Fond d'écran bloqué ! ! !

Tarzanlabanane -
PL59 Messages postés 634 Statut Membre - 4 mars 2009 à 13:29

Bonjour à tous !
Je ne peux plus changer mon fond d'écran et quoi que je fasse, il reste de couleur unie... pas très joyeux... J'ai fait des recherches la dessus et j'ai tout essayer (la meilleur piste étant jusqu'ici des histoire de valeurs de registres à modifier) ! Les conseils concernant ces valeurs s'applique à windows xp (je suis sou vista) et je n'ai pas trouver les clef citées...
S'il vous plaît quelqu'un aurait une idée pour résoudre mon problème?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:58, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Arthur\Downloads\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Afficher la suite

A voir également:

Fond d'écran bloqué ! ! !
Double ecran - Guide
Comment mettre une vidéo en fond d'écran - Guide
Code puk bloqué - Guide
Téléphone bloqué code verrouillage - Guide
Capture d'écran whatsapp - Accueil - Messagerie instantanée

7 réponses

Réponse 1 / 7

PL59 Messages postés 634 Statut Membre 21

Télécharge smitfraud FIX a cette adresse http://telechargement.zebulon.fr/smitfraudfix.html

+ le tuto https://www.zebulon.fr/dossiers/tutoriaux/66-smitfraudfix.html

Tiens moi au courant cordialement PL59

Tarzanlabanane

Merci pour cette réponse rapide !

rapport Etape 1 :

SmitFraudFix v2.398

Scan done at 14:30:56,67, 03/03/2009
Run from C:\Program Files\RocketDock\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\svchost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Rapport étape 2 :

SmitFraudFix v2.398

Rapport fait à 14:38:08,20, 03/03/2009
Executé à partir de C:\Users\Arthur\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Pas d'amiloration du problème malheureusement...

Tarzanlabanane

Voila j'ai fait un scan avec spybot et utiliser la fonction nettoyer, ça donne ça :

--- Search result list ---
MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

MegaUploadToolbar: [SBI $1E82DC0D] Donnée (Fichier, fixed)
C:\ProgramData\EmailNotifier\EmailNotifierEN.lng
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, fixed)
C:\Windows\System32\gjiSYaJl.ini2
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, fixed)
C:\Windows\System32\GOnnonpo.ini2
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, fixed)
C:\Windows\System32\sAcbLnpo.ini2
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde: [SBI $2A2DCEAC] Fichier de configuration (Fichier, fixed)
C:\Windows\System32\sAcbLnpo.ini
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-03-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi (*)
2009-01-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-02-10 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2009-02-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-02-24 Includes\Malware.sbi (*)
2009-02-24 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-02-24 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-02-24 Includes\Trojans.sbi (*)
2009-02-24 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB929729)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 159744
MD5: A91148D8F5AB52EFF43804BD60314BC2

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 111936
MD5: 3D50C85D295D4C6D0A5CD9F21481ECEA

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, HP Health Check Scheduler
command: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
file: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22

Located: HK_LM:Run, hpWirelessAssistant
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 480560
MD5: CB4EE42EE2D33A58EFD48C276B683663

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 174616
MD5: FBC211A75FE4C2DEAA10B130728D376D

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 8497696
MD5: 217E2B91EAAEAFDAFF1DB718B062C7A0

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 81920
MD5: 7F493300E035FEC8DBE031969B291766

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 86016
MD5: 48769100E4A0C3335F8C775BE8BF9E34

Located: HK_LM:Run, OnScreenDisplay
command: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
file: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
size: 554320
MD5: 2CF59B201A59D0FF5534089F76297559

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
file: C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: D2A93F854393C7D3BA09893F1EA264CD

Located: HK_LM:Run, WAWifiMessage
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 311296
MD5: B8AF02700299CD308046BB9339165813

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, Windows Mobile Device Center
command: %windir%\WindowsMobile\wmdc.exe
file: C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

Located: HK_LM:Run, winsesame_del
command: C:\Program Files\WinSesame\effaceur.exe
file: C:\Program Files\WinSesame\effaceur.exe
size: 151552
MD5: F53D2C6357777897B16BA53517B1845C

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 455968
MD5: 3C62EAE05B76BA809FA1DE327922E846

Located: HK_CU:Run, RocketDock
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: "C:\Program Files\RocketDock\RocketDock.exe"
file: C:\Program Files\RocketDock\RocketDock.exe
size: 495616
MD5: 7DFCCC67990B6DE7F30F553A4E4612A4

Located: HK_CU:Run, Sidebar
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: Démarrage (tous utilisateurs), BTTray.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 7C6F44557A55CE933D7063162FE92FB2

Located: Démarrage (utilisateur), OneNote 2007 - Capture d'écran et lancement.lnk
where: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101440
MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681

--- Browser helper object list ---
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{bf00e119-21a3-4fd1-b178-3b8537e75c92} (MegaIEMn)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: MegaIEMn
CLSID name: IeMonitorBho Class
Path: C:\Program Files\Megaupload\Mega Manager\
Long name: MegaIEMn.dll
Short name:
Date (created): 19/11/2008 22:21:32
Date (last access): 19/11/2008 22:21:32
Date (last write): 23/06/2008 16:41:14
Filesize: 110592
Attributes: archive
MD5: 49C4CB0A7EE5B886E65A50F62E60AD7C
CRC32: 416DC79D
Version: 3.1.0.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

--- Process list ---
PID: 3036 (1112) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 3044 (1124) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 3112 (3016) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 3340 (3112) C:\Program Files\Apoint2K\Apoint.exe
size: 159744
MD5: A91148D8F5AB52EFF43804BD60314BC2
PID: 3356 (3112) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
size: 554320
MD5: 2CF59B201A59D0FF5534089F76297559
PID: 3376 (3112) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 3392 (3112) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 3400 (3112) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 480560
MD5: CB4EE42EE2D33A58EFD48C276B683663
PID: 3424 (3112) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 311296
MD5: B8AF02700299CD308046BB9339165813
PID: 3432 (3112) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 3440 (3112) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
PID: 3508 (3112) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3548 (3112) C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
PID: 3572 (3112) C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B
PID: 3584 (3112) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
PID: 3592 (3112) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 455968
MD5: 3C62EAE05B76BA809FA1DE327922E846
PID: 3612 (3112) C:\Program Files\RocketDock\RocketDock.exe
size: 495616
MD5: 7DFCCC67990B6DE7F30F553A4E4612A4
PID: 3620 (3112) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 3704 (3484) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3716 (3112) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 7C6F44557A55CE933D7063162FE92FB2
PID: 2560 (3340) C:\Program Files\Apoint2K\ApMsgFwd.exe
size: 50736
MD5: 83A27BDC021979643DDE277BBA83F0C0
PID: 716 ( 892) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
size: 1620520
MD5: 54B2B810DDBF02BA122DE4214AC074DB
PID: 2404 ( 892) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 1400 (2240) C:\Program Files\Apoint2K\Apntex.exe
size: 40960
MD5: 99A7B10500920E5CC79B700927B18BC1
PID: 3984 ( 892) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 1684 ( 892) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
size: 677432
MD5: 3B161E0C1D8F3253640D57B45FAC96DA
PID: 2264 (3612) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307712
MD5: D3D5F1B5AFC85B7EE35DD5F46F1D2CDB
PID: 2460 (3112) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12310864
MD5: 35EC2ACA2F0F37AA977F7D50DC2DFE54
PID: 5772 (3112) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 476 ( 4) smss.exe
size: 64000
PID: 612 ( 600) csrss.exe
size: 6144
PID: 672 ( 600) wininit.exe
size: 96768
PID: 684 ( 664) csrss.exe
size: 6144
PID: 720 ( 672) services.exe
size: 279040
PID: 732 ( 672) lsass.exe
size: 9728
PID: 740 ( 672) lsm.exe
size: 229888
PID: 892 ( 720) svchost.exe
size: 21504
PID: 900 ( 664) winlogon.exe
size: 314880
PID: 976 ( 720) svchost.exe
size: 21504
PID: 1032 ( 720) svchost.exe
size: 21504
PID: 1084 ( 720) svchost.exe
size: 21504
PID: 1112 ( 720) svchost.exe
size: 21504
PID: 1124 ( 720) svchost.exe
size: 21504
PID: 1220 (1084) audiodg.exe
size: 88064
PID: 1248 ( 720) SLsvc.exe
size: 2623488
PID: 1288 ( 720) svchost.exe
size: 21504
PID: 1404 ( 720) svchost.exe
size: 21504
PID: 1576 ( 720) spoolsv.exe
size: 125952
PID: 1600 ( 720) sched.exe
PID: 1612 ( 720) svchost.exe
size: 21504
PID: 1804 ( 720) avguard.exe
PID: 1820 ( 720) AppleMobileDeviceService.exe
PID: 1844 ( 720) mDNSResponder.exe
PID: 1864 ( 720) svchost.exe
size: 21504
PID: 1928 ( 720) LSSrvc.exe
PID: 1980 ( 720) svchost.exe
size: 21504
PID: 2012 ( 720) RichVideo.exe
PID: 124 ( 720) svchost.exe
size: 21504
PID: 416 ( 720) svchost.exe
size: 21504
PID: 468 ( 720) SearchIndexer.exe
size: 439808
PID: 1120 ( 720) XAudio.exe
PID: 1480 ( 720) hpqWmiEx.exe
PID: 2524 (1124) taskeng.exe
size: 169472
PID: 2616 ( 720) alg.exe
size: 59392
PID: 3824 ( 892) WmiPrvSE.exe
PID: 3940 ( 720) svchost.exe
size: 21504
PID: 3504 ( 720) iPodService.exe
PID: 4240 ( 720) HPHC_Service.exe

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 03/03/2009 17:58:26

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 11: MSAFD Pgm (RDM)
GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 12: MSAFD Pgm (Stream)
GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
Filename: %SystemRoot%\system32\mswsock.dll

Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

--- Uninstall list ---
Windows Driver Package - LiveScribe (SmartpenBus) USB (04/17/2008 1.4.0.24) 04/17/2008 1.4.0.24 (454A02F6BAC4E15A16F38288737F34C92B144A3F)
uninstall cmd: C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\smartpenbus.inf_939273ce\smartpenbus.inf
publisher: LiveScribe

Activation Assistant for the 2007 Microsoft Office suites (Activation Assistant for the 2007 Microsoft Office suites)
uninstall cmd: "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
publisher: Microsoft Corporation
help link: https://support.microsoft.com/contactussupport/?ws=support

(AddressBook)

Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: https://helpx.adobe.com/flash-player.html

Adobe Flash Player 10 Plugin 10.0.12.36 (Adobe Flash Player Plugin)
uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

Adobe Shockwave Player 11 (Adobe Shockwave Player)
version (major): 11
install location: C:\Windows\system32\Adobe\
uninstall cmd: C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: https://helpx.adobe.com/shockwave.html

AIM 6 (AIM_6)
uninstall cmd: C:\Program Files\AIM6\uninst.exe

Avira AntiVir Personal - Free Antivirus (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support

(AOLOCP_Y)

AviSynth 2.5 (AviSynth)
uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"

Windows Driver Package - LiveScribe (SmartpenCom) Ports (04/17/2008 1.4.0.24) 04/17/2008 1.4.0.24 (B9693DB3E7CA07457177CC243CBCEC6BF59FFD09)
uninstall cmd: C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\smartpencom.inf_df883fcf\smartpencom.inf
publisher: LiveScribe

Bink and Smacker (Bink and Smacker)
uninstall cmd: C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG

BSPlayer (BSPlayer1)
uninstall cmd: "C:\Program Files\Webteh\BSplayer\uninstall.exe"

Conexant HD Audio 4.36.7.60 (CNXT_AUDIO_HDA)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWiSVHez.INF
publisher: Conexant

HDAUDIO Soft Data Fax Modem with SmartCP (CNXT_MODEM_HDA_HSF)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF

(Connection Manager)

Sacré Graal (DeinstGrail)

(DirectDrawEx)

(DXM_Runtime)

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

(Fontcore)

Hauppauge MCE XP/Vista Software Encoder (2.0.25149) 2.0.25149 (Hauppauge MCE2005 Software Encoder)
uninstall cmd: C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
publisher: Hauppauge Computer Works, Inc.
help link: https://www.hauppauge.com/

Heroes of Might and Magic® IV (Heroes of Might and Magic IV)
uninstall cmd: C:\Windows\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Users\Arthur\Downloads\HijackThis.exe" /uninstall
publisher: TrendMicro

Version d'évaluation de Microsoft Office Home and Student 2007 12.0.6215.1000 (HOMESTUDENTR)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

CyberLink YouCam 1.0.1002 (InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D})
version: 16777216
version (major): 1
estimated size: 39628
install date: 20080509
install location: C:\Program Files\CyberLink\YouCam\
install source: C:\SWSetup\Youcam\
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: https://www.cyberlink.com/support/index.html
help telephone: +886-2-86671298

PowerDirector 6.5.2129 (InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1})
version: 103940096
version (major): 6
version (minor): 50
estimated size: 470960
install date: 20080106
install location: C:\Program Files\Cyberlink\PowerDirector\
install source: C:\SwSetup\CyberDVD\Stage1\PDIR\
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: https://www.cyberlink.com/support/index.html
help telephone: +886-2-86671298

K-Lite Codec Pack 4.1.4 (Standard) 4.1.4 (KLiteCodecPack_is1)
install date: 20080927
install location: C:\Program Files\K-Lite Codec Pack\
uninstall cmd: "C:\Program Files\K-Lite Codec Pack\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB929729) (M929729)
uninstall cmd: "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20081004
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: https://www.malwarebytes.com/

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 3.5 (Microsoft .NET Framework 3.5)
install location: C:\Windows\Microsoft.NET\Framework\v3.5\
uninstall cmd: C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=96416

Module linguistique Microsoft .NET Framework 3.5 - fra (Microsoft .NET Framework 3.5 Language Pack - fra)
install location: c:\Windows\Microsoft.NET\Framework\v3.5\
uninstall cmd: c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=96416

(MobileOptionPack)

Mozilla Firefox (3.0) 3.0 (fr) (Mozilla Firefox (3.0))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

(My HP Game Console)
install location: C:\Program Files\HP Games\My HP Game Console
uninstall cmd: "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
publisher: WildTangent
help link: https://support.wildtangent.com/hc/en-us

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\Windows\system32\NVUNINST.EXE UninstallGUI

ObjectDock (ObjectDock)
uninstall cmd: C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG

(PROHYBRID2R)

(PROHYBRIDR)

RocketDock 1.3.5 (RocketDock_is1)
install date: 20080816
install location: C:\Program Files\RocketDock\
uninstall cmd: "C:\Program Files\RocketDock\unins000.exe"
publisher: Punk Software
help link: http://forums.punksoftware.com

(SchedulingAgent)

(Shockwave)

(SMALLBUSINESSR)

(SmartAudio)
uninstall cmd: C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
publisher: Conexant

Counter-Strike (Steam App 10)
install location: c:\program files\steam\steamapps\bozzo_le_clown\counter-strike
uninstall cmd: "C:\Program Files\Steam\steam.exe" steam://uninstall/10
publisher: Valve
help link: https://help.steampowered.com/en/

Dark Messiah Might and Magic Multi-Player (Steam App 2130)
install location: c:\program files\steam\steamapps\bozzo_le_clown\dark messiah might and magic multi-player
uninstall cmd: "C:\Program Files\Steam\steam.exe" steam://uninstall/2130
publisher: Ubisoft
help link: https://help.steampowered.com/en/

Day of Defeat: Source (Steam App 300)
install location: c:\program files\steam\steamapps\bozzo_le_clown\day of defeat source
uninstall cmd: "C:\Program Files\Steam\steam.exe" steam://uninstall/300
publisher: Valve
help link: https://help.steampowered.com/en/

System Requirements Lab (SystemRequirementsLab)
uninstall cmd: C:\Program Files\SystemRequirementsLab\Uninstall.exe

Titan Quest (Titan Quest)
uninstall cmd: "C:\Windows\Titan Quest\uninstall.exe" "/U:C:\Program Files\Titan Quest\Titan Quest\Uninstall\uninstall.xml"
publisher: THQ
contact: THQ Support Department
help link: https://www.thqnordic.com

TracePlus/Winsock 8.70.000 (TracePlus/Winsock)
uninstall cmd: C:\PROGRA~1\TPWINS\unwise32.exe C:\PROGRA~1\TPWINS\install.log
publisher: Systems, Software, Technology Incorporated
contact: support@sstinc.com
help link: http://www.sstinc.com/support.html

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

VideoLAN VLC media player 0.8.6h 0.8.6h (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Warcraft III (Warcraft III)
uninstall cmd: C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat

My HP Games HPCMPQ1902 (WildTangent hp Master Uninstall)
install location: C:\Program Files\HP Games
uninstall cmd: "C:\Program Files\HP Games\Uninstall.exe"
publisher: WildTangent

WinAVI Video Converter 8.0 8.0.1 (WinAVI Video Converter_is1)
install date: 20080927
install location: C:\Program Files\WinAVI Video Converter\
uninstall cmd: "C:\Program Files\WinAVI Video Converter\unins000.exe"

WinPcap 4.1 beta4 4.1.0.1237 (WinPcapInst)
uninstall cmd: C:\Program Files\WinPcap\uninstall.exe
publisher: CACE Technologies

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinSesame (WinSesame)
uninstall cmd: C:\Program Files\WinSesame\setup.exe

WinXMedia AVI/WMV MP4 Converter 3.15 3.15 (WinXMedia AVI/WMV MP4 Converter)
uninstall cmd: C:\Program Files\WinXMedia\WinXMedia WMV MP4 Converter\uninst.exe
publisher: WinXMedia Software, Inc.

WT026593 (WT026593)
install location: C:\Program Files\HP Games\Bejeweled 2 Deluxe
uninstall cmd: "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026599 (WT026599)
install location: C:\Program Files\HP Games\Blasterball 2 Revolution
uninstall cmd: "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026600 (WT026600)
install location: C:\Program Files\HP Games\Blasterball 3
uninstall cmd: "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026606 (WT026606)
install location: C:\Program Files\HP Games\Bricks of Egypt
uninstall cmd: "C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026615 (WT026615)
install location: C:\Program Files\HP Games\Crystal Maze
uninstall cmd: "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026617 (WT026617)
install location: C:\Program Files\HP Games\FATE
uninstall cmd: "C:\Program Files\HP Games\FATE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026621 (WT026621)
install location: C:\Program Files\HP Games\Chuzzle Deluxe
uninstall cmd: "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026629 (WT026629)
install location: C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk
uninstall cmd: "C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026642 (WT026642)
install location: C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue
uninstall cmd: "C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026647 (WT026647)
install location: C:\Program Files\HP Games\Fish Tycoon
uninstall cmd: "C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026652 (WT026652)
install location: C:\Program Files\HP Games\Mah Jong Quest
uninstall cmd: "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026654 (WT026654)
install location: C:\Program Files\HP Games\Peggle
uninstall cmd: "C:\Program Files\HP Games\Peggle\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026655 (WT026655)
install location: C:\Program Files\HP Games\Penguins!
uninstall cmd: "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026656 (WT026656)
install location: C:\Program Files\HP Games\Polar Bowler
uninstall cmd: "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026657 (WT026657)
install location: C:\Program Files\HP Games\Polar Golfer
uninstall cmd: "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026658 (WT026658)
install location: C:\Program Files\HP Games\Polar Golfer Pineapple Cup
uninstall cmd: "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026659 (WT026659)
install location: C:\Program Files\HP Games\Super Granny
uninstall cmd: "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026683 (WT026683)
install location: C:\Program Files\HP Games\Zuma Deluxe
uninstall cmd: "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026685 (WT026685)
install location: C:\Program Files\HP Games\Insaniquarium Deluxe
uninstall cmd: "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026698 (WT026698)
install location: C:\Program Files\HP Games\Slingo Deluxe
uninstall cmd: "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026702 (WT026702)
install location: C:\Program Files\HP Games\Gem Shop
uninstall cmd: "C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026710 (WT026710)
install location: C:\Program Files\HP Games\Ocean Express
uninstall cmd: "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026718 (WT026718)
install location: C:\Program Files\HP Games\Puzzle Express
uninstall cmd: "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026729 (WT026729)
install location: C:\Program Files\HP Games\Virtual Villagers - A New Home
uninstall cmd: "C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026781 (WT026781)
install location: C:\Program Files\HP Games\Tradewinds
uninstall cmd: "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026797 (WT026797)
install location: C:\Program Files\HP Games\Sudoku Quest
uninstall cmd: "C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026813 (WT026813)
install location: C:\Program Files\HP Games\Shooting Stars Pool
uninstall cmd: "C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026836 (WT026836)
install location: C:\Program Files\HP Games\Jewel Quest
uninstall cmd: "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT026844 (WT026844)
install location: C:\Program Files\HP Games\Diner Dash
uninstall cmd: "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

WT027261 (WT027261)
install location: C:\Program Files\HP Games\Magic Academy
uninstall cmd: "C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops

CyberLink YouCam 1.0.1002 ({01FB4998-33C4-4431-85ED-079E3EEFE75D})
version: 16777216
version (major): 1
estimated size: 39628
install date: 20080509
install location: C:\Program Files\CyberLink\YouCam\
install source: C:\SWSetup\Youcam\
publisher: CyberLink Corp.
help link: https://www.cyberlink.com/support/index.html
help telephone: +886-2-86671298

HP Integrated Module with Bluetooth wireless technology 6.0.1.5500 6.0.1.5500 ({03D1988F-469F-4843-8E6E-E5FE9D17889D})
version: 100663297
version (major): 6
estimated size: 41846
install date: 20080509
install source: C:\SWSETUP\Drivers\Btooth\Win32\
uninstall cmd: MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
publisher: HP
help link: https://support.hp.com/us-en?openCLC=true
help telephone:

Steam 1.0.0.0 ({048298C9-A4D3-490B-9FF9-AB023A9238F3})
version: 16777216
version (major): 1
estimated size: 1341
install date: 20080703
install source: C:\Users\Arthur\Downloads\
uninstall cmd: MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
publisher: Valve
comments: Steam
help link: https://help.steampowered.com/en/

HP Doc Viewer 1.02.0001 ({082702D5-5DD8-4600-BCE5-48B15174687F})
version: 16908289
version (major): 1
version (minor): 2
estimated size: 500
install date: 20080106
install location: C:\Program Files\Hewlett-Packard\Documentation\
install source: C:\Windows\Downloaded Installations\{4E9D4FDC-80D0-447A-B23C-7F115FF705D7}\
uninstall cmd: MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
publisher: Hewlett-Packard

HP Update 4.000.007.003 ({11B83AD3-7A46-4C2E-A568-9505981D4C6F})
version: 67108871
version (major): 4
estimated size: 3608
install date: 20080106
install source: C:\SwSetup\HPUpdate\
uninstall cmd: MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
publisher: Hewlett-Packard
contact: https://support.hp.com/us-en?openCLC=true

HP Active Support Library 2.3.0.2 ({11BB336F-0E58-4977-B866-F24FA334616B})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 12206
install date: 20080106
install location: c:\Program Files\Hewlett-Packard\HP Health Check\
install source: c:\swsetup\sp37021\
publisher: Hewlett-Packard
help link: https://www8.hp.com/fr/fr/home.html

Counter-Strike 1.6 1.00.0000 ({13B792AA-C078-43A4-8A3A-8B12D629940D})
version: 16777216
install location: C:\Program Files\Valve
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19

Adobe Shockwave Player 10.2.0.023 ({1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A})
version: 167903232
version (major): 10
version (minor): 2
estimated size: 10847
install date: 20080106
install source: C:\SwSetup\Shockwave\
uninstall cmd: MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
publisher: Adobe Systems, Inc.
help link: https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html

DVD Suite 5.5.0928 ({1FBF6C24-C1FD-4101-A42B-0C564F9E8E79})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
publisher: CyberLink Corp.

Les Sims™ Histoires de vie 1.00.0000 ({2284D904-C138-4B58-93EC-5C362AB5130A})
version: 16777216
version (major): 1
estimated size: 2785644
install date: 20080703
install location: C:\Program Files\Electronic Arts\Les Sims Histoires de vie\
install source: C:\SwSetup\SimsLife\
uninstall cmd: MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
publisher: Electronic Arts

Skype™ 4.0 4.0.206 ({24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D})
version: 67109070
version (major): 4
estimated size: 32754
install date: 20090228
install location: C:\Program Files\Skype\
install source: C:\ProgramData\Skype\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\
uninstall cmd: MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/4.0.0.206/fr/help

muvee autoProducer 6.1 6.10.050 ({250E9609-E830-43EB-B379-DAB7546A2422})
version: 101318706
install date: 20080106
install location: C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE
install source: C:\SWSETUP\MVEDV\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
publisher: muvee Technologies
help link: https://www.muvee.com/

Hewlett-Packard Active Check 1.1.11.0 ({254C37AA-6B72-4300-84F6-98A82419187E})
version: 16842763
version (major): 1
version (minor): 1
estimated size: 579
install date: 20080106
install source: c:\Users\ADMINI~1\AppData\Local\Temp\
uninstall cmd: MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
publisher: Hewlett-Packard

MobileMe Control Panel 2.1.1.13 ({2604C0F9-BFD3-4BA0-9EB5-22537C648F03})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 5263
install date: 20081012
install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
install source: C:\Users\Arthur\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: 1-800-275-2273

Java(TM) 6 Update 11 6.0.110 ({26A24AE4-039D-4CA4-87B4-2F83216011FF})
version: 100663406
version (major): 6
estimated size: 96644
install date: 20081219
install location: C:\Program Files\Java\jre6\
install source: C:\Users\Arthur\AppData\LocalLow\Sun\Java\jre1.6.0_11\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre6\README.txt

HP Help and Support 1.5.1 ({28EDCE9C-3304-4331-8AB3-F3EBE94C35B4})
version: 17104897
version (major): 1
version (minor): 5
estimated size: 50397
install date: 20080106
install source: C:\SwSetup\HSC\
uninstall cmd: MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
publisher: Hewlett-Packard
comments: HP Customized Help and Support for Windows Vista 32-bit Systems
contact: Hewlett-Packard
help link: https://www.support.hp.com/us-en?openCLC=true
help telephone: https://www8.hp.com/us/en/contact-hp/ww-contact-us.html

Microsoft .NET Framework 3.5 3.5.21022 ({2FC099BD-AC9B-33EB-809C-D332E1B27C40})
version: 50680350
version (major): 3
version (minor): 5
estimated size: 47944
install date: 20080718
install source: C:\Users\Arthur\AppData\Local\Temp\IXP02087.tmp\dotnetfx35\x86\
uninstall cmd: MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
publisher: Microsoft Corporation

iTunes 8.0.2.20 ({318AB667-3230-41B5-A617-CB3BF748D371})
version: 134217730
version (major): 8
estimated size: 106354
install date: 20081201
install location: C:\Program Files\iTunes\
install source: C:\Users\Arthur\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: +33 (0) 825 888 024

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 172102
install date: 20080106
install source: C:\Users\Administrator\AppData\LocalLow\Sun\Java\jre1.6.0_02\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

Java(TM) 6 Update 7 1.6.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0160070})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 139514
install date: 20080821
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_07-b06/windows-i586/<

Réponse 2 / 7

PL59 Messages postés 634 Statut Membre 21

Tu la fais en mode sans échec j'espère le nettoyage ? Tiens moi au courant

Cordialement PL59

Tarzanlabanane

Oui oui, l'étpae 2 a été faite en mode sans échec, j'ai suivi ton tuto à la lettre :)

Réponse 3 / 7

PL59 Messages postés 634 Statut Membre 21

As tu fais un coup de Spybot Tiens moi au courant

Tarzanlabanane

Voila, désolé du délai je n'arrivai pas à obtenir le rapport... Toujours pas d'amélioration, mai le voici :

--- Search result list ---
MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

MegaUploadToolbar: [SBI $DA7EBDE6] Barre d'outils IE (Valeur du registre, fixed)
HKEY_USERS\S-1-5-21-3870820789-2705368135-1562365438-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}

MegaUploadToolbar: [SBI $998A0E3C] Exécutable (Fichier, fixed)
C:\ProgramData\Megaupload\Megauper.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MegaUploadToolbar: [SBI $395CBDB1] Dossier Programme (Répertoire, fixing failed)
C:\ProgramData\Megaupload\

MegaUploadToolbar: [SBI $EB10C2BD] Exécutable (Fichier, fixed)
C:\ProgramData\EmailNotifier\EmailNotifier.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MegaUploadToolbar: [SBI $F664B537] Exécutable (Fichier, fixed)
C:\ProgramData\EmailNotifier\EmailNotifierAPI.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MegaUploadToolbar: [SBI $1E82DC0D] Donnée (Fichier, fixed)
C:\ProgramData\EmailNotifier\EmailNotifierEN.lng
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MegaUploadToolbar: [SBI $1E82DC0D] Donnée (Fichier, fixed)
C:\ProgramData\EmailNotifier\EmailNotifierFR.lng
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MegaUploadToolbar: [SBI $2E6D42A0] Dossier Programme (Répertoire, fixed)
C:\ProgramData\EmailNotifier\

Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, nothing done)
C:\Windows\System32\gjiSYaJl.ini2
Properties.size=345
Properties.md5=5F07952871E38238EADF6822557A642E
Properties.filedate=1222871154
Properties.filedatetext=2008-10-01 15:25:53

Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, nothing done)
C:\Windows\System32\GOnnonpo.ini2
Properties.size=1918
Properties.md5=D375AB28105333881FD75C1132031026
Properties.filedate=1222898559
Properties.filedatetext=2008-10-01 23:02:39

Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, nothing done)
C:\Windows\System32\sAcbLnpo.ini2
Properties.size=345
Properties.md5=D1ADEA2C408904CFA039AAF3B194ED7F
Properties.filedate=1222899067
Properties.filedatetext=2008-10-01 23:11:06

Virtumonde: [SBI $2A2DCEAC] Fichier de configuration (Fichier, nothing done)
C:\Windows\System32\sAcbLnpo.ini
Properties.size=559117
Properties.md5=71EF0CB061BB0E5F89F9B7E9BB00CA4B
Properties.filedate=1222899137
Properties.filedatetext=2008-10-01 23:12:16

Virtumonde: [SBI $1E12D746] Réglages utilisateur (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-3870820789-2705368135-1562365438-1000\Software\Microsoft\fias4013

DoubleClick: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)

FastClick: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)

BlueStreak: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)

MediaPlex: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)

BlueStreak: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

DoubleClick: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

WebTrends live: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

BurstMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

FastClick: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

FastClick: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

BurstMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

BurstMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Statcounter: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Adviva: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

Statcounter: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-03-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi (*)
2009-01-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-02-10 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2009-02-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-02-24 Includes\Malware.sbi (*)
2009-02-24 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-02-24 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-02-24 Includes\Trojans.sbi (*)
2009-02-24 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 159744
MD5: A91148D8F5AB52EFF43804BD60314BC2

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 111936
MD5: 3D50C85D295D4C6D0A5CD9F21481ECEA

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, HP Health Check Scheduler
command: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
file: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22

Located: HK_LM:Run, hpWirelessAssistant
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 480560
MD5: CB4EE42EE2D33A58EFD48C276B683663

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 174616
MD5: FBC211A75FE4C2DEAA10B130728D376D

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 8497696
MD5: 217E2B91EAAEAFDAFF1DB718B062C7A0

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 81920
MD5: 7F493300E035FEC8DBE031969B291766

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 86016
MD5: 48769100E4A0C3335F8C775BE8BF9E34

Located: HK_LM:Run, OnScreenDisplay
command: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
file: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
size: 554320
MD5: 2CF59B201A59D0FF5534089F76297559

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
file: C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: D2A93F854393C7D3BA09893F1EA264CD

Located: HK_LM:Run, WAWifiMessage
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 311296
MD5: B8AF02700299CD308046BB9339165813

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, Windows Mobile Device Center
command: %windir%\WindowsMobile\wmdc.exe
file: C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

Located: HK_LM:Run, winsesame_del
command: C:\Program Files\WinSesame\effaceur.exe
file: C:\Program Files\WinSesame\effaceur.exe
size: 151552
MD5: F53D2C6357777897B16BA53517B1845C

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 455968
MD5: 3C62EAE05B76BA809FA1DE327922E846

Located: HK_CU:Run, RocketDock
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: "C:\Program Files\RocketDock\RocketDock.exe"
file: C:\Program Files\RocketDock\RocketDock.exe
size: 495616
MD5: 7DFCCC67990B6DE7F30F553A4E4612A4

Located: HK_CU:Run, Sidebar
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3870820789-2705368135-1562365438-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: Démarrage (tous utilisateurs), BTTray.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 7C6F44557A55CE933D7063162FE92FB2

Located: Démarrage (utilisateur), OneNote 2007 - Capture d'écran et lancement.lnk
where: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101440
MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681

--- Browser helper object list ---
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{bf00e119-21a3-4fd1-b178-3b8537e75c92} (MegaIEMn)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: MegaIEMn
CLSID name: IeMonitorBho Class
Path: C:\Program Files\Megaupload\Mega Manager\
Long name: MegaIEMn.dll
Short name:
Date (created): 19/11/2008 22:21:32
Date (last access): 19/11/2008 22:21:32
Date (last write): 23/06/2008 16:41:14
Filesize: 110592
Attributes: archive
MD5: 49C4CB0A7EE5B886E65A50F62E60AD7C
CRC32: 416DC79D
Version: 3.1.0.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name:
Date (created): 19/12/2008 00:09:16
Date (last access): 19/12/2008 00:09:16
Date (last write): 19/12/2008 00:09:16
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

--- Process list ---
PID: 3024 (1144) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 3088 (1124) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 3136 (3060) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 3356 (3136) C:\Program Files\Apoint2K\Apoint.exe
size: 159744
MD5: A91148D8F5AB52EFF43804BD60314BC2
PID: 3376 (3136) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
size: 554320
MD5: 2CF59B201A59D0FF5534089F76297559
PID: 3392 (3136) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 3400 (3136) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 3416 (3136) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 480560
MD5: CB4EE42EE2D33A58EFD48C276B683663
PID: 3428 (3136) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 311296
MD5: B8AF02700299CD308046BB9339165813
PID: 3436 (3136) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 3460 (3136) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
PID: 3496 (3136) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3596 (3472) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3660 (3136) C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
PID: 3676 (3136) C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B
PID: 3692 (3136) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
PID: 3708 (3136) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 455968
MD5: 3C62EAE05B76BA809FA1DE327922E846
PID: 3784 (3136) C:\Program Files\RocketDock\RocketDock.exe
size: 495616
MD5: 7DFCCC67990B6DE7F30F553A4E4612A4
PID: 3808 (3136) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 3856 (3136) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 7C6F44557A55CE933D7063162FE92FB2
PID: 2568 ( 936) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 3008 (3260) C:\Program Files\Apoint2K\Apntex.exe
size: 40960
MD5: 99A7B10500920E5CC79B700927B18BC1
PID: 3572 ( 936) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
size: 1620520
MD5: 54B2B810DDBF02BA122DE4214AC074DB
PID: 3844 ( 936) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
size: 677432
MD5: 3B161E0C1D8F3253640D57B45FAC96DA
PID: 1980 ( 936) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 3588 (3136) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307712
MD5: D3D5F1B5AFC85B7EE35DD5F46F1D2CDB
PID: 5448 (5396) C:\Windows\system32\conime.exe
size: 69120
MD5: F96EBC5A624349D81DCC7600A3C5DC43
PID: 5296 (3136) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12310864
MD5: 35EC2ACA2F0F37AA977F7D50DC2DFE54
PID: 2540 (1244) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4224 ( 936) C:\Windows\system32\DllHost.exe
size: 7168
MD5: BE01E566D1F569AAB32D0335613E1EEA
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 476 ( 4) smss.exe
size: 64000
PID: 620 ( 608) csrss.exe
size: 6144
PID: 672 ( 608) wininit.exe
size: 96768
PID: 684 ( 664) csrss.exe
size: 6144
PID: 720 ( 672) services.exe
size: 279040
PID: 732 ( 672) lsass.exe
size: 9728
PID: 740 ( 672) lsm.exe
size: 229888
PID: 816 ( 664) winlogon.exe
size: 314880
PID: 936 ( 720) svchost.exe
size: 21504
PID: 996 ( 720) svchost.exe
size: 21504
PID: 1048 ( 720) svchost.exe
size: 21504
PID: 1096 ( 720) svchost.exe
size: 21504
PID: 1124 ( 720) svchost.exe
size: 21504
PID: 1144 ( 720) svchost.exe
size: 21504
PID: 1224 (1096) audiodg.exe
size: 88064
PID: 1252 ( 720) SLsvc.exe
size: 2623488
PID: 1292 ( 720) svchost.exe
size: 21504
PID: 1396 ( 720) svchost.exe
size: 21504
PID: 1580 ( 720) spoolsv.exe
size: 125952
PID: 1604 ( 720) sched.exe
PID: 1616 ( 720) svchost.exe
size: 21504
PID: 1788 ( 720) avguard.exe
PID: 1816 ( 720) AppleMobileDeviceService.exe
PID: 1832 ( 720) mDNSResponder.exe
PID: 1852 ( 720) svchost.exe
size: 21504
PID: 1904 ( 720) LSSrvc.exe
PID: 2040 ( 720) svchost.exe
size: 21504
PID: 320 ( 720) RichVideo.exe
PID: 488 ( 720) svchost.exe
size: 21504
PID: 788 ( 720) svchost.exe
size: 21504
PID: 876 ( 720) SearchIndexer.exe
size: 439808
PID: 1388 ( 720) XAudio.exe
PID: 1704 ( 720) hpqWmiEx.exe
PID: 2500 (1144) taskeng.exe
size: 169472
PID: 2632 ( 720) alg.exe
size: 59392
PID: 3516 ( 936) WmiPrvSE.exe
PID: 3820 ( 720) svchost.exe
size: 21504
PID: 2528 (3356) ApMsgFwd.exe
PID: 2804 ( 720) iPodService.exe
PID: 4296 ( 720) HPHC_Service.exe
PID: 2344 ( 876) SearchProtocolHost.exe
size: 184832
PID: 4860 ( 876) SearchFilterHost.exe
size: 87552

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 03/03/2009 15:36:36

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 11: MSAFD Pgm (RDM)
GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 12: MSAFD Pgm (Stream)
GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
Filename: %SystemRoot%\system32\mswsock.dll

Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

--- Uninstall list ---

--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: system32\drivers\acpi.sys
Image size: 266808
Image MD5: FCB8C7210F0135E24C6580F7F649C73C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: A1545B731579895D8CC44FC0481C1192
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Personal – Free Antivirus Scheduler
Description: Service to schedule Avira AntiVir Personal – Free Antivirus jobs and updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 68865
Image MD5: D6C8942BEA3698A2E7559BD423BFA5D7
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Personal – Free Antivirus Guard
Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 151297
Image MD5: 335A142923FE7F97E8C8388ACD067568
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): ApfiltrService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Alps Pointing-device Filter Driver
Image path: system32\DRIVERS\Apfiltr.sys
Image size: 141312
Image MD5: B49A709F65BF3BEAA2B03F8EC139D568
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Fournit l’interface pour les appareils mobiles Apple.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Image size: 132424
Image MD5: A8AA9D47F971570A5162B862B80F87E8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET_1.1.4322
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'état ASP.NET
Description: Assure la prise en charge des états de session out-of-process pour ASP.NET. En cas d'interruption de ce service, les demandes out-of process ne sont pas traitées. En cas de désactivation du service, le démarrage de tout service qui dépend explicitement de ce service est impossible.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 33800
Image MD5: CA89A5872DAFAB3D1932275D3EDA26D8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: system32\DRIVERS\asyncmac.sys
Image size: 17408
Image MD5: 53B202ABEE6455406254444303E87BE1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Canal IDE
Image path: system32\drivers\atapi.sys
Image size: 21560
Image MD5: 2D9C903DC76A66813D350A562DE40ED9
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): avgio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgio
Image path: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: FltMgr

Service (registry key): avgntflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntflt
Description: Avira AntiVir Personal – Free Antivirus mini-filter used for on-access scan to provide real-time antivirus security.
Image path: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira's Driver for RootKit Detection
Image path: system32\DRIVERS\avipbb.sys
Image size: 75072
Image MD5: 4AE8120E2F9466894849EE3C97A65101
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): BCM43XV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom Extensible 802.11 Network Adapter Driver
Image path: system32\DRIVERS\bcmwl6.sys
Image size: 464384
Image MD5: CF6A67C90951E3E763D2135DEDE44B85
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service Bonjour
Description: Bonjour permet à des applications comme iTunes et Safari d’annoncer et de découvrir des services sur le réseau local. En gardant Bonjour en exécution, vous pouvez vous connecter à des périphériques comme l’Apple TV et à des services logiciels comme le partage iTunes et AirTunes. Si vous désactivez Bonjour, tous les services réseau qui en dépendent de manière explicite ne démarreront pas.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 238888
Image MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bowser
Description: Implements the datagram receiver for the computer browser browser service.
Image path: system32\DRIVERS\bowser.sys
Image size: 69632
Image MD5: 74B442B2BE1260B7588C136177CEAC66
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltlo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\system32\drivers\brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\system32\drivers\brserwdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\system32\drivers\brusbmdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\system32\drivers\brusbser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de bloc de demande Bluetooth
Image path: system32\DRIVERS\BthEnum.sys
Image size: 19456
Image MD5: DA7B195275BDA7F8FCF79B40E0F45DDE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de communication série Bluetooth
Image path: system32\DRIVERS\bthmodem.sys
Image size: 39936
Image MD5: 5FFA6988FF9597986FF2ADA736CC90C0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthPan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Périphérique Bluetooth (réseau personnel)
Description: Périphérique Bluetooth (réseau personnel)
Image path: system32\DRIVERS\bthpan.sys
Image size: 92160
Image MD5: 5904EFA25F829BF84EA6FB045134A1D8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de port Bluetooth
Image path: System32\Drivers\BTHport.sys
Image size: 220160
Image MD5: 73D53F8E90550BA81E2CF44A0873B410
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthServ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\bthserv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): BTHUSB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote USB radio Bluetooth
Image path: System32\Drivers\BTHUSB.sys
Image size: 29184
Image MD5: 32045A4BB143BBC5BAB1298C4E9E309A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTKRNL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): btwaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Périphérique audio Bluetooth
Image path: system32\drivers\btwaudio.sys
Image size: 80424
Image MD5: 99AEEA7CEFDFC6E4151A8F620D682088
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): btwavdt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth AVDT Service
Image path: system32\drivers\btwavdt.sys
Image size: 80936
Image MD5: 195872E48A7FB01F8BC9B800F70F4054
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): btwrchid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\btwrchid.sys
Image size: 16168
Image MD5: 0724E7D6C9B6A289EDDDA33FA8176E80
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 70144
Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de CD-ROM
Image path: system32\DRIVERS\cdrom.sys
Image size: 67072
Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\drivers\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Common Log (CLFS)
Description: Common Log (CLFS)
Image path: System32\CLFS.sys
Image size: 247352
Image MD5: 465745561C832B29F7C48B488AAB3842
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 70144
Image MD5: A4AF4201BD519971F8F34724F3CA9DBB
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote pour Batterie à méthode de contrôle ACPI Microsoft
Image path: system32\DRIVERS\CmBatt.sys
Image size: 14208
Image MD5: 99AFC3795B58CC478FBBBCDC658FCB56
Control Set: CurrentControlSet

Réponse 4 / 7

PL59 Messages postés 634 Statut Membre 21

Fais un coup de spybot tiens moi au courant

Cordialement PL59

Tarzanlabanane

Mon message précédent est le résultat de spybot :)

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 7

PL59 Messages postés 634 Statut Membre 21

télécharge sdfix http://sdfix.net/SDFix.exe

+ son tuto https://www.malekal.com/slenfbot-still-an-other-irc-bot/ Tiens moi au courant

Tarzanlabanane

J'ai du mal à faire fonctionner ce programme, mais je crois que j'ai fait ce qu'on me demandait :

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 18:27:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021860ad8ac]
"001c43eb78a4"=hex:0d,2d,a0,a3,0d,04,ba,51,12,52,54,0c,87,7a,30,d5
"001fcd1480ef"=hex:1a,a2,98,e0,ef,2d,8c,f0,cb,08,14,7a,f4,b2,3b,be
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\006057273847]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:83,ed,8e,dc,4e,ff,22,97,6f,ae,6b,3b,ae,2d,4f,2f,63,05,2b,34,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,f4,4f,4b,9c,21,4c,e5,04,03,12,2f,30,c8,8f,fd,a2,..
"khjeh"=hex:3b,f2,08,38,82,93,09,2a,67,88,48,77,14,5a,0a,02,a9,43,cb,3a,55,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f3,f1,0a,ef,1d,9c,48,67,7b,a4,84,68,83,6d,c1,8d,30,10,57,d4,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4c,2e,83,70,32,7b,17,b8,35,aa,90,9a,bd,fa,89,15,e3,26,a4,6b,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021860ad8ac]
"001c43eb78a4"=hex:0d,2d,a0,a3,0d,04,ba,51,12,52,54,0c,87,7a,30,d5
"001fcd1480ef"=hex:1a,a2,98,e0,ef,2d,8c,f0,cb,08,14,7a,f4,b2,3b,be
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\006057273847]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:83,ed,8e,dc,4e,ff,22,97,6f,ae,6b,3b,ae,2d,4f,2f,63,05,2b,34,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,f4,4f,4b,9c,21,4c,e5,04,03,12,2f,30,c8,8f,fd,a2,..
"khjeh"=hex:3b,f2,08,38,82,93,09,2a,67,88,48,77,14,5a,0a,02,a9,43,cb,3a,55,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f3,f1,0a,ef,1d,9c,48,67,7b,a4,84,68,83,6d,c1,8d,30,10,57,d4,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4c,2e,83,70,32,7b,17,b8,35,aa,90,9a,bd,fa,89,15,e3,26,a4,6b,c2,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Pb toujours pas résolu...

Tarzanlabanane

J'ai remarqué que des gens ont réglé ce pb en supprimant certaines clefs de registres :
ForceActiveDesktopOn et NoActiveDesktop
de
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

et
Wallpaper
de
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Cependant, elles n'existent pas dans mon registre... en fait, je ne possède aucune valeur à l'emplacement HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies...
seulement les dossier Explorer (qui contient Run) et Systeme... mais ces derniers ne contiennent aucunes valeurs...

Réponse 6 / 7

PL59 Messages postés 634 Statut Membre 21

Bonjour Tarzanlabanane as tu fais un coup de SDfix : http://sdfix.net/SDFix.exe
+ le tuto https://www.malekal.com/slenfbot-still-an-other-irc-bot/
tiens moi au courant

Cordialement PL59

Boris

Tu m'as deja demander ça... et je t'ai poster le rapport en dessous...

Réponse 7 / 7

PL59 Messages postés 634 Statut Membre 21

Ta penser à faire une restauration du système tiens moi au courant

Cordialement PL59

Discussions similaires

Fond d'écran carousel xiaomi

Impossible de changer mon fond d'écran Redmi Note 9

Fond d'écran bloqué ! ! !

7 réponses

Votre réponse

Discussions similaires

Newsletters