Fond d'écran bloqué ! ! !

Tarzanlabanane -  
PL59 Messages postés 634 Statut Membre -
Bonjour à tous !
Je ne peux plus changer mon fond d'écran et quoi que je fasse, il reste de couleur unie... pas très joyeux... J'ai fait des recherches la dessus et j'ai tout essayer (la meilleur piste étant jusqu'ici des histoire de valeurs de registres à modifier) ! Les conseils concernant ces valeurs s'applique à windows xp (je suis sou vista) et je n'ai pas trouver les clef citées...
S'il vous plaît quelqu'un aurait une idée pour résoudre mon problème?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:58, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Arthur\Downloads\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8592 bytes
Configuration: Windows Vista
Firefox 3.0

7 réponses

  1. PL59 Messages postés 634 Statut Membre 21
     
    Télécharge smitfraud FIX a cette adresse http://telechargement.zebulon.fr/smitfraudfix.html

    + le tuto https://www.zebulon.fr/dossiers/tutoriaux/66-smitfraudfix.html

    Tiens moi au courant cordialement PL59
    0
    1. Tarzanlabanane
       
      Merci pour cette réponse rapide !

      rapport Etape 1 :

      SmitFraudFix v2.398

      Scan done at 14:30:56,67, 03/03/2009
      Run from C:\Program Files\RocketDock\SmitfraudFix
      OS: Microsoft Windows [version 6.0.6001] - Windows_NT
      The filesystem type is NTFS
      Fix run in normal mode

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\DRIVERS\xaudio.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\Windows\System32\alg.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Windows\WindowsMobile\wmdc.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\RocketDock\RocketDock.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Apoint2K\ApMsgFwd.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      C:\Program Files\iTunes\iTunes.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\cmd.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\wbem\wmiprvse.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur\AppData\Local\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Arthur\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, following keys are not inevitably infected!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, following keys are not inevitably infected!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
      !!!Attention, following keys are not inevitably infected!!!

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, following keys are not inevitably infected!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, following keys are not inevitably infected!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, following keys are not inevitably infected!!!



      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, following keys are not inevitably infected!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\Windows\\system32\\userinit.exe,"


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Intel(R) PRO/Wireless 3945ABG Network Connection
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


      »»»»»»»»»»»»»»»»»»»»»»»» End



      Rapport étape 2 :

      SmitFraudFix v2.398

      Rapport fait à 14:38:08,20, 03/03/2009
      Executé à partir de C:\Users\Arthur\Downloads\SmitfraudFix
      OS: Microsoft Windows [version 6.0.6001] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost
      ::1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B847216-665B-4C8E-AC58-9E044F57C5DB}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{9AC6944F-EB5B-4245-8B3E-088F8A760F0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{9C51623C-0B38-4BA2-9F54-26211EA2BBAD}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin




      Pas d'amiloration du problème malheureusement...
      0
    2. Tarzanlabanane
       
      Voila j'ai fait un scan avec spybot et utiliser la fonction nettoyer, ça donne ça :


      --- Search result list ---
      MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixed)
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

      MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixing failed)
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

      MegaUploadToolbar: [SBI $1E82DC0D] Donnée (Fichier, fixed)
      C:\ProgramData\EmailNotifier\EmailNotifierEN.lng
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, fixed)
      C:\Windows\System32\gjiSYaJl.ini2
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, fixed)
      C:\Windows\System32\GOnnonpo.ini2
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, fixed)
      C:\Windows\System32\sAcbLnpo.ini2
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      Virtumonde: [SBI $2A2DCEAC] Fichier de configuration (Fichier, fixed)
      C:\Windows\System32\sAcbLnpo.ini
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E


      --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

      2009-01-26 blindman.exe (1.0.0.8)
      2009-01-26 SDFiles.exe (1.6.1.7)
      2009-01-26 SDMain.exe (1.0.0.6)
      2009-01-26 SDShred.exe (1.0.2.5)
      2009-01-26 SDUpdate.exe (1.6.0.12)
      2009-01-26 SDWinSec.exe (1.0.0.12)
      2009-01-26 SpybotSD.exe (1.6.2.46)
      2009-01-26 TeaTimer.exe (1.6.4.26)
      2009-03-03 unins000.exe (51.49.0.0)
      2009-01-26 Update.exe (1.6.0.7)
      2009-01-26 advcheck.dll (1.6.2.15)
      2007-04-02 aports.dll (2.1.0.0)
      2008-06-14 DelZip179.dll (1.79.11.1)
      2009-01-26 SDHelper.dll (1.6.2.14)
      2008-06-19 sqlite3.dll
      2009-01-26 Tools.dll (2.1.6.10)
      2009-01-16 UninsSrv.dll (1.0.0.0)
      2009-01-22 Includes\Adware.sbi (*)
      2009-01-22 Includes\AdwareC.sbi (*)
      2009-01-22 Includes\Cookies.sbi (*)
      2009-01-06 Includes\Dialer.sbi (*)
      2009-01-22 Includes\DialerC.sbi (*)
      2009-01-22 Includes\HeavyDuty.sbi (*)
      2009-02-10 Includes\Hijackers.sbi (*)
      2009-02-10 Includes\HijackersC.sbi (*)
      2008-12-09 Includes\Keyloggers.sbi (*)
      2009-02-17 Includes\KeyloggersC.sbi (*)
      2004-11-29 Includes\LSP.sbi (*)
      2009-02-24 Includes\Malware.sbi (*)
      2009-02-24 Includes\MalwareC.sbi (*)
      2008-12-16 Includes\PUPS.sbi (*)
      2009-02-24 Includes\PUPSC.sbi (*)
      2009-01-22 Includes\Revision.sbi (*)
      2009-01-13 Includes\Security.sbi (*)
      2009-02-10 Includes\SecurityC.sbi (*)
      2008-06-03 Includes\Spybots.sbi (*)
      2008-06-03 Includes\SpybotsC.sbi (*)
      2009-01-28 Includes\Spyware.sbi (*)
      2009-01-28 Includes\SpywareC.sbi (*)
      2008-06-03 Includes\Tracks.uti
      2009-02-24 Includes\Trojans.sbi (*)
      2009-02-24 Includes\TrojansC.sbi (*)
      2008-03-04 Plugins\Chai.dll
      2008-03-05 Plugins\Fennel.dll
      2008-02-26 Plugins\Mate.dll
      2007-12-24 Plugins\TCPIPAddress.dll



      --- System information ---
      Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
      / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB929729)
      / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
      / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
      / MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
      / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


      --- Startup entries list ---
      Located: HK_LM:Run, Adobe Reader Speed Launcher
      command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      size: 39792
      MD5: 392845E8D49B5F0E81AAC4D795000A8C

      Located: HK_LM:Run, Apoint
      command: C:\Program Files\Apoint2K\Apoint.exe
      file: C:\Program Files\Apoint2K\Apoint.exe
      size: 159744
      MD5: A91148D8F5AB52EFF43804BD60314BC2

      Located: HK_LM:Run, AppleSyncNotifier
      command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      size: 111936
      MD5: 3D50C85D295D4C6D0A5CD9F21481ECEA

      Located: HK_LM:Run, avgnt
      command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      size: 266497
      MD5: 6E812818306D460D62B4ABEA9FDC6679

      Located: HK_LM:Run, HP Health Check Scheduler
      command: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      file: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      size: 0
      MD5: D41D8CD98F00B204E9800998ECF8427E
      Warning: if the file is actually larger than 0 bytes,
      the checksum could not be properly calculated!

      Located: HK_LM:Run, HP Software Update
      command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      size: 54840
      MD5: 21293443961A4E2597453EE7A9347F22

      Located: HK_LM:Run, hpWirelessAssistant
      command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      size: 480560
      MD5: CB4EE42EE2D33A58EFD48C276B683663

      Located: HK_LM:Run, IAAnotif
      command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      size: 174616
      MD5: FBC211A75FE4C2DEAA10B130728D376D

      Located: HK_LM:Run, iTunesHelper
      command: "C:\Program Files\iTunes\iTunesHelper.exe"
      file: C:\Program Files\iTunes\iTunesHelper.exe
      size: 290088
      MD5: E6A4E341E4304B34AA280D3E73818C90

      Located: HK_LM:Run, NvCplDaemon
      command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      file: C:\Windows\system32\NvCpl.dll
      size: 8497696
      MD5: 217E2B91EAAEAFDAFF1DB718B062C7A0

      Located: HK_LM:Run, NvMediaCenter
      command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      file: C:\Windows\system32\NvMcTray.dll
      size: 81920
      MD5: 7F493300E035FEC8DBE031969B291766

      Located: HK_LM:Run, NvSvc
      command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      file: C:\Windows\system32\nvsvc.dll
      size: 86016
      MD5: 48769100E4A0C3335F8C775BE8BF9E34

      Located: HK_LM:Run, OnScreenDisplay
      command: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      file: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      size: 554320
      MD5: 2CF59B201A59D0FF5534089F76297559

      Located: HK_LM:Run, QuickTime Task
      command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      file: C:\Program Files\QuickTime\QTTask.exe
      size: 413696
      MD5: 9C9B6807425CEF840C117654D8B033D1

      Located: HK_LM:Run, SunJavaUpdateSched
      command: "C:\Program Files\Java\jre6\bin\jusched.exe"
      file: C:\Program Files\Java\jre6\bin\jusched.exe
      size: 136600
      MD5: B98FFA8288EFAABC436C30D198608345

      Located: HK_LM:Run, UCam_Menu
      command: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
      file: C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
      size: 218408
      MD5: D2A93F854393C7D3BA09893F1EA264CD

      Located: HK_LM:Run, WAWifiMessage
      command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      size: 311296
      MD5: B8AF02700299CD308046BB9339165813

      Located: HK_LM:Run, Windows Defender
      command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      file: C:\Program Files\Windows Defender\MSASCui.exe
      size: 1008184
      MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

      Located: HK_LM:Run, Windows Mobile Device Center
      command: %windir%\WindowsMobile\wmdc.exe
      file: C:\Windows\WindowsMobile\wmdc.exe
      size: 648072
      MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

      Located: HK_LM:Run, winsesame_del
      command: C:\Program Files\WinSesame\effaceur.exe
      file: C:\Program Files\WinSesame\effaceur.exe
      size: 151552
      MD5: F53D2C6357777897B16BA53517B1845C

      Located: HK_LM:RunOnce, SpybotSnD
      command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
      file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
      size: 5365592
      MD5: 0477C2F9171599CA5BC3307FDFBA8D89

      Located: HK_CU:Run, Sidebar
      where: S-1-5-19...
      command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
      file: C:\Program Files\Windows Sidebar\Sidebar.exe
      size: 1233920
      MD5: FD278E51A7D6F52D22FCE6C67E037AD6

      Located: HK_CU:Run, WindowsWelcomeCenter
      where: S-1-5-19...
      command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
      file: C:\Windows\system32\oobefldr.dll
      size: 2153472
      MD5: 83E4A5435B0FA6AD0166722621A04725

      Located: HK_CU:Run, Sidebar
      where: S-1-5-20...
      command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
      file: C:\Program Files\Windows Sidebar\Sidebar.exe
      size: 1233920
      MD5: FD278E51A7D6F52D22FCE6C67E037AD6

      Located: HK_CU:Run, WindowsWelcomeCenter
      where: S-1-5-20...
      command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
      file: C:\Windows\system32\oobefldr.dll
      size: 2153472
      MD5: 83E4A5435B0FA6AD0166722621A04725

      Located: HK_CU:Run, ehTray.exe
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Windows\ehome\ehTray.exe
      file: C:\Windows\ehome\ehTray.exe
      size: 125952
      MD5: BF08674925F151BD4537B89A493E3E0C

      Located: HK_CU:Run, LightScribe Control Panel
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      size: 455968
      MD5: 3C62EAE05B76BA809FA1DE327922E846

      Located: HK_CU:Run, RocketDock
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: "C:\Program Files\RocketDock\RocketDock.exe"
      file: C:\Program Files\RocketDock\RocketDock.exe
      size: 495616
      MD5: 7DFCCC67990B6DE7F30F553A4E4612A4

      Located: HK_CU:Run, Sidebar
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      file: C:\Program Files\Windows Sidebar\sidebar.exe
      size: 1233920
      MD5: FD278E51A7D6F52D22FCE6C67E037AD6

      Located: HK_CU:Run, SpybotSD TeaTimer
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      size: 2144088
      MD5: 896A1DB9A972AD2339C2E8569EC926D1

      Located: Démarrage (tous utilisateurs), BTTray.lnk
      where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
      command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      size: 727592
      MD5: 7C6F44557A55CE933D7063162FE92FB2

      Located: Démarrage (utilisateur), OneNote 2007 - Capture d'écran et lancement.lnk
      where: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
      command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      size: 101440
      MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681



      --- Browser helper object list ---
      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
      location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      BHO name:
      CLSID name: Java(tm) Plug-In SSV Helper
      Path: C:\Program Files\Java\jre6\bin\
      Long name: ssv.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 320920
      Attributes: archive
      MD5: 35E6FB6E6003BD54A5D69C9C1C762192
      CRC32: 9699660C
      Version: 6.0.110.3

      {bf00e119-21a3-4fd1-b178-3b8537e75c92} (MegaIEMn)
      location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      BHO name: MegaIEMn
      CLSID name: IeMonitorBho Class
      Path: C:\Program Files\Megaupload\Mega Manager\
      Long name: MegaIEMn.dll
      Short name:
      Date (created): 19/11/2008 22:21:32
      Date (last access): 19/11/2008 22:21:32
      Date (last write): 23/06/2008 16:41:14
      Filesize: 110592
      Attributes: archive
      MD5: 49C4CB0A7EE5B886E65A50F62E60AD7C
      CRC32: 416DC79D
      Version: 3.1.0.0

      {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
      location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      BHO name:
      CLSID name: Java(tm) Plug-In 2 SSV Helper
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2ssv.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 34816
      Attributes: archive
      MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
      CRC32: D7C13FB2
      Version: 6.0.110.3



      --- ActiveX list ---
      {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_11
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
      description: Sun Java
      classification: Legitimate
      known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
      info link:
      info source: Patrick M. Kolla
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_02
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_07
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_11
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_11
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: npjpi160_11.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 132504
      Attributes: archive
      MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
      CRC32: CECB5751
      Version: 6.0.110.3



      --- Process list ---
      PID: 3036 (1112) C:\Windows\system32\Dwm.exe
      size: 81920
      MD5: 59903071D7ACE6A02093C47E9E38AF97
      PID: 3044 (1124) C:\Windows\system32\taskeng.exe
      size: 169472
      MD5: 5F109032CE46B7184ED9E50F9FE8489E
      PID: 3112 (3016) C:\Windows\Explorer.EXE
      size: 2927104
      MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
      PID: 3340 (3112) C:\Program Files\Apoint2K\Apoint.exe
      size: 159744
      MD5: A91148D8F5AB52EFF43804BD60314BC2
      PID: 3356 (3112) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      size: 554320
      MD5: 2CF59B201A59D0FF5534089F76297559
      PID: 3376 (3112) C:\Program Files\Windows Defender\MSASCui.exe
      size: 1008184
      MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
      PID: 3392 (3112) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
      size: 54840
      MD5: 21293443961A4E2597453EE7A9347F22
      PID: 3400 (3112) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      size: 480560
      MD5: CB4EE42EE2D33A58EFD48C276B683663
      PID: 3424 (3112) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      size: 311296
      MD5: B8AF02700299CD308046BB9339165813
      PID: 3432 (3112) C:\Program Files\Java\jre6\bin\jusched.exe
      size: 136600
      MD5: B98FFA8288EFAABC436C30D198608345
      PID: 3440 (3112) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      size: 266497
      MD5: 6E812818306D460D62B4ABEA9FDC6679
      PID: 3508 (3112) C:\Windows\System32\rundll32.exe
      size: 44544
      MD5: 4B555106290BD117334E9A08761C035A
      PID: 3548 (3112) C:\Program Files\iTunes\iTunesHelper.exe
      size: 290088
      MD5: E6A4E341E4304B34AA280D3E73818C90
      PID: 3572 (3112) C:\Windows\WindowsMobile\wmdc.exe
      size: 648072
      MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B
      PID: 3584 (3112) C:\Program Files\Windows Sidebar\sidebar.exe
      size: 1233920
      MD5: FD278E51A7D6F52D22FCE6C67E037AD6
      PID: 3592 (3112) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      size: 455968
      MD5: 3C62EAE05B76BA809FA1DE327922E846
      PID: 3612 (3112) C:\Program Files\RocketDock\RocketDock.exe
      size: 495616
      MD5: 7DFCCC67990B6DE7F30F553A4E4612A4
      PID: 3620 (3112) C:\Windows\ehome\ehtray.exe
      size: 125952
      MD5: BF08674925F151BD4537B89A493E3E0C
      PID: 3704 (3484) C:\Windows\System32\rundll32.exe
      size: 44544
      MD5: 4B555106290BD117334E9A08761C035A
      PID: 3716 (3112) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      size: 727592
      MD5: 7C6F44557A55CE933D7063162FE92FB2
      PID: 2560 (3340) C:\Program Files\Apoint2K\ApMsgFwd.exe
      size: 50736
      MD5: 83A27BDC021979643DDE277BBA83F0C0
      PID: 716 ( 892) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      size: 1620520
      MD5: 54B2B810DDBF02BA122DE4214AC074DB
      PID: 2404 ( 892) C:\Windows\ehome\ehmsas.exe
      size: 37376
      MD5: 0F4195B9B348DE5CF9B822F81704B20E
      PID: 1400 (2240) C:\Program Files\Apoint2K\Apntex.exe
      size: 40960
      MD5: 99A7B10500920E5CC79B700927B18BC1
      PID: 3984 ( 892) C:\Windows\system32\wbem\unsecapp.exe
      size: 37888
      MD5: 25873356E52849C3F5B3F1B02317E8C8
      PID: 1684 ( 892) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      size: 677432
      MD5: 3B161E0C1D8F3253640D57B45FAC96DA
      PID: 2264 (3612) C:\Program Files\Mozilla Firefox\firefox.exe
      size: 307712
      MD5: D3D5F1B5AFC85B7EE35DD5F46F1D2CDB
      PID: 2460 (3112) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      size: 12310864
      MD5: 35EC2ACA2F0F37AA977F7D50DC2DFE54
      PID: 5772 (3112) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
      size: 5365592
      MD5: 0477C2F9171599CA5BC3307FDFBA8D89
      PID: 0 ( 0) [System Process]
      PID: 4 ( 0) System
      PID: 476 ( 4) smss.exe
      size: 64000
      PID: 612 ( 600) csrss.exe
      size: 6144
      PID: 672 ( 600) wininit.exe
      size: 96768
      PID: 684 ( 664) csrss.exe
      size: 6144
      PID: 720 ( 672) services.exe
      size: 279040
      PID: 732 ( 672) lsass.exe
      size: 9728
      PID: 740 ( 672) lsm.exe
      size: 229888
      PID: 892 ( 720) svchost.exe
      size: 21504
      PID: 900 ( 664) winlogon.exe
      size: 314880
      PID: 976 ( 720) svchost.exe
      size: 21504
      PID: 1032 ( 720) svchost.exe
      size: 21504
      PID: 1084 ( 720) svchost.exe
      size: 21504
      PID: 1112 ( 720) svchost.exe
      size: 21504
      PID: 1124 ( 720) svchost.exe
      size: 21504
      PID: 1220 (1084) audiodg.exe
      size: 88064
      PID: 1248 ( 720) SLsvc.exe
      size: 2623488
      PID: 1288 ( 720) svchost.exe
      size: 21504
      PID: 1404 ( 720) svchost.exe
      size: 21504
      PID: 1576 ( 720) spoolsv.exe
      size: 125952
      PID: 1600 ( 720) sched.exe
      PID: 1612 ( 720) svchost.exe
      size: 21504
      PID: 1804 ( 720) avguard.exe
      PID: 1820 ( 720) AppleMobileDeviceService.exe
      PID: 1844 ( 720) mDNSResponder.exe
      PID: 1864 ( 720) svchost.exe
      size: 21504
      PID: 1928 ( 720) LSSrvc.exe
      PID: 1980 ( 720) svchost.exe
      size: 21504
      PID: 2012 ( 720) RichVideo.exe
      PID: 124 ( 720) svchost.exe
      size: 21504
      PID: 416 ( 720) svchost.exe
      size: 21504
      PID: 468 ( 720) SearchIndexer.exe
      size: 439808
      PID: 1120 ( 720) XAudio.exe
      PID: 1480 ( 720) hpqWmiEx.exe
      PID: 2524 (1124) taskeng.exe
      size: 169472
      PID: 2616 ( 720) alg.exe
      size: 59392
      PID: 3824 ( 892) WmiPrvSE.exe
      PID: 3940 ( 720) svchost.exe
      size: 21504
      PID: 3504 ( 720) iPodService.exe
      PID: 4240 ( 720) HPHC_Service.exe


      --- Browser start & search pages list ---
      Spybot - Search & Destroy browser pages report, 03/03/2009 17:58:26

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
      C:\windows\system32\blank.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
      http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
      http://home.microsoft.com/access/autosearch.asp?p=%s
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
      C:\windows\system32\blank.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
      http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


      --- Winsock Layered Service Provider list ---
      Protocol 11: MSAFD Pgm (RDM)
      GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
      Filename: %SystemRoot%\system32\mswsock.dll

      Protocol 12: MSAFD Pgm (Stream)
      GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
      Filename: %SystemRoot%\system32\mswsock.dll

      Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
      GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
      Filename:

      Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
      GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
      Filename:

      Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
      GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
      Filename:



      --- Uninstall list ---
      Windows Driver Package - LiveScribe (SmartpenBus) USB (04/17/2008 1.4.0.24) 04/17/2008 1.4.0.24 (454A02F6BAC4E15A16F38288737F34C92B144A3F)
      uninstall cmd: C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\smartpenbus.inf_939273ce\smartpenbus.inf
      publisher: LiveScribe

      Activation Assistant for the 2007 Microsoft Office suites (Activation Assistant for the 2007 Microsoft Office suites)
      uninstall cmd: "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
      publisher: Microsoft Corporation
      help link: https://support.microsoft.com/contactussupport/?ws=support

      (AddressBook)

      Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
      uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
      publisher: Adobe Systems Incorporated
      help link: https://helpx.adobe.com/flash-player.html

      Adobe Flash Player 10 Plugin 10.0.12.36 (Adobe Flash Player Plugin)
      uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
      publisher: Adobe Systems Incorporated

      Adobe Shockwave Player 11 (Adobe Shockwave Player)
      version (major): 11
      install location: C:\Windows\system32\Adobe\
      uninstall cmd: C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
      publisher: Adobe Systems, Inc.
      help link: https://helpx.adobe.com/shockwave.html

      AIM 6 (AIM_6)
      uninstall cmd: C:\Program Files\AIM6\uninst.exe

      Avira AntiVir Personal - Free Antivirus (AntiVir PersonalEdition Classic)
      uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
      publisher: Avira GmbH
      help link: http://www.avira.com/classic-support

      (AOLOCP_Y)

      AviSynth 2.5 (AviSynth)
      uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"

      Windows Driver Package - LiveScribe (SmartpenCom) Ports (04/17/2008 1.4.0.24) 04/17/2008 1.4.0.24 (B9693DB3E7CA07457177CC243CBCEC6BF59FFD09)
      uninstall cmd: C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\smartpencom.inf_df883fcf\smartpencom.inf
      publisher: LiveScribe

      Bink and Smacker (Bink and Smacker)
      uninstall cmd: C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG

      BSPlayer (BSPlayer1)
      uninstall cmd: "C:\Program Files\Webteh\BSplayer\uninstall.exe"

      Conexant HD Audio 4.36.7.60 (CNXT_AUDIO_HDA)
      uninstall cmd: C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWiSVHez.INF
      publisher: Conexant

      HDAUDIO Soft Data Fax Modem with SmartCP (CNXT_MODEM_HDA_HSF)
      uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF

      (Connection Manager)

      Sacré Graal (DeinstGrail)

      (DirectDrawEx)

      (DXM_Runtime)

      eMule (eMule)
      uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

      (Fontcore)

      Hauppauge MCE XP/Vista Software Encoder (2.0.25149) 2.0.25149 (Hauppauge MCE2005 Software Encoder)
      uninstall cmd: C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
      publisher: Hauppauge Computer Works, Inc.
      help link: https://www.hauppauge.com/

      Heroes of Might and Magic® IV (Heroes of Might and Magic IV)
      uninstall cmd: C:\Windows\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll

      HijackThis 2.0.2 2.0.2 (HijackThis)
      uninstall cmd: "C:\Users\Arthur\Downloads\HijackThis.exe" /uninstall
      publisher: TrendMicro

      Version d'évaluation de Microsoft Office Home and Student 2007 12.0.6215.1000 (HOMESTUDENTR)
      install location: C:\Program Files\Microsoft Office
      uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
      publisher: Microsoft Corporation

      (IE40)

      (IE4Data)

      (IE5BAKEX)

      (IEData)

      (InstallShield Uninstall Information)

      CyberLink YouCam 1.0.1002 (InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D})
      version: 16777216
      version (major): 1
      estimated size: 39628
      install date: 20080509
      install location: C:\Program Files\CyberLink\YouCam\
      install source: C:\SWSetup\Youcam\
      uninstall cmd: "C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
      publisher: CyberLink Corp.
      help link: https://www.cyberlink.com/support/index.html
      help telephone: +886-2-86671298

      PowerDirector 6.5.2129 (InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1})
      version: 103940096
      version (major): 6
      version (minor): 50
      estimated size: 470960
      install date: 20080106
      install location: C:\Program Files\Cyberlink\PowerDirector\
      install source: C:\SwSetup\CyberDVD\Stage1\PDIR\
      uninstall cmd: "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
      publisher: CyberLink Corp.
      help link: https://www.cyberlink.com/support/index.html
      help telephone: +886-2-86671298

      K-Lite Codec Pack 4.1.4 (Standard) 4.1.4 (KLiteCodecPack_is1)
      install date: 20080927
      install location: C:\Program Files\K-Lite Codec Pack\
      uninstall cmd: "C:\Program Files\K-Lite Codec Pack\unins000.exe"

      Microsoft .NET Framework 1.1 Hotfix (KB929729) (M929729)
      uninstall cmd: "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

      Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
      install date: 20081004
      install location: C:\Program Files\Malwarebytes' Anti-Malware\
      uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      publisher: Malwarebytes Corporation
      help link: https://www.malwarebytes.com/

      Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
      uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      readme: file://C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

      Microsoft .NET Framework 3.5 (Microsoft .NET Framework 3.5)
      install location: C:\Windows\Microsoft.NET\Framework\v3.5\
      uninstall cmd: C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
      publisher: Microsoft Corporation
      help link: http://go.microsoft.com/fwlink/?LinkId=96416

      Module linguistique Microsoft .NET Framework 3.5 - fra (Microsoft .NET Framework 3.5 Language Pack - fra)
      install location: c:\Windows\Microsoft.NET\Framework\v3.5\
      uninstall cmd: c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
      publisher: Microsoft Corporation
      help link: http://go.microsoft.com/fwlink/?LinkId=96416

      (MobileOptionPack)

      Mozilla Firefox (3.0) 3.0 (fr) (Mozilla Firefox (3.0))
      install location: C:\Program Files\Mozilla Firefox
      uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      publisher: Mozilla
      comments: Mozilla Firefox

      (MPlayer2)

      (My HP Game Console)
      install location: C:\Program Files\HP Games\My HP Game Console
      uninstall cmd: "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
      publisher: WildTangent
      help link: https://support.wildtangent.com/hc/en-us

      NVIDIA Drivers (NVIDIA Drivers)
      uninstall cmd: C:\Windows\system32\NVUNINST.EXE UninstallGUI

      ObjectDock (ObjectDock)
      uninstall cmd: C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG

      (PROHYBRID2R)

      (PROHYBRIDR)

      RocketDock 1.3.5 (RocketDock_is1)
      install date: 20080816
      install location: C:\Program Files\RocketDock\
      uninstall cmd: "C:\Program Files\RocketDock\unins000.exe"
      publisher: Punk Software
      help link: http://forums.punksoftware.com

      (SchedulingAgent)

      (Shockwave)

      (SMALLBUSINESSR)

      (SmartAudio)
      uninstall cmd: C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
      publisher: Conexant

      Counter-Strike (Steam App 10)
      install location: c:\program files\steam\steamapps\bozzo_le_clown\counter-strike
      uninstall cmd: "C:\Program Files\Steam\steam.exe" steam://uninstall/10
      publisher: Valve
      help link: https://help.steampowered.com/en/

      Dark Messiah Might and Magic Multi-Player (Steam App 2130)
      install location: c:\program files\steam\steamapps\bozzo_le_clown\dark messiah might and magic multi-player
      uninstall cmd: "C:\Program Files\Steam\steam.exe" steam://uninstall/2130
      publisher: Ubisoft
      help link: https://help.steampowered.com/en/

      Day of Defeat: Source (Steam App 300)
      install location: c:\program files\steam\steamapps\bozzo_le_clown\day of defeat source
      uninstall cmd: "C:\Program Files\Steam\steam.exe" steam://uninstall/300
      publisher: Valve
      help link: https://help.steampowered.com/en/

      System Requirements Lab (SystemRequirementsLab)
      uninstall cmd: C:\Program Files\SystemRequirementsLab\Uninstall.exe

      Titan Quest (Titan Quest)
      uninstall cmd: "C:\Windows\Titan Quest\uninstall.exe" "/U:C:\Program Files\Titan Quest\Titan Quest\Uninstall\uninstall.xml"
      publisher: THQ
      contact: THQ Support Department
      help link: https://www.thqnordic.com

      TracePlus/Winsock 8.70.000 (TracePlus/Winsock)
      uninstall cmd: C:\PROGRA~1\TPWINS\unwise32.exe C:\PROGRA~1\TPWINS\install.log
      publisher: Systems, Software, Technology Incorporated
      contact: support@sstinc.com
      help link: http://www.sstinc.com/support.html

      Viewpoint Media Player (ViewpointMediaPlayer)
      uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

      VideoLAN VLC media player 0.8.6h 0.8.6h (VLC media player)
      uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
      publisher: VideoLAN Team

      Warcraft III (Warcraft III)
      uninstall cmd: C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat

      My HP Games HPCMPQ1902 (WildTangent hp Master Uninstall)
      install location: C:\Program Files\HP Games
      uninstall cmd: "C:\Program Files\HP Games\Uninstall.exe"
      publisher: WildTangent

      WinAVI Video Converter 8.0 8.0.1 (WinAVI Video Converter_is1)
      install date: 20080927
      install location: C:\Program Files\WinAVI Video Converter\
      uninstall cmd: "C:\Program Files\WinAVI Video Converter\unins000.exe"

      WinPcap 4.1 beta4 4.1.0.1237 (WinPcapInst)
      uninstall cmd: C:\Program Files\WinPcap\uninstall.exe
      publisher: CACE Technologies

      Archiveur WinRAR (WinRAR archiver)
      uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

      WinSesame (WinSesame)
      uninstall cmd: C:\Program Files\WinSesame\setup.exe

      WinXMedia AVI/WMV MP4 Converter 3.15 3.15 (WinXMedia AVI/WMV MP4 Converter)
      uninstall cmd: C:\Program Files\WinXMedia\WinXMedia WMV MP4 Converter\uninst.exe
      publisher: WinXMedia Software, Inc.

      WT026593 (WT026593)
      install location: C:\Program Files\HP Games\Bejeweled 2 Deluxe
      uninstall cmd: "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026599 (WT026599)
      install location: C:\Program Files\HP Games\Blasterball 2 Revolution
      uninstall cmd: "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026600 (WT026600)
      install location: C:\Program Files\HP Games\Blasterball 3
      uninstall cmd: "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026606 (WT026606)
      install location: C:\Program Files\HP Games\Bricks of Egypt
      uninstall cmd: "C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026615 (WT026615)
      install location: C:\Program Files\HP Games\Crystal Maze
      uninstall cmd: "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026617 (WT026617)
      install location: C:\Program Files\HP Games\FATE
      uninstall cmd: "C:\Program Files\HP Games\FATE\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026621 (WT026621)
      install location: C:\Program Files\HP Games\Chuzzle Deluxe
      uninstall cmd: "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026629 (WT026629)
      install location: C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk
      uninstall cmd: "C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026642 (WT026642)
      install location: C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue
      uninstall cmd: "C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026647 (WT026647)
      install location: C:\Program Files\HP Games\Fish Tycoon
      uninstall cmd: "C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026652 (WT026652)
      install location: C:\Program Files\HP Games\Mah Jong Quest
      uninstall cmd: "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026654 (WT026654)
      install location: C:\Program Files\HP Games\Peggle
      uninstall cmd: "C:\Program Files\HP Games\Peggle\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026655 (WT026655)
      install location: C:\Program Files\HP Games\Penguins!
      uninstall cmd: "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026656 (WT026656)
      install location: C:\Program Files\HP Games\Polar Bowler
      uninstall cmd: "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026657 (WT026657)
      install location: C:\Program Files\HP Games\Polar Golfer
      uninstall cmd: "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026658 (WT026658)
      install location: C:\Program Files\HP Games\Polar Golfer Pineapple Cup
      uninstall cmd: "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026659 (WT026659)
      install location: C:\Program Files\HP Games\Super Granny
      uninstall cmd: "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026683 (WT026683)
      install location: C:\Program Files\HP Games\Zuma Deluxe
      uninstall cmd: "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026685 (WT026685)
      install location: C:\Program Files\HP Games\Insaniquarium Deluxe
      uninstall cmd: "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026698 (WT026698)
      install location: C:\Program Files\HP Games\Slingo Deluxe
      uninstall cmd: "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026702 (WT026702)
      install location: C:\Program Files\HP Games\Gem Shop
      uninstall cmd: "C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026710 (WT026710)
      install location: C:\Program Files\HP Games\Ocean Express
      uninstall cmd: "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026718 (WT026718)
      install location: C:\Program Files\HP Games\Puzzle Express
      uninstall cmd: "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026729 (WT026729)
      install location: C:\Program Files\HP Games\Virtual Villagers - A New Home
      uninstall cmd: "C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026781 (WT026781)
      install location: C:\Program Files\HP Games\Tradewinds
      uninstall cmd: "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026797 (WT026797)
      install location: C:\Program Files\HP Games\Sudoku Quest
      uninstall cmd: "C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026813 (WT026813)
      install location: C:\Program Files\HP Games\Shooting Stars Pool
      uninstall cmd: "C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026836 (WT026836)
      install location: C:\Program Files\HP Games\Jewel Quest
      uninstall cmd: "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT026844 (WT026844)
      install location: C:\Program Files\HP Games\Diner Dash
      uninstall cmd: "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      WT027261 (WT027261)
      install location: C:\Program Files\HP Games\Magic Academy
      uninstall cmd: "C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
      publisher: WildTangent
      comments: Distributed by Hewlett-Packard Desktops

      CyberLink YouCam 1.0.1002 ({01FB4998-33C4-4431-85ED-079E3EEFE75D})
      version: 16777216
      version (major): 1
      estimated size: 39628
      install date: 20080509
      install location: C:\Program Files\CyberLink\YouCam\
      install source: C:\SWSetup\Youcam\
      publisher: CyberLink Corp.
      help link: https://www.cyberlink.com/support/index.html
      help telephone: +886-2-86671298

      HP Integrated Module with Bluetooth wireless technology 6.0.1.5500 6.0.1.5500 ({03D1988F-469F-4843-8E6E-E5FE9D17889D})
      version: 100663297
      version (major): 6
      estimated size: 41846
      install date: 20080509
      install source: C:\SWSETUP\Drivers\Btooth\Win32\
      uninstall cmd: MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
      publisher: HP
      help link: https://support.hp.com/us-en?openCLC=true
      help telephone:

      Steam 1.0.0.0 ({048298C9-A4D3-490B-9FF9-AB023A9238F3})
      version: 16777216
      version (major): 1
      estimated size: 1341
      install date: 20080703
      install source: C:\Users\Arthur\Downloads\
      uninstall cmd: MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
      publisher: Valve
      comments: Steam
      help link: https://help.steampowered.com/en/

      HP Doc Viewer 1.02.0001 ({082702D5-5DD8-4600-BCE5-48B15174687F})
      version: 16908289
      version (major): 1
      version (minor): 2
      estimated size: 500
      install date: 20080106
      install location: C:\Program Files\Hewlett-Packard\Documentation\
      install source: C:\Windows\Downloaded Installations\{4E9D4FDC-80D0-447A-B23C-7F115FF705D7}\
      uninstall cmd: MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
      publisher: Hewlett-Packard

      HP Update 4.000.007.003 ({11B83AD3-7A46-4C2E-A568-9505981D4C6F})
      version: 67108871
      version (major): 4
      estimated size: 3608
      install date: 20080106
      install source: C:\SwSetup\HPUpdate\
      uninstall cmd: MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
      publisher: Hewlett-Packard
      contact: https://support.hp.com/us-en?openCLC=true

      HP Active Support Library 2.3.0.2 ({11BB336F-0E58-4977-B866-F24FA334616B})
      version: 33751040
      version (major): 2
      version (minor): 3
      estimated size: 12206
      install date: 20080106
      install location: c:\Program Files\Hewlett-Packard\HP Health Check\
      install source: c:\swsetup\sp37021\
      publisher: Hewlett-Packard
      help link: https://www8.hp.com/fr/fr/home.html

      Counter-Strike 1.6 1.00.0000 ({13B792AA-C078-43A4-8A3A-8B12D629940D})
      version: 16777216
      install location: C:\Program Files\Valve
      uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19

      Adobe Shockwave Player 10.2.0.023 ({1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A})
      version: 167903232
      version (major): 10
      version (minor): 2
      estimated size: 10847
      install date: 20080106
      install source: C:\SwSetup\Shockwave\
      uninstall cmd: MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
      publisher: Adobe Systems, Inc.
      help link: https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html

      DVD Suite 5.5.0928 ({1FBF6C24-C1FD-4101-A42B-0C564F9E8E79})
      uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
      publisher: CyberLink Corp.

      Les Sims™ Histoires de vie 1.00.0000 ({2284D904-C138-4B58-93EC-5C362AB5130A})
      version: 16777216
      version (major): 1
      estimated size: 2785644
      install date: 20080703
      install location: C:\Program Files\Electronic Arts\Les Sims Histoires de vie\
      install source: C:\SwSetup\SimsLife\
      uninstall cmd: MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
      publisher: Electronic Arts

      Skype™ 4.0 4.0.206 ({24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D})
      version: 67109070
      version (major): 4
      estimated size: 32754
      install date: 20090228
      install location: C:\Program Files\Skype\
      install source: C:\ProgramData\Skype\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\
      uninstall cmd: MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
      publisher: Skype Technologies S.A.
      help link: http://ui.skype.com/ui/0/4.0.0.206/fr/help

      muvee autoProducer 6.1 6.10.050 ({250E9609-E830-43EB-B379-DAB7546A2422})
      version: 101318706
      install date: 20080106
      install location: C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE
      install source: C:\SWSETUP\MVEDV\
      uninstall cmd: C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
      publisher: muvee Technologies
      help link: https://www.muvee.com/

      Hewlett-Packard Active Check 1.1.11.0 ({254C37AA-6B72-4300-84F6-98A82419187E})
      version: 16842763
      version (major): 1
      version (minor): 1
      estimated size: 579
      install date: 20080106
      install source: c:\Users\ADMINI~1\AppData\Local\Temp\
      uninstall cmd: MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
      publisher: Hewlett-Packard

      MobileMe Control Panel 2.1.1.13 ({2604C0F9-BFD3-4BA0-9EB5-22537C648F03})
      version: 33619969
      version (major): 2
      version (minor): 1
      estimated size: 5263
      install date: 20081012
      install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
      install source: C:\Users\Arthur\AppData\Local\Apple\Apple Software Update\
      uninstall cmd: MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
      publisher: Apple Inc.
      contact: Assistance AppleCare
      help link: https://support.apple.com/fr-fr
      help telephone: 1-800-275-2273

      Java(TM) 6 Update 11 6.0.110 ({26A24AE4-039D-4CA4-87B4-2F83216011FF})
      version: 100663406
      version (major): 6
      estimated size: 96644
      install date: 20081219
      install location: C:\Program Files\Java\jre6\
      install source: C:\Users\Arthur\AppData\LocalLow\Sun\Java\jre1.6.0_11\
      uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
      publisher: Sun Microsystems, Inc.
      contact: https://www.java.com/en/
      help link: https://www.java.com/en/
      readme: C:\Program Files\Java\jre6\README.txt

      HP Help and Support 1.5.1 ({28EDCE9C-3304-4331-8AB3-F3EBE94C35B4})
      version: 17104897
      version (major): 1
      version (minor): 5
      estimated size: 50397
      install date: 20080106
      install source: C:\SwSetup\HSC\
      uninstall cmd: MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
      publisher: Hewlett-Packard
      comments: HP Customized Help and Support for Windows Vista 32-bit Systems
      contact: Hewlett-Packard
      help link: https://www.support.hp.com/us-en?openCLC=true
      help telephone: https://www8.hp.com/us/en/contact-hp/ww-contact-us.html

      Microsoft .NET Framework 3.5 3.5.21022 ({2FC099BD-AC9B-33EB-809C-D332E1B27C40})
      version: 50680350
      version (major): 3
      version (minor): 5
      estimated size: 47944
      install date: 20080718
      install source: C:\Users\Arthur\AppData\Local\Temp\IXP02087.tmp\dotnetfx35\x86\
      uninstall cmd: MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
      publisher: Microsoft Corporation

      iTunes 8.0.2.20 ({318AB667-3230-41B5-A617-CB3BF748D371})
      version: 134217730
      version (major): 8
      estimated size: 106354
      install date: 20081201
      install location: C:\Program Files\iTunes\
      install source: C:\Users\Arthur\AppData\Local\Apple\Apple Software Update\
      uninstall cmd: MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
      publisher: Apple Inc.
      contact: Assistance AppleCare
      help link: https://support.apple.com/fr-fr
      help telephone: +33 (0) 825 888 024

      Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
      version: 17170432
      version (major): 1
      version (minor): 6
      estimated size: 172102
      install date: 20080106
      install source: C:\Users\Administrator\AppData\LocalLow\Sun\Java\jre1.6.0_02\
      uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
      publisher: Sun Microsystems, Inc.
      contact: https://www.java.com/en/
      help link: https://www.java.com/en/
      readme: C:\Program Files\Java\jre1.6.0_02\README.txt

      Java(TM) 6 Update 7 1.6.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0160070})
      version: 17170432
      version (major): 1
      version (minor): 6
      estimated size: 139514
      install date: 20080821
      install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_07-b06/windows-i586/<
      0
  2. PL59 Messages postés 634 Statut Membre 21
     
    Tu la fais en mode sans échec j'espère le nettoyage ? Tiens moi au courant

    Cordialement PL59
    0
    1. Tarzanlabanane
       
      Oui oui, l'étpae 2 a été faite en mode sans échec, j'ai suivi ton tuto à la lettre :)
      0
  3. PL59 Messages postés 634 Statut Membre 21
     
    As tu fais un coup de Spybot Tiens moi au courant
    0
    1. Tarzanlabanane
       
      Voila, désolé du délai je n'arrivai pas à obtenir le rapport... Toujours pas d'amélioration, mai le voici :


      --- Search result list ---
      MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixing failed)
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

      MeMedia.AdVantage: [SBI $E0E6B2C4] Root class (Clé du registre, fixing failed)
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEAD.1

      MegaUploadToolbar: [SBI $DA7EBDE6] Barre d'outils IE (Valeur du registre, fixed)
      HKEY_USERS\S-1-5-21-3870820789-2705368135-1562365438-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}

      MegaUploadToolbar: [SBI $998A0E3C] Exécutable (Fichier, fixed)
      C:\ProgramData\Megaupload\Megauper.exe
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      MegaUploadToolbar: [SBI $395CBDB1] Dossier Programme (Répertoire, fixing failed)
      C:\ProgramData\Megaupload\

      MegaUploadToolbar: [SBI $EB10C2BD] Exécutable (Fichier, fixed)
      C:\ProgramData\EmailNotifier\EmailNotifier.exe
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      MegaUploadToolbar: [SBI $F664B537] Exécutable (Fichier, fixed)
      C:\ProgramData\EmailNotifier\EmailNotifierAPI.dll
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      MegaUploadToolbar: [SBI $1E82DC0D] Donnée (Fichier, fixed)
      C:\ProgramData\EmailNotifier\EmailNotifierEN.lng
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      MegaUploadToolbar: [SBI $1E82DC0D] Donnée (Fichier, fixed)
      C:\ProgramData\EmailNotifier\EmailNotifierFR.lng
      Properties.size=0
      Properties.md5=D41D8CD98F00B204E9800998ECF8427E

      MegaUploadToolbar: [SBI $2E6D42A0] Dossier Programme (Répertoire, fixed)
      C:\ProgramData\EmailNotifier\

      Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, nothing done)
      C:\Windows\System32\gjiSYaJl.ini2
      Properties.size=345
      Properties.md5=5F07952871E38238EADF6822557A642E
      Properties.filedate=1222871154
      Properties.filedatetext=2008-10-01 15:25:53

      Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, nothing done)
      C:\Windows\System32\GOnnonpo.ini2
      Properties.size=1918
      Properties.md5=D375AB28105333881FD75C1132031026
      Properties.filedate=1222898559
      Properties.filedatetext=2008-10-01 23:02:39

      Virtumonde: [SBI $FD08B4B7] Fichier de configuration (Fichier, nothing done)
      C:\Windows\System32\sAcbLnpo.ini2
      Properties.size=345
      Properties.md5=D1ADEA2C408904CFA039AAF3B194ED7F
      Properties.filedate=1222899067
      Properties.filedatetext=2008-10-01 23:11:06

      Virtumonde: [SBI $2A2DCEAC] Fichier de configuration (Fichier, nothing done)
      C:\Windows\System32\sAcbLnpo.ini
      Properties.size=559117
      Properties.md5=71EF0CB061BB0E5F89F9B7E9BB00CA4B
      Properties.filedate=1222899137
      Properties.filedatetext=2008-10-01 23:12:16

      Virtumonde: [SBI $1E12D746] Réglages utilisateur (Clé du registre, fixed)
      HKEY_USERS\S-1-5-21-3870820789-2705368135-1562365438-1000\Software\Microsoft\fias4013

      DoubleClick: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)


      FastClick: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)


      BlueStreak: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)


      MediaPlex: Cookie traceur (Internet Explorer: Arthur) (Cookie, fixed)


      BlueStreak: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      DoubleClick: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      WebTrends live: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Zedo: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      BurstMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      FastClick: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      FastClick: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      CasaleMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      BurstMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      BurstMedia: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Statcounter: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Tradedoubler: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      MediaPlex: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Adviva: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)


      Statcounter: Cookie traceur (Firefox: Arthur (default)) (Cookie, fixed)



      --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

      2009-01-26 blindman.exe (1.0.0.8)
      2009-01-26 SDFiles.exe (1.6.1.7)
      2009-01-26 SDMain.exe (1.0.0.6)
      2009-01-26 SDShred.exe (1.0.2.5)
      2009-01-26 SDUpdate.exe (1.6.0.12)
      2009-01-26 SDWinSec.exe (1.0.0.12)
      2009-01-26 SpybotSD.exe (1.6.2.46)
      2009-01-26 TeaTimer.exe (1.6.4.26)
      2009-03-03 unins000.exe (51.49.0.0)
      2009-01-26 Update.exe (1.6.0.7)
      2009-01-26 advcheck.dll (1.6.2.15)
      2007-04-02 aports.dll (2.1.0.0)
      2008-06-14 DelZip179.dll (1.79.11.1)
      2009-01-26 SDHelper.dll (1.6.2.14)
      2008-06-19 sqlite3.dll
      2009-01-26 Tools.dll (2.1.6.10)
      2009-01-16 UninsSrv.dll (1.0.0.0)
      2009-01-22 Includes\Adware.sbi (*)
      2009-01-22 Includes\AdwareC.sbi (*)
      2009-01-22 Includes\Cookies.sbi (*)
      2009-01-06 Includes\Dialer.sbi (*)
      2009-01-22 Includes\DialerC.sbi (*)
      2009-01-22 Includes\HeavyDuty.sbi (*)
      2009-02-10 Includes\Hijackers.sbi (*)
      2009-02-10 Includes\HijackersC.sbi (*)
      2008-12-09 Includes\Keyloggers.sbi (*)
      2009-02-17 Includes\KeyloggersC.sbi (*)
      2004-11-29 Includes\LSP.sbi (*)
      2009-02-24 Includes\Malware.sbi (*)
      2009-02-24 Includes\MalwareC.sbi (*)
      2008-12-16 Includes\PUPS.sbi (*)
      2009-02-24 Includes\PUPSC.sbi (*)
      2009-01-22 Includes\Revision.sbi (*)
      2009-01-13 Includes\Security.sbi (*)
      2009-02-10 Includes\SecurityC.sbi (*)
      2008-06-03 Includes\Spybots.sbi (*)
      2008-06-03 Includes\SpybotsC.sbi (*)
      2009-01-28 Includes\Spyware.sbi (*)
      2009-01-28 Includes\SpywareC.sbi (*)
      2008-06-03 Includes\Tracks.uti
      2009-02-24 Includes\Trojans.sbi (*)
      2009-02-24 Includes\TrojansC.sbi (*)
      2008-03-04 Plugins\Chai.dll
      2008-03-05 Plugins\Fennel.dll
      2008-02-26 Plugins\Mate.dll
      2007-12-24 Plugins\TCPIPAddress.dll



      --- System information ---
      Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)


      --- Startup entries list ---
      Located: HK_LM:Run, Adobe Reader Speed Launcher
      command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      size: 39792
      MD5: 392845E8D49B5F0E81AAC4D795000A8C

      Located: HK_LM:Run, Apoint
      command: C:\Program Files\Apoint2K\Apoint.exe
      file: C:\Program Files\Apoint2K\Apoint.exe
      size: 159744
      MD5: A91148D8F5AB52EFF43804BD60314BC2

      Located: HK_LM:Run, AppleSyncNotifier
      command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      size: 111936
      MD5: 3D50C85D295D4C6D0A5CD9F21481ECEA

      Located: HK_LM:Run, avgnt
      command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      size: 266497
      MD5: 6E812818306D460D62B4ABEA9FDC6679

      Located: HK_LM:Run, HP Health Check Scheduler
      command: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      file: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      size: 0
      MD5: D41D8CD98F00B204E9800998ECF8427E
      Warning: if the file is actually larger than 0 bytes,
      the checksum could not be properly calculated!

      Located: HK_LM:Run, HP Software Update
      command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      size: 54840
      MD5: 21293443961A4E2597453EE7A9347F22

      Located: HK_LM:Run, hpWirelessAssistant
      command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      size: 480560
      MD5: CB4EE42EE2D33A58EFD48C276B683663

      Located: HK_LM:Run, IAAnotif
      command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      size: 174616
      MD5: FBC211A75FE4C2DEAA10B130728D376D

      Located: HK_LM:Run, iTunesHelper
      command: "C:\Program Files\iTunes\iTunesHelper.exe"
      file: C:\Program Files\iTunes\iTunesHelper.exe
      size: 290088
      MD5: E6A4E341E4304B34AA280D3E73818C90

      Located: HK_LM:Run, NvCplDaemon
      command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      file: C:\Windows\system32\NvCpl.dll
      size: 8497696
      MD5: 217E2B91EAAEAFDAFF1DB718B062C7A0

      Located: HK_LM:Run, NvMediaCenter
      command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      file: C:\Windows\system32\NvMcTray.dll
      size: 81920
      MD5: 7F493300E035FEC8DBE031969B291766

      Located: HK_LM:Run, NvSvc
      command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      file: C:\Windows\system32\nvsvc.dll
      size: 86016
      MD5: 48769100E4A0C3335F8C775BE8BF9E34

      Located: HK_LM:Run, OnScreenDisplay
      command: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      file: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      size: 554320
      MD5: 2CF59B201A59D0FF5534089F76297559

      Located: HK_LM:Run, QuickTime Task
      command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      file: C:\Program Files\QuickTime\QTTask.exe
      size: 413696
      MD5: 9C9B6807425CEF840C117654D8B033D1

      Located: HK_LM:Run, SunJavaUpdateSched
      command: "C:\Program Files\Java\jre6\bin\jusched.exe"
      file: C:\Program Files\Java\jre6\bin\jusched.exe
      size: 136600
      MD5: B98FFA8288EFAABC436C30D198608345

      Located: HK_LM:Run, UCam_Menu
      command: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
      file: C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
      size: 218408
      MD5: D2A93F854393C7D3BA09893F1EA264CD

      Located: HK_LM:Run, WAWifiMessage
      command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      size: 311296
      MD5: B8AF02700299CD308046BB9339165813

      Located: HK_LM:Run, Windows Defender
      command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      file: C:\Program Files\Windows Defender\MSASCui.exe
      size: 1008184
      MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

      Located: HK_LM:Run, Windows Mobile Device Center
      command: %windir%\WindowsMobile\wmdc.exe
      file: C:\Windows\WindowsMobile\wmdc.exe
      size: 648072
      MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

      Located: HK_LM:Run, winsesame_del
      command: C:\Program Files\WinSesame\effaceur.exe
      file: C:\Program Files\WinSesame\effaceur.exe
      size: 151552
      MD5: F53D2C6357777897B16BA53517B1845C

      Located: HK_CU:Run, ehTray.exe
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Windows\ehome\ehTray.exe
      file: C:\Windows\ehome\ehTray.exe
      size: 125952
      MD5: BF08674925F151BD4537B89A493E3E0C

      Located: HK_CU:Run, LightScribe Control Panel
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      size: 455968
      MD5: 3C62EAE05B76BA809FA1DE327922E846

      Located: HK_CU:Run, RocketDock
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: "C:\Program Files\RocketDock\RocketDock.exe"
      file: C:\Program Files\RocketDock\RocketDock.exe
      size: 495616
      MD5: 7DFCCC67990B6DE7F30F553A4E4612A4

      Located: HK_CU:Run, Sidebar
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      file: C:\Program Files\Windows Sidebar\sidebar.exe
      size: 1233920
      MD5: FD278E51A7D6F52D22FCE6C67E037AD6

      Located: HK_CU:Run, SpybotSD TeaTimer
      where: S-1-5-21-3870820789-2705368135-1562365438-1000...
      command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      size: 2144088
      MD5: 896A1DB9A972AD2339C2E8569EC926D1

      Located: Démarrage (tous utilisateurs), BTTray.lnk
      where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
      command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      size: 727592
      MD5: 7C6F44557A55CE933D7063162FE92FB2

      Located: Démarrage (utilisateur), OneNote 2007 - Capture d'écran et lancement.lnk
      where: C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
      command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      size: 101440
      MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681



      --- Browser helper object list ---
      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
      location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      BHO name:
      CLSID name: Java(tm) Plug-In SSV Helper
      Path: C:\Program Files\Java\jre6\bin\
      Long name: ssv.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 320920
      Attributes: archive
      MD5: 35E6FB6E6003BD54A5D69C9C1C762192
      CRC32: 9699660C
      Version: 6.0.110.3

      {bf00e119-21a3-4fd1-b178-3b8537e75c92} (MegaIEMn)
      location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      BHO name: MegaIEMn
      CLSID name: IeMonitorBho Class
      Path: C:\Program Files\Megaupload\Mega Manager\
      Long name: MegaIEMn.dll
      Short name:
      Date (created): 19/11/2008 22:21:32
      Date (last access): 19/11/2008 22:21:32
      Date (last write): 23/06/2008 16:41:14
      Filesize: 110592
      Attributes: archive
      MD5: 49C4CB0A7EE5B886E65A50F62E60AD7C
      CRC32: 416DC79D
      Version: 3.1.0.0

      {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
      location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      BHO name:
      CLSID name: Java(tm) Plug-In 2 SSV Helper
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2ssv.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 34816
      Attributes: archive
      MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
      CRC32: D7C13FB2
      Version: 6.0.110.3



      --- ActiveX list ---
      {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_11
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
      description: Sun Java
      classification: Legitimate
      known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
      info link:
      info source: Patrick M. Kolla
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_02
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_07
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_11
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: jp2iexp.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 94208
      Attributes: archive
      MD5: 3DA696FCE470365F830726A5DB33733F
      CRC32: F0FC81C2
      Version: 6.0.110.3

      {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
      DPF name: Java Runtime Environment 1.6.0
      CLSID name: Java Plug-in 1.6.0_11
      Installer:
      Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
      Path: C:\Program Files\Java\jre6\bin\
      Long name: npjpi160_11.dll
      Short name:
      Date (created): 19/12/2008 00:09:16
      Date (last access): 19/12/2008 00:09:16
      Date (last write): 19/12/2008 00:09:16
      Filesize: 132504
      Attributes: archive
      MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
      CRC32: CECB5751
      Version: 6.0.110.3



      --- Process list ---
      PID: 3024 (1144) C:\Windows\system32\taskeng.exe
      size: 169472
      MD5: 5F109032CE46B7184ED9E50F9FE8489E
      PID: 3088 (1124) C:\Windows\system32\Dwm.exe
      size: 81920
      MD5: 59903071D7ACE6A02093C47E9E38AF97
      PID: 3136 (3060) C:\Windows\Explorer.EXE
      size: 2927104
      MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
      PID: 3356 (3136) C:\Program Files\Apoint2K\Apoint.exe
      size: 159744
      MD5: A91148D8F5AB52EFF43804BD60314BC2
      PID: 3376 (3136) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      size: 554320
      MD5: 2CF59B201A59D0FF5534089F76297559
      PID: 3392 (3136) C:\Program Files\Windows Defender\MSASCui.exe
      size: 1008184
      MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
      PID: 3400 (3136) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
      size: 54840
      MD5: 21293443961A4E2597453EE7A9347F22
      PID: 3416 (3136) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      size: 480560
      MD5: CB4EE42EE2D33A58EFD48C276B683663
      PID: 3428 (3136) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      size: 311296
      MD5: B8AF02700299CD308046BB9339165813
      PID: 3436 (3136) C:\Program Files\Java\jre6\bin\jusched.exe
      size: 136600
      MD5: B98FFA8288EFAABC436C30D198608345
      PID: 3460 (3136) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      size: 266497
      MD5: 6E812818306D460D62B4ABEA9FDC6679
      PID: 3496 (3136) C:\Windows\System32\rundll32.exe
      size: 44544
      MD5: 4B555106290BD117334E9A08761C035A
      PID: 3596 (3472) C:\Windows\System32\rundll32.exe
      size: 44544
      MD5: 4B555106290BD117334E9A08761C035A
      PID: 3660 (3136) C:\Program Files\iTunes\iTunesHelper.exe
      size: 290088
      MD5: E6A4E341E4304B34AA280D3E73818C90
      PID: 3676 (3136) C:\Windows\WindowsMobile\wmdc.exe
      size: 648072
      MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B
      PID: 3692 (3136) C:\Program Files\Windows Sidebar\sidebar.exe
      size: 1233920
      MD5: FD278E51A7D6F52D22FCE6C67E037AD6
      PID: 3708 (3136) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      size: 455968
      MD5: 3C62EAE05B76BA809FA1DE327922E846
      PID: 3784 (3136) C:\Program Files\RocketDock\RocketDock.exe
      size: 495616
      MD5: 7DFCCC67990B6DE7F30F553A4E4612A4
      PID: 3808 (3136) C:\Windows\ehome\ehtray.exe
      size: 125952
      MD5: BF08674925F151BD4537B89A493E3E0C
      PID: 3856 (3136) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      size: 727592
      MD5: 7C6F44557A55CE933D7063162FE92FB2
      PID: 2568 ( 936) C:\Windows\ehome\ehmsas.exe
      size: 37376
      MD5: 0F4195B9B348DE5CF9B822F81704B20E
      PID: 3008 (3260) C:\Program Files\Apoint2K\Apntex.exe
      size: 40960
      MD5: 99A7B10500920E5CC79B700927B18BC1
      PID: 3572 ( 936) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      size: 1620520
      MD5: 54B2B810DDBF02BA122DE4214AC074DB
      PID: 3844 ( 936) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      size: 677432
      MD5: 3B161E0C1D8F3253640D57B45FAC96DA
      PID: 1980 ( 936) C:\Windows\system32\wbem\unsecapp.exe
      size: 37888
      MD5: 25873356E52849C3F5B3F1B02317E8C8
      PID: 3588 (3136) C:\Program Files\Mozilla Firefox\firefox.exe
      size: 307712
      MD5: D3D5F1B5AFC85B7EE35DD5F46F1D2CDB
      PID: 5448 (5396) C:\Windows\system32\conime.exe
      size: 69120
      MD5: F96EBC5A624349D81DCC7600A3C5DC43
      PID: 5296 (3136) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      size: 12310864
      MD5: 35EC2ACA2F0F37AA977F7D50DC2DFE54
      PID: 2540 (1244) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
      size: 5365592
      MD5: 0477C2F9171599CA5BC3307FDFBA8D89
      PID: 4224 ( 936) C:\Windows\system32\DllHost.exe
      size: 7168
      MD5: BE01E566D1F569AAB32D0335613E1EEA
      PID: 0 ( 0) [System Process]
      PID: 4 ( 0) System
      PID: 476 ( 4) smss.exe
      size: 64000
      PID: 620 ( 608) csrss.exe
      size: 6144
      PID: 672 ( 608) wininit.exe
      size: 96768
      PID: 684 ( 664) csrss.exe
      size: 6144
      PID: 720 ( 672) services.exe
      size: 279040
      PID: 732 ( 672) lsass.exe
      size: 9728
      PID: 740 ( 672) lsm.exe
      size: 229888
      PID: 816 ( 664) winlogon.exe
      size: 314880
      PID: 936 ( 720) svchost.exe
      size: 21504
      PID: 996 ( 720) svchost.exe
      size: 21504
      PID: 1048 ( 720) svchost.exe
      size: 21504
      PID: 1096 ( 720) svchost.exe
      size: 21504
      PID: 1124 ( 720) svchost.exe
      size: 21504
      PID: 1144 ( 720) svchost.exe
      size: 21504
      PID: 1224 (1096) audiodg.exe
      size: 88064
      PID: 1252 ( 720) SLsvc.exe
      size: 2623488
      PID: 1292 ( 720) svchost.exe
      size: 21504
      PID: 1396 ( 720) svchost.exe
      size: 21504
      PID: 1580 ( 720) spoolsv.exe
      size: 125952
      PID: 1604 ( 720) sched.exe
      PID: 1616 ( 720) svchost.exe
      size: 21504
      PID: 1788 ( 720) avguard.exe
      PID: 1816 ( 720) AppleMobileDeviceService.exe
      PID: 1832 ( 720) mDNSResponder.exe
      PID: 1852 ( 720) svchost.exe
      size: 21504
      PID: 1904 ( 720) LSSrvc.exe
      PID: 2040 ( 720) svchost.exe
      size: 21504
      PID: 320 ( 720) RichVideo.exe
      PID: 488 ( 720) svchost.exe
      size: 21504
      PID: 788 ( 720) svchost.exe
      size: 21504
      PID: 876 ( 720) SearchIndexer.exe
      size: 439808
      PID: 1388 ( 720) XAudio.exe
      PID: 1704 ( 720) hpqWmiEx.exe
      PID: 2500 (1144) taskeng.exe
      size: 169472
      PID: 2632 ( 720) alg.exe
      size: 59392
      PID: 3516 ( 936) WmiPrvSE.exe
      PID: 3820 ( 720) svchost.exe
      size: 21504
      PID: 2528 (3356) ApMsgFwd.exe
      PID: 2804 ( 720) iPodService.exe
      PID: 4296 ( 720) HPHC_Service.exe
      PID: 2344 ( 876) SearchProtocolHost.exe
      size: 184832
      PID: 4860 ( 876) SearchFilterHost.exe
      size: 87552


      --- Browser start & search pages list ---
      Spybot - Search & Destroy browser pages report, 03/03/2009 15:36:36

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
      C:\windows\system32\blank.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
      http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
      http://home.microsoft.com/access/autosearch.asp?p=%s
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
      C:\windows\system32\blank.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
      http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


      --- Winsock Layered Service Provider list ---
      Protocol 11: MSAFD Pgm (RDM)
      GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
      Filename: %SystemRoot%\system32\mswsock.dll

      Protocol 12: MSAFD Pgm (Stream)
      GUID: {27FC80F6-DD23-4DBF-95B3-2EAE2BC69479}
      Filename: %SystemRoot%\system32\mswsock.dll

      Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
      GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
      Filename:

      Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
      GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
      Filename:

      Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
      GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
      Filename:



      --- Uninstall list ---


      --- System Services ---
      Service (registry key): .NET CLR Data
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): .NET CLR Networking
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): .NET Data Provider for Oracle
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): .NET Data Provider for SqlServer
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): .NETFramework
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): ACPI
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote ACPI Microsoft
      Image path: system32\drivers\acpi.sys
      Image size: 266808
      Image MD5: FCB8C7210F0135E24C6580F7F649C73C
      Control Set: CurrentControlSet
      Start: 0
      Type: 1
      Error Control: 3

      Service (registry key): adp94xx
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\adp94xx.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): adpahci
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\adpahci.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): adpu160m
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\adpu160m.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): adpu320
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\adpu320.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): adsi
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): AeLookupSvc
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
      Description: @%SystemRoot%\system32\aelupsvc.dll,-2
      Object name: localSystem
      Image path: %systemroot%\system32\svchost.exe -k netsvcs
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 2
      Type: 32
      Error Control: 1

      Service (registry key): AFD
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Ancilliary Function Driver for Winsock
      Description: Ancilliary Function Driver for Winsock
      Image path: \SystemRoot\system32\drivers\afd.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 1
      Type: 1
      Error Control: 1

      Service (registry key): agp440
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Intel AGP Bus Filter
      Image path: \SystemRoot\system32\drivers\agp440.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): aic78xx
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\djsvs.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): ALG
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\system32\Alg.exe,-112
      Description: @%SystemRoot%\system32\Alg.exe,-113
      Object name: NT AUTHORITY\LocalService
      Image path: %SystemRoot%\System32\alg.exe
      Image size: 59392
      Image MD5: A1545B731579895D8CC44FC0481C1192
      Control Set: CurrentControlSet
      Start: 3
      Type: 16
      Error Control: 1

      Service (registry key): aliide
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\aliide.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 3

      Service (registry key): amdagp
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: AMD AGP Bus Filter Driver
      Image path: \SystemRoot\system32\drivers\amdagp.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): amdide
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\amdide.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 3

      Service (registry key): AmdK7
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: AMD K7 Processor Driver
      Image path: \SystemRoot\system32\drivers\amdk7.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): AmdK8
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: AMD K8 Processor Driver
      Image path: \SystemRoot\system32\drivers\amdk8.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): AntiVirScheduler
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Avira AntiVir Personal – Free Antivirus Scheduler
      Description: Service to schedule Avira AntiVir Personal – Free Antivirus jobs and updates.
      Object name: LocalSystem
      Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
      Image size: 68865
      Image MD5: D6C8942BEA3698A2E7559BD423BFA5D7
      Control Set: CurrentControlSet
      Start: 2
      Type: 16
      Error Control: 1

      Service (registry key): AntiVirService
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Avira AntiVir Personal – Free Antivirus Guard
      Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
      Object name: LocalSystem
      Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
      Image size: 151297
      Image MD5: 335A142923FE7F97E8C8388ACD067568
      Control Set: CurrentControlSet
      Start: 2
      Type: 16
      Error Control: 1

      Service (registry key): ApfiltrService
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Alps Pointing-device Filter Driver
      Image path: system32\DRIVERS\Apfiltr.sys
      Image size: 141312
      Image MD5: B49A709F65BF3BEAA2B03F8EC139D568
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 0

      Service (registry key): Appinfo
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%systemroot%\system32\appinfo.dll,-100
      Description: @%systemroot%\system32\appinfo.dll,-101
      Object name: LocalSystem
      Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 3
      Type: 32
      Error Control: 1
      Depends On services: RpcSs,ProfSvc

      Service (registry key): Apple Mobile Device
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Apple Mobile Device
      Description: Fournit l’interface pour les appareils mobiles Apple.
      Object name: LocalSystem
      Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
      Image size: 132424
      Image MD5: A8AA9D47F971570A5162B862B80F87E8
      Control Set: CurrentControlSet
      Start: 2
      Type: 16
      Error Control: 1
      Depends On services: Tcpip

      Service (registry key): arc
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\arc.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): arcsas
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\arcsas.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): ASP.NET_1.1.4322
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): aspnet_state
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Service d'état ASP.NET
      Description: Assure la prise en charge des états de session out-of-process pour ASP.NET. En cas d'interruption de ce service, les demandes out-of process ne sont pas traitées. En cas de désactivation du service, le démarrage de tout service qui dépend explicitement de ce service est impossible.
      Object name: NT AUTHORITY\NetworkService
      Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
      Image size: 33800
      Image MD5: CA89A5872DAFAB3D1932275D3EDA26D8
      Control Set: CurrentControlSet
      Start: 3
      Type: 16
      Error Control: 1

      Service (registry key): AsyncMac
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote de média asynchrone RAS
      Description: Pilote de média asynchrone RAS
      Image path: system32\DRIVERS\asyncmac.sys
      Image size: 17408
      Image MD5: 53B202ABEE6455406254444303E87BE1
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): atapi
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Canal IDE
      Image path: system32\drivers\atapi.sys
      Image size: 21560
      Image MD5: 2D9C903DC76A66813D350A562DE40ED9
      Control Set: CurrentControlSet
      Start: 0
      Type: 1
      Error Control: 3

      Service (registry key): AudioEndpointBuilder
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\system32\audiosrv.dll,-204
      Description: @%SystemRoot%\System32\audiosrv.dll,-205
      Object name: LocalSystem
      Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 2
      Type: 32
      Error Control: 1
      Depends On services: PlugPlay

      Service (registry key): Audiosrv
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\system32\audiosrv.dll,-200
      Description: @%SystemRoot%\System32\audiosrv.dll,-201
      Object name: NT AUTHORITY\LocalService
      Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 2
      Type: 32
      Error Control: 1
      Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

      Service (registry key): avgio
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: avgio
      Image path: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 1
      Type: 1
      Error Control: 1
      Depends On services: FltMgr

      Service (registry key): avgntflt
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: avgntflt
      Description: Avira AntiVir Personal – Free Antivirus mini-filter used for on-access scan to provide real-time antivirus security.
      Image path: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 3
      Type: 2
      Error Control: 1
      Depends On services: FltMgr

      Service (registry key): avipbb
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: avipbb
      Description: Avira's Driver for RootKit Detection
      Image path: system32\DRIVERS\avipbb.sys
      Image size: 75072
      Image MD5: 4AE8120E2F9466894849EE3C97A65101
      Control Set: CurrentControlSet
      Start: 1
      Type: 1
      Error Control: 1

      Service (registry key): BattC
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): BCM43XV
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Broadcom Extensible 802.11 Network Adapter Driver
      Image path: system32\DRIVERS\bcmwl6.sys
      Image size: 464384
      Image MD5: CF6A67C90951E3E763D2135DEDE44B85
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): Beep
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Beep
      Control Set: CurrentControlSet
      Start: 1
      Type: 1
      Error Control: 1

      Service (registry key): BFE
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\system32\bfe.dll,-1001
      Description: @%SystemRoot%\system32\bfe.dll,-1002
      Object name: NT AUTHORITY\LocalService
      Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 2
      Type: 32
      Error Control: 1
      Depends On services: RpcSs

      Service (registry key): BITS
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\system32\qmgr.dll,-1000
      Description: @%SystemRoot%\system32\qmgr.dll,-1001
      Object name: LocalSystem
      Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 2
      Type: 32
      Error Control: 1
      Depends On services: RpcSs,EventSystem

      Service (registry key): blbdrive
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: \SystemRoot\system32\drivers\blbdrive.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): Bonjour Service
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Service Bonjour
      Description: Bonjour permet à des applications comme iTunes et Safari d’annoncer et de découvrir des services sur le réseau local. En gardant Bonjour en exécution, vous pouvez vous connecter à des périphériques comme l’Apple TV et à des services logiciels comme le partage iTunes et AirTunes. Si vous désactivez Bonjour, tous les services réseau qui en dépendent de manière explicite ne démarreront pas.
      Object name: LocalSystem
      Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
      Image size: 238888
      Image MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
      Control Set: CurrentControlSet
      Start: 2
      Type: 16
      Error Control: 1
      Depends On services: Tcpip

      Service (registry key): bowser
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Bowser
      Description: Implements the datagram receiver for the computer browser browser service.
      Image path: system32\DRIVERS\bowser.sys
      Image size: 69632
      Image MD5: 74B442B2BE1260B7588C136177CEAC66
      Control Set: CurrentControlSet
      Start: 3
      Type: 2
      Error Control: 1

      Service (registry key): BrFiltLo
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Brother USB Mass-Storage Lower Filter Driver
      Image path: \SystemRoot\system32\drivers\brfiltlo.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): BrFiltUp
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Brother USB Mass-Storage Upper Filter Driver
      Image path: \SystemRoot\system32\drivers\brfiltup.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): Browser
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%systemroot%\system32\browser.dll,-100
      Description: @%systemroot%\system32\browser.dll,-101
      Object name: LocalSystem
      Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 2
      Type: 32
      Error Control: 1
      Depends On services: LanmanWorkstation,LanmanServer

      Service (registry key): Brserid
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Brother MFC Serial Port Interface Driver (WDM)
      Image path: \SystemRoot\system32\drivers\brserid.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): BrSerWdm
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Brother WDM Serial driver
      Image path: \SystemRoot\system32\drivers\brserwdm.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): BrUsbMdm
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Brother MFC USB Fax Only Modem
      Image path: \SystemRoot\system32\drivers\brusbmdm.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): BrUsbSer
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Brother MFC USB Serial WDM Driver
      Image path: \SystemRoot\system32\drivers\brusbser.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): BthEnum
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote de bloc de demande Bluetooth
      Image path: system32\DRIVERS\BthEnum.sys
      Image size: 19456
      Image MD5: DA7B195275BDA7F8FCF79B40E0F45DDE
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): BTHMODEM
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote de communication série Bluetooth
      Image path: system32\DRIVERS\bthmodem.sys
      Image size: 39936
      Image MD5: 5FFA6988FF9597986FF2ADA736CC90C0
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): BthPan
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Périphérique Bluetooth (réseau personnel)
      Description: Périphérique Bluetooth (réseau personnel)
      Image path: system32\DRIVERS\bthpan.sys
      Image size: 92160
      Image MD5: 5904EFA25F829BF84EA6FB045134A1D8
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): BTHPORT
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote de port Bluetooth
      Image path: System32\Drivers\BTHport.sys
      Image size: 220160
      Image MD5: 73D53F8E90550BA81E2CF44A0873B410
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): BthServ
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\System32\bthserv.dll,-101
      Object name: NT AUTHORITY\LocalService
      Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 2
      Type: 32
      Error Control: 1
      Depends On services: rpcss

      Service (registry key): BTHUSB
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote USB radio Bluetooth
      Image path: System32\Drivers\BTHUSB.sys
      Image size: 29184
      Image MD5: 32045A4BB143BBC5BAB1298C4E9E309A
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): BTKRNL
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Control Set: CurrentControlSet
      Start: 0
      Type: 0
      Error Control: 0

      Service (registry key): btwaudio
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Périphérique audio Bluetooth
      Image path: system32\drivers\btwaudio.sys
      Image size: 80424
      Image MD5: 99AEEA7CEFDFC6E4151A8F620D682088
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): btwavdt
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Bluetooth AVDT Service
      Image path: system32\drivers\btwavdt.sys
      Image size: 80936
      Image MD5: 195872E48A7FB01F8BC9B800F70F4054
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 1

      Service (registry key): btwrchid
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Image path: system32\DRIVERS\btwrchid.sys
      Image size: 16168
      Image MD5: 0724E7D6C9B6A289EDDDA33FA8176E80
      Control Set: CurrentControlSet
      Start: 3
      Type: 1
      Error Control: 0

      Service (registry key): cdfs
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: CD/DVD File System Reader
      Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
      Image path: system32\DRIVERS\cdfs.sys
      Image size: 70144
      Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
      Control Set: CurrentControlSet
      Start: 4
      Type: 2
      Error Control: 1
      Depends On group: "SCSI CDROM Class"

      Service (registry key): cdrom
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote de CD-ROM
      Image path: system32\DRIVERS\cdrom.sys
      Image size: 67072
      Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57
      Control Set: CurrentControlSet
      Start: 1
      Type: 1
      Error Control: 1

      Service (registry key): CertPropSvc
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: @%SystemRoot%\System32\certprop.dll,-11
      Description: @%SystemRoot%\System32\certprop.dll,-12
      Object name: LocalSystem
      Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
      Image size: 21504
      Image MD5: 3794B461C45882E06856F282EEF025AF
      Control Set: CurrentControlSet
      Start: 3
      Type: 32
      Error Control: 1
      Depends On services: RpcSs

      Service (registry key): circlass
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Consumer IR Devices
      Image path: \SystemRoot\system32\drivers\circlass.sys
      Image size: 0
      Image MD5: D41D8CD98F00B204E9800998ECF8427E
      Control Set: CurrentControlSet
      Start: 4
      Type: 1
      Error Control: 1

      Service (registry key): CLFS
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Common Log (CLFS)
      Description: Common Log (CLFS)
      Image path: System32\CLFS.sys
      Image size: 247352
      Image MD5: 465745561C832B29F7C48B488AAB3842
      Control Set: CurrentControlSet
      Start: 0
      Type: 1
      Error Control: 3

      Service (registry key): clr_optimization_v2.0.50727_32
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
      Description: Microsoft .NET Framework NGEN
      Object name: LocalSystem
      Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      Image size: 70144
      Image MD5: A4AF4201BD519971F8F34724F3CA9DBB
      Control Set: CurrentControlSet
      Start: 3
      Type: 16
      Error Control: 0

      Service (registry key): CmBatt
      Registry path: \SYSTEM\CurrentControlSet\Services\
      Display name: Pilote pour Batterie à méthode de contrôle ACPI Microsoft
      Image path: system32\DRIVERS\CmBatt.sys
      Image size: 14208
      Image MD5: 99AFC3795B58CC478FBBBCDC658FCB56
      Control Set: CurrentControlSet
      0
  4. PL59 Messages postés 634 Statut Membre 21
     
    Fais un coup de spybot tiens moi au courant

    Cordialement PL59
    0
    1. Tarzanlabanane
       
      Mon message précédent est le résultat de spybot :)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. PL59 Messages postés 634 Statut Membre 21
     
    télécharge sdfix http://sdfix.net/SDFix.exe

    + son tuto https://www.malekal.com/slenfbot-still-an-other-irc-bot/ Tiens moi au courant
    0
    1. Tarzanlabanane
       
      J'ai du mal à faire fonctionner ce programme, mais je crois que j'ai fait ce qu'on me demandait :

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-03 18:27:27
      Windows 6.0.6001 Service Pack 1 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021860ad8ac]
      "001c43eb78a4"=hex:0d,2d,a0,a3,0d,04,ba,51,12,52,54,0c,87,7a,30,d5
      "001fcd1480ef"=hex:1a,a2,98,e0,ef,2d,8c,f0,cb,08,14,7a,f4,b2,3b,be
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\006057273847]
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
      "s1"=dword:2df9c43f
      "s2"=dword:110480d0
      "h0"=dword:00000001

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools Lite\"
      "h0"=dword:00000000
      "khjeh"=hex:83,ed,8e,dc,4e,ff,22,97,6f,ae,6b,3b,ae,2d,4f,2f,63,05,2b,34,6b,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,6c,f4,4f,4b,9c,21,4c,e5,04,03,12,2f,30,c8,8f,fd,a2,..
      "khjeh"=hex:3b,f2,08,38,82,93,09,2a,67,88,48,77,14,5a,0a,02,a9,43,cb,3a,55,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:f3,f1,0a,ef,1d,9c,48,67,7b,a4,84,68,83,6d,c1,8d,30,10,57,d4,42,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:4c,2e,83,70,32,7b,17,b8,35,aa,90,9a,bd,fa,89,15,e3,26,a4,6b,c2,..
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021860ad8ac]
      "001c43eb78a4"=hex:0d,2d,a0,a3,0d,04,ba,51,12,52,54,0c,87,7a,30,d5
      "001fcd1480ef"=hex:1a,a2,98,e0,ef,2d,8c,f0,cb,08,14,7a,f4,b2,3b,be
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\006057273847]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools Lite\"
      "h0"=dword:00000000
      "khjeh"=hex:83,ed,8e,dc,4e,ff,22,97,6f,ae,6b,3b,ae,2d,4f,2f,63,05,2b,34,6b,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,6c,f4,4f,4b,9c,21,4c,e5,04,03,12,2f,30,c8,8f,fd,a2,..
      "khjeh"=hex:3b,f2,08,38,82,93,09,2a,67,88,48,77,14,5a,0a,02,a9,43,cb,3a,55,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:f3,f1,0a,ef,1d,9c,48,67,7b,a4,84,68,83,6d,c1,8d,30,10,57,d4,42,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:4c,2e,83,70,32,7b,17,b8,35,aa,90,9a,bd,fa,89,15,e3,26,a4,6b,c2,..

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0



      Pb toujours pas résolu...
      0
    2. Tarzanlabanane
       
      J'ai remarqué que des gens ont réglé ce pb en supprimant certaines clefs de registres :
      ForceActiveDesktopOn et NoActiveDesktop
      de
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

      et
      Wallpaper
      de
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

      Cependant, elles n'existent pas dans mon registre... en fait, je ne possède aucune valeur à l'emplacement HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies...
      seulement les dossier Explorer (qui contient Run) et Systeme... mais ces derniers ne contiennent aucunes valeurs...
      0
  7. PL59 Messages postés 634 Statut Membre 21
     
    Ta penser à faire une restauration du système tiens moi au courant

    Cordialement PL59
    0