) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 944 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1000 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1040 ( 752) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1096 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1124 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1136 ( 752) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75568
MD5: DE71661665A86A2305918E8B91ACEDB9
PID: 1420 ( 752) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 16512
MD5: A33FFB17AD6F652F0D9E871E1BB6CACF
PID: 1472 ( 752) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 132736
MD5: F1B7C5708C107FF3A1403F0A2BB6A9B6
PID: 1704 ( 752) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: B4EF928E4FAD79364A80ACBA6D999934
PID: 1772 ( 752) C:\Program Files\a-squared Anti-Malware\a2service.exe
size: 425544
MD5: B0FCB32E0828C50227D61E8C605DCC62
PID: 1800 ( 752) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 1812 ( 752) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: D66259C3BCEFC9CAEB481ED52A4EAC74
PID: 1868 ( 752) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 136952
MD5: 481AC8EFA93C95AB1FD7A18F23C1CB1A
PID: 2040 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 172 ( 752) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
size: 132992
MD5: CC37FF4CFDF5654EEA2740B4CE3153A5
PID: 640 ( 752) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 243328
MD5: 475400AF658115C38736689A9A1D54CD
PID: 916 ( 752) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 345728
MD5: 1D6A09A19C18C2713E649C223B5AD76A
PID: 1948 ( 752) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 2428 (1040) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 54CDDAD404557ED98433D6ECBFC92691
PID: 2756 ( 708) C:\WINDOWS\system32\WgaTray.exe
size: 337280
MD5: 688DC41BE9A6196491469365549C7DD1
PID: 2856 (2720) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
PID: 3140 (2856) C:\Program Files\AGEIA Technologies\TrayIcon.exe
size: 339968
MD5: 9541B0241E8819ECC3B3E8C36DFA2AF3
PID: 3172 (2856) C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
size: 57344
MD5: 57657B09D386137C7501367985B9741E
PID: 3212 (2856) C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 1164896
MD5: 996B405BF4A1C893836E13F4EEC851D9
PID: 3424 (2856) C:\Program Files\DAP\DAP.EXE
size: 3364616
MD5: 0FF7D32FE53A06520D825BEC72BA19EE
PID: 3528 (2856) C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: FBEF9F9C97B6B93E2041E65D3CD81C9C
PID: 3576 (2856) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919280
MD5: 3E1731C55F77D150791D4C7E87AD4E5C
PID: 3684 (2856) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3708 (2856) E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
size: 301776
MD5: 7DE00EC41F65B590753F0D15EC95B3F6
PID: 3724 (2856) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
PID: 3752 (2856) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 3956 (2856) C:\Program Files\Menara\dslmon.exe
size: 839680
MD5: 36A9ACC51A3C72A3AFC7A05959CF499E
PID: 4056 ( 172) C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
size: 1378168
MD5: 841E48B4087FBDD47F70EA077E86ABE7
PID: 3076 (2856) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 20-04-2007 23:30:02

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/red [...] r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/red [...] r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

--- Uninstall list ---
a-squared Anti-Malware 2.1 2.1 (a-squared Anti-Malware_is1)
install date: 20070411
install location: C:\Program Files\a-squared Anti-Malware\
uninstall cmd: "C:\Program Files\a-squared Anti-Malware\unins000.exe"
publisher: Emsi Software GmbH
comments: a-squared
help link: http://forum.emsisoft.com

(AddressBook)

Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/fr/support/shockwave

Ask Toolbar (AskPBar Uninstall)
uninstall cmd: rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
publisher: Ask.com
help link: http://help.mysearch.com/searchbar.html

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: http://www.avast.com

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(bfgtoolbar)

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "E:\Program Files\CCleaner\uninst.exe"

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

MicroBest Cracklock 3.8.4 3.8.4 (Cracklock_is1)
uninstall cmd: E:\Cracklock\unins000.exe
publisher: William BLUM
help link: http://www.cracklock.net/

(DirectAnimation)

(DirectDrawEx)

Download Accelerator Plus (DAP) 8156 (Build 228) (Download Accelerator Plus (DAP))
uninstall cmd: C:\PROGRA~1\DAP\DAPREMOVE.EXE
publisher: Speedbit Ltd.
contact: support@downloadaccelerator.com
help link: http://redir.speedbit.com/redir.asp?ID=7066

(DXM_Runtime)

Easy-WebPrint (easy-webprint)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

EVEREST Ultimate Edition v4.00 4.00 (EVEREST Ultimate Edition_is1)
install location: C:\Program Files\Lavalys\EVEREST Ultimate Edition\
uninstall cmd: "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
publisher: Lavalys, Inc.
help link: http://www.lavalys.com

(Fontcore)

Outil de mise à jour Google 2.1.810.31257 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link: http://pack.google.com:80/pack-support?hl=fr&gl=fr

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis Version Française (Hijackthis Version Française_is1)
install location: C:\Program Files\Hijackthis Version Française\
uninstall cmd: "C:\Program Files\Hijackthis Version Française\unins000.exe"
publisher: Pc-Help-Bordeaux
help link: http://pchelpbordeaux.free.fr

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

IsoBuster 2.0 2.0 (IsoBuster_is1)
install date: 20070227
install location: C:\Program Files\Smart Projects\IsoBuster\
uninstall cmd: "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
publisher: Smart Projects
help link: http://www.isobuster.com/

Jargon Informatique (Jargon Informatique)
uninstall cmd: C:\Program Files\Jargon Informatique\uninstall.exe

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB891122)

(KB893240)

(KB893241)

(KB893803)

(KB895181)

(KB895316)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB911854)

Security Update pour Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update pour Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Language pack for Ad-Aware SE (Language pack for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Lavasoft VX2 Cleaner (Lavasoft VX2 Cleaner)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG

L&H TTS3000 Français (LHTTSFRF)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

4.9.1.8211 (MailFrontier Desktop)
publisher: MailFrontier

Mailinfo for Outlook (Mailinfo for Outlook)
uninstall cmd: C:\PROGRA~1\Mailinfo\MAILIN~1\UNWISE.EXE C:\PROGRA~1\Mailinfo\MAILIN~1\INSTALL.LOG
publisher: Mailinfo
help link: http://www.mailinfo.com/

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

Microsoft .NET Framework 3.0 (Microsoft .NET Framework 3.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=51019

(MobileOptionPack)

Mozilla Firefox (2.0.0.3) 2.0.0.3 (fr) (Mozilla Firefox (2.0.0.3))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

MpcStar 1.6 1.6 (MpcStar)
uninstall cmd: C:\Program Files\MpcStar\uninst.exe
publisher: www.mpcstar.com

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

NASA World Wind 1.3 (NASA World Wind 1.3)
uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.3.exe"

NASA World Wind 1.4 (NASA World Wind 1.4)
uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"

Nero 6 Ultra Edition (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Recuva (remove only) (Recuva)
uninstall cmd: "C:\Program Files\Recuva\uninst.exe"

(SchedulingAgent)

Shareaza version 2.2.5.0 2.2.5.0 (Shareaza_is1)
install date: 20070411
install location: C:\Program Files\Shareaza\
uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support

(Shockwave)

Adobe Flash Player 9 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems Inc.
help link: http://www.adobe.com/go/flashplayer_support/

SiS Mirage Graphics (SiS VGA Driver)
uninstall cmd: Rundll32 SiSInst.dll,Uninstall VGA,R,oem0.inf

Skype 3.1 3.1 (Skype_is1)
install location: C:\Program Files\Skype\Phone\
uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/3.1.0.150/en/help

SpeedBit Video Accelerator 1187(build_232) (SpeedBit Video Accelerator)
install location: C:\Program Files\SpeedBit Video Accelerator
uninstall cmd: C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
publisher: SpeedBit Ltd.
contact: support@videoaccelerator.com
help link: http://www.speedbit.com/Video_Accelerator/about/

SpeedOptimizer (SpeedOptimizer)
uninstall cmd: C:\PROGRA~1\SPEEDO~1\UNWISE.EXE C:\PROGRA~1\SPEEDO~1\INSTALL.LOG

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Skype add-on for IE (ToolBand.SkypeIEToolbarToolbar)
install location: C:\Program Files\Skype\Phone\IEPlugin
uninstall cmd: rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0

Viewpoint Media Player (Remove Only) (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

VideoLAN VLC media player 0.8.6a 0.8.6a (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Winamp3 (remove only) (Winamp3)
uninstall cmd: C:\Program Files\Winamp3\uninst-wa3.EXE

Windows Live Toolbar 03.01.0072 (Windows Live Toolbar)
uninstall cmd: "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45BB90BA-A939-489F-B13F-F97E760A7895}
publisher: Microsoft Corporation

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip 9.0 BETA (5480) (WinZip)
version (major): 9
install location: C:\WINZIP\
uninstall cmd: "C:\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

WinZip Self-Extractor (WinZip Self-Extractor)
uninstall cmd: "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall

(wmfdist11)

XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
install date: 20070305
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=test

Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

ZoneAlarm 7.0.337.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

Collection Microsoft Encarta 2006 2006 ({06180000-3E21-46D6-9A91-D927BA08F41D})
version (major): 2006
estimated size: 2517136
install date: 20070321
install location: E:\Program Files\Collection Microsoft Encarta 2006\ENCARTA.EXE
install source: D:\
uninstall cmd: MsiExec.exe /I{06180000-3E21-46D6-9A91-D927BA08F41D}
publisher: Microsoft Corporation
help link: http://support.microsoft.com

HP USB Disk Storage Format Tool ({0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9

SuperUtility 2.69 ({10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30})
version: 38076416
install location: C:\Program Files\SuperUtility
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30}\setup.exe" -l0x9

Microsoft .NET Framework 3.0 3.0.04506.30 ({15095BF3-A3D7-4DDF-B193-3A496881E003})
version: 50336154
version (major): 3
estimated size: 16102
install date: 20070305
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
install source: e:\a48d502f9b3018b3bb820f2f9b\
uninstall cmd: MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
publisher: Microsoft Corporation

Windows Live Sign-in Assistant 4.000.249.1 ({22B3CC30-77B8-419C-AA4B-F571FDF5D66D})
version: 67109113
version (major): 4
estimated size: 1112
install date: 20070227
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
publisher: Microsoft Corporation

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

2.1.20060719 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20060719
version (major): 2
version (minor): 1

J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 154337
install date: 20070302
install source: C:\Documents and Settings\Anass\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150030}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_03\README.txt

WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20070217
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Menus intelligents (Windows Live Toolbar) 03.01.0072 ({3585ED1C-74C5-43B0-A232-831B96A12A2B})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 651
install date: 20070301
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
publisher: Microsoft Corporation

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20070227
install source: e:\9afe1d844e7c86cdb0dd8e\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

Skype Plugin Manager 1.1.241 ({3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03})
version: 16842993
version (major): 1
version (minor): 1
estimated size: 8542
install date: 20070402
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\is-D8JRV.tmp\
uninstall cmd: MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
publisher: Skype Limited

Google Earth 4.0.2740 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 67111604
install date: 20070314
install location: C:\Program Files\Google\Google Earth
install source: C:\Documents and Settings\All Users\Application Data\Google Updater\cache\installers_ci_earth_fr_4.0.2740.0_setup_2007.02.21_14.46.09.exe
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
publisher: Google

USB PC Camera 1.00.000 ({41E496B5-47F4-11D6-9BBB-00E0987BB2CD})
version: 16777216
install location: C:\Program Files\HCDZ-C\USB PC Camera
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9

Windows Live Toolbar 03.01.0072 ({45BB90BA-A939-489F-B13F-F97E760A7895})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 5146
install date: 20070301
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{45BB90BA-A939-489F-B13F-F97E760A7895}
publisher: Microsoft Corporation

Windows Communication Foundation 3.0.04506.30 ({491DD792-AD81-429C-9EB4-86DD3D22E333})
version: 50336154
version (major): 3
estimated size: 90556
install date: 20070305
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP0392F.tmp\wcu\wcf\
uninstall cmd: MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
publisher: Microsoft Corporation

Adobe® Photoshop® Album Edition Découverte 3.0 3.00.000 ({4BDFD2CE-6329-42E4-9801-9B3D1F10D79B})
version: 50331648
version (major): 3
estimated size: 18369
install date: 20070226
install location: C:\Program Files\Adobe\Photoshop Album Edition Découverte\
install source: C:\WINDOWS\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\
uninstall cmd: MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\LisezMoi.txt

O&O DiskRecovery 4.1.1334 ({53480880-18E0-4097-A460-F22DD3AC6D70})
version: 67175734
version (major): 4
version (minor): 1
estimated size: 15596
install date: 20070331
install location: E:\Program Files\
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\O&O DiskRecovery\
uninstall cmd: MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
publisher: O&O Software GmbH
comments: It could still be there, even when it's gone
contact: Support technique
help link: www.oo-software.com/fr
help telephone: +49 (30) 4303 4300
readme: E:\Program Files\Readme.txt

({582876EC-A178-44D4-9823-C10D6C62EAFF})
uninstall cmd: MsiExec /X{8E3395D1-104C-4625-8419-CA6D197179F2}

MSXML 6.0 Parser (KB927977) 6.00.3890.0 ({5A710547-B58E-488B-828D-CA9A25A0533C})
version: 100667186
version (major): 6
estimated size: 1332
install date: 20070306
install source: e:\07768b271fb383295ec2d489a7749af4\
uninstall cmd: MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927977

({5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB})
install location: C:\Program Files\Disc2Phone\

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 337360
install date: 20070305
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 3045
install date: 20070302
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com

enhanced keyboard driver ({79C25975-740E-436E-9327-C164831ADCE7})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79C25975-740E-436E-9327-C164831ADCE7}\setup.exe"

1.0.4.0 ({7B4AB13C-1A5C-4BC5-ABA6-762F8198444C})
version: 16777220
version (major): 1
estimated size: 424
install date: 20070303
install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
publisher: AGEIA Technologies, Inc.
comments: PhysX Processor 32bit Driver v1.0.4.0
help link: www.AGEIA.com

Java 2 Runtime Environment, SE v1.4.0_01 ({7CF31609-270B-11D6-9445-000102308676})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext

Windows Workflow Foundation 3.0.4203.2 ({7D1B85BD-AA07-48B8-808D-67A4067FC6BD})
version: 50335851
version (major): 3
estimated size: 18672
install date: 20070305
install location: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wf\
uninstall cmd: MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
publisher: Microsoft Corporation

AGEIA PhysX v6.11.01 6.11.01 ({8E3395D1-104C-4625-8419-CA6D197179F2})
version: 101384193
version (major): 6
version (minor): 11
estimated size: 40448
install date: 20070303
install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{8E3395D1-104C-4625-8419-CA6D197179F2}
publisher: AGEIA Technologies, Inc.
comments: PhysX Driver & Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1; 2.6.0/1/2
help link: www.AGEIA.com

Microsoft Office Professional Edition 2003 11.0.7969.0 ({9011040C-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 601579
install date: 20070411
install source: C:\MSOCache\All Users\9000040c-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1036\OFREADME.HTM

Microsoft .NET Framework 1.1 French Language Pack 1.1.4322 ({9A394342-4A68-4EBA-85A6-55B559F4E700})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 3138
install date: 20070321
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1036\RepairRedist.htm

Kit de Connexion MENARA ({AB25E068-C7A2-482F-A3BC-588A5869844D})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel

Adobe Reader 8 - Français 8.0.0 ({AC76BA86-7AD7-1036-7B44-A80000000002})
version: 134217728
version (major): 8
estimated size: 136274
install date: 20070226
install location: C:\Program Files\Adobe\Reader 8.0\Reader\
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\Adobe Reader 8.0\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
publisher: Adobe Systems Incorporated
comments:
contact: Support clientèle
help link: http://www.adobe.fr/support/main.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

Micro Application - 36 Dictionnaires et Recueils de Correspondance 1.0.0.0 ({B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0})
version: 16777216
install location: C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\setup.exe" -l0x40c -uninst

DVD Solution ({B97CF5C3-0487-11D8-A36E-0050BAE317E1})
uninstall cmd: "C:\Program Files\Uninstall_CDS.exe"

Windows Presentation Foundation 3.0.6920.0 ({BAF78226-3200-4DB4-BE33-4D922A799840})
version: 50338568
version (major): 3
estimated size: 117878
install date: 20070305
install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wpf\
uninstall cmd: MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
publisher: Microsoft Corporation

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60197
install date: 20070227
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\7zS2E7.tmp\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
version: 67108864
version (major): 4
estimated size: 1096
install date: 20070305
install source: C:\Program Files\Google\Installers\
uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
publisher: Google Inc.

3.56 ({E06E4F4E-72D6-4497-BFFD-BCB43077C2F4})
version: 54001664
install location: C:\Program Files\SiS VGA Utilities V3.56
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe

Répondre à Jazcasasoft

Que des cookies apparemment.

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bonjour,
Ce matin, j'ai fait un scan avec Avast et a détecté comme toujours un cheval de troie: Win32:VBStat-C[Trj]

C:\QooBox\Quaratine\C\Windows\...\bcnlpwpd.dll.vir
C:\SystemVolumeInformation\...\A0001364.dll
C:\SystemVolumeInformation\...\A0001840.dll

---------Ra

Répondre à Jazcasasoft

Bonjour,
Message non achevé a été envoyé par erreur. Toute mes excuses. Voilà mon compte rendu de ce jour:
Ce matin, j'ai fait un scan avec Avast et a détecté comme toujours un cheval de troie: Win32:VBStat-C[Trj]

C:\QooBox\Quaratine\C\Windows\...\bcnlpwpd.dll.vir
C:\SystemVolumeInformation\...\A0001364.dll
C:\SystemVolumeInformation\...\A0001840.dll

---------Rapport de Malekal---------
Sat 04/21/2007 a 12:08:45.78

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
---------------

Répondre à Jazcasasoft

Supprime ce dossier :
C:\QooBox\

Redémarre en mode sans échec

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

Redémarre normalement

Poste le rapport clean : C:\rapport_clean.txt

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici mon C.R:
"SISPower.dll...accès refusé" tjrs s'affiche au démarrage.
------
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec Sat 04/21/2007 a 13:17:14.53

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll"
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
---------

Répondre à Jazcasasoft

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Logfile of HijackThis v1.99.1
Scan saved at 13:39:35, on 21-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (disabled by BHODemon)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-----------
Bonne réception

Répondre à Jazcasasoft

Ton pc se comporte mieux ?

Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je crois que oui. Pas de pub. à part:

"Smitfraud-C.Tollbar888"
mon imprimante. Je ne peux plus la réinstaller.
Erreur de chargement: SIS Power.dll qui persiste encore.

Cependant le scan avec Kaspersky n'a pas marché ni via Internet Explorer ni via MozillaFirefox.
"iexplore.exe a rencontré un problème et doit fermer.Nous vous prions de nous excuser pour le désagrément encouru"
Que dois-je faire? :ouch:

Veuillez m'excuser si j'ai trop demandé. Dites moi si ou quand je dois arrêter. Vraiment, votre soutien m' beaucoup réconforté. Mille merci.

Répondre à Jazcasasoft

Quel est l'emplacement de Smitfraud ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

N'avez-vous pas vu le rapport de Spybot Search & Destroy que je vous ai posté? Je le reposte:
----
--- Search result list ---
Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\aldd

Winsoftware: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

Avenue A, Inc.: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

DoubleClick: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

Smitfraud-C.Toolbar888: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

BlueStreak: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

MediaPlex: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)

Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: setupapi.log (Sauver le fichier, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Ahead Nero Burning Rom: Compilation directory (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

MS Management Console: Recent command list (3 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: Last search folder (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SearchPath!=

MS Media Player: Last selected node (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=

MS Media Player: Anonymous ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS Direct3D: Most recent application (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Most recent application (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

MS DirectInput: Most recent application ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

MS Office 11.0: Last typed search text (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Common\Search\Last Query\LastSearchText

MS Office 11.0 (Word): Recent file list (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: Recent open key (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

MS Search Assistant: Typed search terms history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Search Assistant\ACMru

Windows.OpenWith: Open with list - .AVI extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BIN extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CSS extension (3 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

Windows Explorer: Recent wallpaper list (57 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Stream history (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history IE (15 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (48 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Recent file global history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Last Copy/MoveTo folder (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Media SDK: Computer name (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinZip: Number of times run (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Nico Mak Computing\WinZip\rrs\Opened!=

Cookie: Cookie (19) (Cookie, nothing done)

Cache: Cache (112) (Cache, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-03-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
/ Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0

--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
size: 57344
MD5: 57657b09d386137c7501367985b9741e

Located: HK_LM:Run, AGEIA PhysX SysTray
command: C:\Program Files\AGEIA Technologies\TrayIcon.exe
file: C:\Program Files\AGEIA Technologies\TrayIcon.exe
size: 339968
MD5: 9541b0241e8819ecc3b3e8c36dfa2af3

Located: HK_LM:Run, a-squared
command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 1164896
MD5: 996b405bf4a1c893836e13f4eec851d9

Located: HK_LM:Run, DownloadAccelerator
command: "C:\Program Files\DAP\DAP.EXE" /STARTUP
file: C:\Program Files\DAP\DAP.EXE
size: 3364616
MD5: 0ff7d32fe53a06520d825bec72ba19ee

Located: HK_LM:Run, SiSPower
command: Rundll32.exe SiSPower.dll,ModeAgent
file: C:\WINDOWS\system32\Rundll32.exe
size: 33792
MD5: f5402cd47b7389ddc21f92119a906eee

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: fbef9f9c97b6b93e2041e65d3cd81c9c

Located: HK_LM:Run, SpeedOptimizer
command: C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
file: C:\PROGRA~1\SPEEDO~1\SPO.EXE
size: 607232
MD5: 9e39286bd9af22d5991df64d58556f43

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919280
MD5: 3e1731c55f77d150791d4c7e87ad4e5c

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247b568c2e53934873f4b655fe6a

Located: HK_CU:Run, E06FDXRC_8323390
command: "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
file: E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
size: 301776
MD5: 7de00ec41f65b590753f0d15ec95b3f6

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: e616a6a6e91b0a86f2f6217cde835ffe

Located: HK_CU:Run, Skype (DISABLED)
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 25268776
MD5: 009239d4ca9029478c5e5088629fe991

Located: Démarrage (tous utilisateurs), DSLMON.lnk
command: C:\Program Files\Menara\dslmon.exe
file: C:\Program Files\Menara\dslmon.exe
size: 839680
MD5: 36a9acc51a3c72a3afc7a05959cf499e

Located: Démarrage (désactivé), DSLMON (DISABLED)
command: C:\PROGRA~1\Menara\dslmon.exe
file: C:\PROGRA~1\Menara\dslmon.exe
size: 839680
MD5: 36a9acc51a3c72a3afc7a05959cf499e

Located: Démarrage (désactivé), Outil de mise à jour Google.lnk (DISABLED)
command: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk.disabled
file:

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 02-03-2007 14:07:48
Date (last access): 20-04-2007 23:28:28
Date (last write): 26-10-2006 10:28:40
Filesize: 440384
Attributes: archive
MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
CRC32: 9ED93A02
Version: 2006.10.26.1

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\PROGRA~1\Skype\Phone\IEPlugin\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 02-03-2007 23:54:04
Date (last access): 20-04-2007 23:28:22
Date (last write): 23-03-2007 13:49:34
Filesize: 722472
Attributes: archive
MD5: 248E81013040C3821B349E753C50D505
CRC32: C11603E2
Version: 2.2.0.78

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 20-03-2007 9:32:02
Date (last access): 20-04-2007 23:19:30
Date (last write): 31-05-2005 1:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 07-07-2006 12:29:52
Date (last access): 20-04-2007 23:28:16
Date (last write): 07-07-2006 12:29:52
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll googletoolbar*.dll (* = number) googletoolbar_en_*.**-big.dll Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 05-03-2007 17:22:52
Date (last access): 20-04-2007 23:28:14
Date (last write): 05-03-2007 17:22:52
Filesize: 2436160
Attributes: readonly archive
MD5: 6D44E0C3B43D27484FBB355E470C4188
CRC32: 2DE875CD
Version: 4.0.1601.4978

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 10-10-2006 23:26:40
Date (last access): 20-04-2007 23:27:40
Date (last write): 10-10-2006 23:26:40
Filesize: 544032
Attributes: archive
MD5: D638AFC241FCC42D15886CD26A3F1461
CRC32: EC0AD183
Version: 3.1.0.72

{CC3F4F56-4E51-4B23-B177-BFA34D3608F9} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: vtliijgb.dll

{F4D76F01-7896-458a-890F-E1F05C46069F} (Ask Toolbar BHO)
BHO name: Ask Toolbar BHO
CLSID name: Ask Toolbar BHO
Path: C:\Program Files\AskPBar\bar\1.bin\
Long name: ASKPBAR.DLL__BHODemonDisabled

--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/p [...] tor/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 24-02-2007 20:57:36
Date (last access): 19-04-2007 22:29:38
Date (last write): 03-09-2006 23:10:30
Filesize: 54960
Attributes: archive
MD5: EB271B21EA6104B7C6946EF32D558C91
CRC32: CEC4E0C2
Version: 10.1.4.20

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 17-05-2006 11:23:38
Date (last access): 20-04-2007 19:33:14
Date (last write): 15-03-2007 18:19:28
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 1.7.18.5

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01)
DPF name: Java Runtime Environment 1.4.0_01
CLSID name: Java Plug-in 1.4.0_01
Installer:
Codebase: http://java.sun.com/products/plugi [...] 01-win.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.0\bin\
Long name: NPJPI140_01.dll
Short name: NPJPI1~1.DLL
Date (created): 10-03-2007 0:59:20
Date (last access): 20-04-2007 0:56:06
Date (last write): 06-06-2002 9:14:00
Filesize: 86122
Attributes: archive
MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
CRC32: F63AEFBB
Version: 1.4.0.10

{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01)
DPF name: Java Runtime Environment 1.4.0_01
CLSID name: Java Plug-in 1.4.0_01
Installer:
Codebase: http://java.sun.com/products/plugi [...] 01-win.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.0\bin\
Long name: NPJPI140_01.dll
Short name: NPJPI1~1.DLL
Date (created): 10-03-2007 0:59:20
Date (last access): 20-04-2007 23:30:02
Date (last write): 06-06-2002 9:14:00
Filesize: 86122
Attributes: archive
MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
CRC32: F63AEFBB
Version: 1.4.0.10

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/j [...] s-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 13-04-2005 3:48:56
Date (last access): 20-04-2007 0:56:06
Date (last write): 13-04-2005 4:06:32
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

--- Process list ---
PID: 0 ( 0) [System]
PID: 612 ( 4) \SystemRoot\System32\smss.exe
PID: 676 ( 612) \??\C:\WINDOWS\system32\csrss.exe
PID: 708 ( 612) \??\C:\WINDOWS\system32\winlogon.exe
PID: 752 ( 708) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 764 ( 708) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 944 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1000 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1040 ( 752) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1096 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1124 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1136 ( 752) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75568
MD5: DE71661665A86A2305918E8B91ACEDB9
PID: 1420 ( 752) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 16512
MD5: A33FFB17AD6F652F0D9E871E1BB6CACF
PID: 1472 ( 752) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 132736
MD5: F1B7C5708C107FF3A1403F0A2BB6A9B6
PID: 1704 ( 752) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: B4EF928E4FAD79364A80ACBA6D999934
PID: 1772 ( 752) C:\Program Files\a-squared Anti-Malware\a2service.exe
size: 425544
MD5: B0FCB32E0828C50227D61E8C605DCC62
PID: 1800 ( 752) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 1812 ( 752) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: D66259C3BCEFC9CAEB481ED52A4EAC74
PID: 1868 ( 752) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 136952
MD5: 481AC8EFA93C95AB1FD7A18F23C1CB1A
PID: 2040 ( 752) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 172 ( 752) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
size: 132992
MD5: CC37FF4CFDF5654EEA2740B4CE3153A5
PID: 640 ( 752) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 243328
MD5: 475400AF658115C38736689A9A1D54CD
PID: 916 ( 752) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 345728
MD5: 1D6A09A19C18C2713E649C223B5AD76A
PID: 1948 ( 752) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 2428 (1040) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 54CDDAD404557ED98433D6ECBFC92691
PID: 2756 ( 708) C:\WINDOWS\system32\WgaTray.exe
size: 337280
MD5: 688DC41BE9A6196491469365549C7DD1
PID: 2856 (2720) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
PID: 3140 (2856) C:\Program Files\AGEIA Technologies\TrayIcon.exe
size: 339968
MD5: 9541B0241E8819ECC3B3E8C36DFA2AF3
PID: 3172 (2856) C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
size: 57344
MD5: 57657B09D386137C7501367985B9741E
PID: 3212 (2856) C:\Program Files\a-squared Anti-Malware\a2guard.exe
size: 1164896
MD5: 996B405BF4A1C893836E13F4EEC851D9
PID: 3424 (2856) C:\Program Files\DAP\DAP.EXE
size: 3364616
MD5: 0FF7D32FE53A06520D825BEC72BA19EE
PID: 3528 (2856) C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: FBEF9F9C97B6B93E2041E65D3CD81C9C
PID: 3576 (2856) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919280
MD5: 3E1731C55F77D150791D4C7E87AD4E5C
PID: 3684 (2856) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3708 (2856) E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
size: 301776
MD5: 7DE00EC41F65B590753F0D15EC95B3F6
PID: 3724 (2856) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
PID: 3752 (2856) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 3956 (2856) C:\Program Files\Menara\dslmon.exe
size: 839680
MD5: 36A9ACC51A3C72A3AFC7A05959CF499E
PID: 4056 ( 172) C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
size: 1378168
MD5: 841E48B4087FBDD47F70EA077E86ABE7
PID: 3076 (2856) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 20-04-2007 23:30:02

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/red [...] r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/red [...] r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

*

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

*

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

*

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

--- Uninstall list ---
a-squared Anti-Malware 2.1 2.1 (a-squared Anti-Malware_is1)
install date: 20070411
install location: C:\Program Files\a-squared Anti-Malware\
uninstall cmd: "C:\Program Files\a-squared Anti-Malware\unins000.exe"
publisher: Emsi Software GmbH
comments: a-squared
help link: http://forum.emsisoft.com

(AddressBook)

Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/fr/support/shockwave

Ask Toolbar (AskPBar Uninstall)
uninstall cmd: rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
publisher: Ask.com
help link: http://help.mysearch.com/searchbar.html

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: http://www.avast.com

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(bfgtoolbar)

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "E:\Program Files\CCleaner\uninst.exe"

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

MicroBest Cracklock 3.8.4 3.8.4 (Cracklock_is1)
uninstall cmd: E:\Cracklock\unins000.exe
publisher: William BLUM
help link: http://www.cracklock.net/

(DirectAnimation)

(DirectDrawEx)

Download Accelerator Plus (DAP) 8156 (Build 228) (Download Accelerator Plus (DAP))
uninstall cmd: C:\PROGRA~1\DAP\DAPREMOVE.EXE
publisher: Speedbit Ltd.
contact: support@downloadaccelerator.com
help link: http://redir.speedbit.com/redir.asp?ID=7066

(DXM_Runtime)

Easy-WebPrint (easy-webprint)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

EVEREST Ultimate Edition v4.00 4.00 (EVEREST Ultimate Edition_is1)
install location: C:\Program Files\Lavalys\EVEREST Ultimate Edition\
uninstall cmd: "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
publisher: Lavalys, Inc.
help link: http://www.lavalys.com

(Fontcore)

Outil de mise à jour Google 2.1.810.31257 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link: http://pack.google.com:80/pack-support?hl=fr&gl=fr

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis Version Française (Hijackthis Version Française_is1)
install location: C:\Program Files\Hijackthis Version Française\
uninstall cmd: "C:\Program Files\Hijackthis Version Française\unins000.exe"
publisher: Pc-Help-Bordeaux
help link: http://pchelpbordeaux.free.fr

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

IsoBuster 2.0 2.0 (IsoBuster_is1)
install date: 20070227
install location: C:\Program Files\Smart Projects\IsoBuster\
uninstall cmd: "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
publisher: Smart Projects
help link: http://www.isobuster.com/

Jargon Informatique (Jargon Informatique)
uninstall cmd: C:\Program Files\Jargon Informatique\uninstall.exe

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB891122)

(KB893240)

(KB893241)

(KB893803)

(KB895181)

(KB895316)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB911854)

Security Update pour Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update pour Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Language pack for Ad-Aware SE (Language pack for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Lavasoft VX2 Cleaner (Lavasoft VX2 Cleaner)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG

L&H TTS3000 Français (LHTTSFRF)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

4.9.1.8211 (MailFrontier Desktop)
publisher: MailFrontier

Mailinfo for Outlook (Mailinfo for Outlook)
uninstall cmd: C:\PROGRA~1\Mailinfo\MAILIN~1\UNWISE.EXE C:\PROGRA~1\Mailinfo\MAILIN~1\INSTALL.LOG
publisher: Mailinfo
help link: http://www.mailinfo.com/

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

Microsoft .NET Framework 3.0 (Microsoft .NET Framework 3.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=51019

(MobileOptionPack)

Mozilla Firefox (2.0.0.3) 2.0.0.3 (fr) (Mozilla Firefox (2.0.0.3))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

MpcStar 1.6 1.6 (MpcStar)
uninstall cmd: C:\Program Files\MpcStar\uninst.exe
publisher: www.mpcstar.com

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

NASA World Wind 1.3 (NASA World Wind 1.3)
uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.3.exe"

NASA World Wind 1.4 (NASA World Wind 1.4)
uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"

Nero 6 Ultra Edition (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Recuva (remove only) (Recuva)
uninstall cmd: "C:\Program Files\Recuva\uninst.exe"

(SchedulingAgent)

Shareaza version 2.2.5.0 2.2.5.0 (Shareaza_is1)
install date: 20070411
install location: C:\Program Files\Shareaza\
uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support

(Shockwave)

Adobe Flash Player 9 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems Inc.
help link: http://www.adobe.com/go/flashplayer_support/

SiS Mirage Graphics (SiS VGA Driver)
uninstall cmd: Rundll32 SiSInst.dll,Uninstall VGA,R,oem0.inf

Skype 3.1 3.1 (Skype_is1)
install location: C:\Program Files\Skype\Phone\
uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/3.1.0.150/en/help

SpeedBit Video Accelerator 1187(build_232) (SpeedBit Video Accelerator)
install location: C:\Program Files\SpeedBit Video Accelerator
uninstall cmd: C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
publisher: SpeedBit Ltd.
contact: support@videoaccelerator.com
help link: http://www.speedbit.com/Video_Accelerator/about/

SpeedOptimizer (SpeedOptimizer)
uninstall cmd: C:\PROGRA~1\SPEEDO~1\UNWISE.EXE C:\PROGRA~1\SPEEDO~1\INSTALL.LOG

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Skype add-on for IE (ToolBand.SkypeIEToolbarToolbar)
install location: C:\Program Files\Skype\Phone\IEPlugin
uninstall cmd: rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0

Viewpoint Media Player (Remove Only) (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

VideoLAN VLC media player 0.8.6a 0.8.6a (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Winamp3 (remove only) (Winamp3)
uninstall cmd: C:\Program Files\Winamp3\uninst-wa3.EXE

Windows Live Toolbar 03.01.0072 (Windows Live Toolbar)
uninstall cmd: "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45BB90BA-A939-489F-B13F-F97E760A7895}
publisher: Microsoft Corporation

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip 9.0 BETA (5480) (WinZip)
version (major): 9
install location: C:\WINZIP\
uninstall cmd: "C:\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

WinZip Self-Extractor (WinZip Self-Extractor)
uninstall cmd: "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall

(wmfdist11)

XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
install date: 20070305
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=test

Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

ZoneAlarm 7.0.337.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

Collection Microsoft Encarta 2006 2006 ({06180000-3E21-46D6-9A91-D927BA08F41D})
version (major): 2006
estimated size: 2517136
install date: 20070321
install location: E:\Program Files\Collection Microsoft Encarta 2006\ENCARTA.EXE
install source: D:\
uninstall cmd: MsiExec.exe /I{06180000-3E21-46D6-9A91-D927BA08F41D}
publisher: Microsoft Corporation
help link: http://support.microsoft.com

HP USB Disk Storage Format Tool ({0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9

SuperUtility 2.69 ({10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30})
version: 38076416
install location: C:\Program Files\SuperUtility
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30}\setup.exe" -l0x9

Microsoft .NET Framework 3.0 3.0.04506.30 ({15095BF3-A3D7-4DDF-B193-3A496881E003})
version: 50336154
version (major): 3
estimated size: 16102
install date: 20070305
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
install source: e:\a48d502f9b3018b3bb820f2f9b\
uninstall cmd: MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
publisher: Microsoft Corporation

Windows Live Sign-in Assistant 4.000.249.1 ({22B3CC30-77B8-419C-AA4B-F571FDF5D66D})
version: 67109113
version (major): 4
estimated size: 1112
install date: 20070227
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
publisher: Microsoft Corporation

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

2.1.20060719 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20060719
version (major): 2
version (minor): 1

J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 154337
install date: 20070302
install source: C:\Documents and Settings\Anass\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150030}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_03\README.txt

WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20070217
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Menus intelligents (Windows Live Toolbar) 03.01.0072 ({3585ED1C-74C5-43B0-A232-831B96A12A2B})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 651
install date: 20070301
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
publisher: Microsoft Corporation

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20070227
install source: e:\9afe1d844e7c86cdb0dd8e\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

Skype Plugin Manager 1.1.241 ({3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03})
version: 16842993
version (major): 1
version (minor): 1
estimated size: 8542
install date: 20070402
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\is-D8JRV.tmp\
uninstall cmd: MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
publisher: Skype Limited

Google Earth 4.0.2740 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 67111604
install date: 20070314
install location: C:\Program Files\Google\Google Earth
install source: C:\Documents and Settings\All Users\Application Data\Google Updater\cache\installers_ci_earth_fr_4.0.2740.0_setup_2007.02.21_14.46.09.exe
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
publisher: Google

USB PC Camera 1.00.000 ({41E496B5-47F4-11D6-9BBB-00E0987BB2CD})
version: 16777216
install location: C:\Program Files\HCDZ-C\USB PC Camera
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9

Windows Live Toolbar 03.01.0072 ({45BB90BA-A939-489F-B13F-F97E760A7895})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 5146
install date: 20070301
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{45BB90BA-A939-489F-B13F-F97E760A7895}
publisher: Microsoft Corporation

Windows Communication Foundation 3.0.04506.30 ({491DD792-AD81-429C-9EB4-86DD3D22E333})
version: 50336154
version (major): 3
estimated size: 90556
install date: 20070305
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP0392F.tmp\wcu\wcf\
uninstall cmd: MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
publisher: Microsoft Corporation

Adobe® Photoshop® Album Edition Découverte 3.0 3.00.000 ({4BDFD2CE-6329-42E4-9801-9B3D1F10D79B})
version: 50331648
version (major): 3
estimated size: 18369
install date: 20070226
install location: C:\Program Files\Adobe\Photoshop Album Edition Découverte\
install source: C:\WINDOWS\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\
uninstall cmd: MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\LisezMoi.txt

O&O DiskRecovery 4.1.1334 ({53480880-18E0-4097-A460-F22DD3AC6D70})
version: 67175734
version (major): 4
version (minor): 1
estimated size: 15596
install date: 20070331
install location: E:\Program Files\
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\O&O DiskRecovery\
uninstall cmd: MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
publisher: O&O Software GmbH
comments: It could still be there, even when it's gone
contact: Support technique
help link: www.oo-software.com/fr
help telephone: +49 (30) 4303 4300
readme: E:\Program Files\Readme.txt

({582876EC-A178-44D4-9823-C10D6C62EAFF})
uninstall cmd: MsiExec /X{8E3395D1-104C-4625-8419-CA6D197179F2}

MSXML 6.0 Parser (KB927977) 6.00.3890.0 ({5A710547-B58E-488B-828D-CA9A25A0533C})
version: 100667186
version (major): 6
estimated size: 1332
install date: 20070306
install source: e:\07768b271fb383295ec2d489a7749af4\
uninstall cmd: MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927977

({5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB})
install location: C:\Program Files\Disc2Phone\

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 337360
install date: 20070305
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 3045
install date: 20070302
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com

enhanced keyboard driver ({79C25975-740E-436E-9327-C164831ADCE7})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79C25975-740E-436E-9327-C164831ADCE7}\setup.exe"

1.0.4.0 ({7B4AB13C-1A5C-4BC5-ABA6-762F8198444C})
version: 16777220
version (major): 1
estimated size: 424
install date: 20070303
install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
publisher: AGEIA Technologies, Inc.
comments: PhysX Processor 32bit Driver v1.0.4.0
help link: www.AGEIA.com

Java 2 Runtime Environment, SE v1.4.0_01 ({7CF31609-270B-11D6-9445-000102308676})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext

Windows Workflow Foundation 3.0.4203.2 ({7D1B85BD-AA07-48B8-808D-67A4067FC6BD})
version: 50335851
version (major): 3
estimated size: 18672
install date: 20070305
install location: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wf\
uninstall cmd: MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
publisher: Microsoft Corporation

AGEIA PhysX v6.11.01 6.11.01 ({8E3395D1-104C-4625-8419-CA6D197179F2})
version: 101384193
version (major): 6
version (minor): 11
estimated size: 40448
install date: 20070303
install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{8E3395D1-104C-4625-8419-CA6D197179F2}
publisher: AGEIA Technologies, Inc.
comments: PhysX Driver & Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1; 2.6.0/1/2
help link: www.AGEIA.com

Microsoft Office Professional Edition 2003 11.0.7969.0 ({9011040C-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 601579
install date: 20070411
install source: C:\MSOCache\All Users\9000040c-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1036\OFREADME.HTM

Microsoft .NET Framework 1.1 French Language Pack 1.1.4322 ({9A394342-4A68-4EBA-85A6-55B559F4E700})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 3138
install date: 20070321
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1036\RepairRedist.htm

Kit de Connexion MENARA ({AB25E068-C7A2-482F-A3BC-588A5869844D})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel

Adobe Reader 8 - Français 8.0.0 ({AC76BA86-7AD7-1036-7B44-A80000000002})
version: 134217728
version (major): 8
estimated size: 136274
install date: 20070226
install location: C:\Program Files\Adobe\Reader 8.0\Reader\
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\Adobe Reader 8.0\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
publisher: Adobe Systems Incorporated
comments:
contact: Support clientèle
help link: http://www.adobe.fr/support/main.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

Micro Application - 36 Dictionnaires et Recueils de Correspondance 1.0.0.0 ({B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0})
version: 16777216
install location: C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\setup.exe" -l0x40c -uninst

DVD Solution ({B97CF5C3-0487-11D8-A36E-0050BAE317E1})
uninstall cmd: "C:\Program Files\Uninstall_CDS.exe"

Windows Presentation Foundation 3.0.6920.0 ({BAF78226-3200-4DB4-BE33-4D922A799840})
version: 50338568
version (major): 3
estimated size: 117878
install date: 20070305
install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wpf\
uninstall cmd: MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
publisher: Microsoft Corporation

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60197
install date: 20070227
install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\7zS2E7.tmp\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
version: 67108864
version (major): 4
estimated size: 1096
install date: 20070305
install source: C:\Program Files\Google\Installers\
uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
publisher: Google Inc.

3.56 ({E06E4F4E-72D6-4497-BFFD-BCB43077C2F4})
version: 54001664
install location: C:\Program Files\SiS VGA Utilities V3.56
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x40c -uninst

({E9F81423-211E-46B6-9AE0-
------

Répondre à Jazcasasoft

C'est des cookies, rien de méchant.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ah! Merci! J'avais cru que c'est grave puisque l'emplacement est de genre clé de registre et que Spybot S&D le décrit comme un MALWARE...
et pour la réinstallation de l'imprimante y'a une solution?

Répondre à Jazcasasoft

C'est du Hardware ça

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

:jap: Merci beaucoup de l'aide que vous m'avez apporté. Je ne sais comment vous remercier? Car "merci" est peu pour ce que vous m'avez apporté. Vous faites un excellent travail bien soigné. Je vous souhaite une vie heureuse, pleines de de réussites, prospérités et une parfaite santé, à vous et à ceux qui vous sont chers.
PAS DE PAGES PUB INTEMPESTIVES VRAIMENT C'EST CHOUETTE MAINTENANT. COMME CA JE PEUX SURFER TRANQUILLEMENT. :bounce:
Merci encore pour tout et pour les TUTOS qui étaient très intéressants!
En ce qui concerne le Wi... je vais procéder aux 1ère démarches pour essayer de régler ce problème avec mon fournisseur qui m'a peut-être dupé et m'a induit en erreur -si ce n'étaient pas ses techniciens.
Pour mon imprimante qui n'a qu'un mois, elle marchait si bien. L'assistant d'installation m'informe que c'est une thread ou une application qui fait échouer la réinstallation à partir du CD! ceci est arrivé après exécution de ZebProtect
Veuillez agréer, monsieur, ma parfaite considération. :jap:
Mais avant, j'ai un autre prob que je ne sais comment le résoudre: J'ai une image qui s'affiche au milieu de l'écran avant le Bios avec "Press...to show post screen dll to enter setup" comment puis-je supprimer cette image sachant qu'elle ne figure plus dans "mes images"

Répondre à Jazcasasoft

De rien:jap:

Citation :

Mais avant, j'ai un autre prob que je ne sais comment le résoudre: J'ai une image qui s'affiche au milieu de l'écran avant le Bios avec "Press...to show post screen dll to enter setup" comment puis-je supprimer cette image sachant qu'elle ne figure plus dans "mes images"

Je ne sais pas

Répondre à Angeldark

Bon jour,
Ok! Merci. Sincèrement, je suis très content . Pas une seule page publicitaire depuis hier matin.A part ce "RUNDLL" [erreur de chargement de SISPOwer] qui frappe en plein milieu de l'écran...mais c'est pas grave... je m'habituerai à me familiariser avec ce fameux message
:jap: :jap: :jap: :jap: :jap:

Répondre à Jazcasasoft

Je sais que j'ai des ports visibles, y a-t-il des tutos pour les cacher?

Répondre à Jazcasasoft

:hello:
Enfin, le problème de "SISPOwer.dll" est résolu. C'était vraiment simple que je ne le pensais. Je ne sais pas comment ai-je négligé préalablement ma recherche dans l'Utilitaire de configuration système?!!
Démarrer==>Exécuter et taper : msconfig
puis dans Utilitaire de configuration système==>onglet démarrage j'ai décochéla radio de "Rundll32" correspondante à Rundll32.exe SISPower.dll,ModeAgent ; son emplacement est le suivant: SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Répondre à Jazcasasoft

Salut, Angeldark
Tout le problème est résolu. Smitfraud-C.Toolbar888 n'est plus dans mon PC. Oui. C'est confirmé par un ultime scan de Spybot Search & Destroy de ce jour. Aucune trace.
Un grand merci à vous Angeldark. C'était grâce à vous et à votre immuable disponibilité en vue d'assister sincèrement une personne inconnue et lointain dans un autre point de la planète. C'était moi qui étais en détresse. Encore un grand et chaleureux merci à: http://www.infos-du-net.com/forum.
Vraiment "Aux grands maux, les grands remèdes"

Répondre à Jazcasasoft

De rien :jap;

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Malware, virus, pages de pub, difficultés d'installation [RESOLU]

Forum Sécurité - Virus : Malware, virus, pages de pub, difficultés d'installation [RESOLU]

Attention