Comment se debarasser de epass-key

Fermé
gaston -  
zanolau Messages postés 32 Statut Membre -
salut

j ai un probleme avec des fenetres epass-key qui s affichent quand je suis sur internet

comment faire pour m en debarasser

merci

19 réponses

  1. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonsoir ,

    Dans un premier temps, fait déja tout cela (Si possible dans l’ordre) :

    telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)

    (1) ad-aware version 1.06

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip

    ***

    (2) spybot version 1.4

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    ***

    et aussi ceci

    (3) Ccleaner :
    Télécharge Ccleaner ici :
    https://www.ccleaner.com/ccleaner/download

    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    (4) Ewido
    http://download.ewido.net/ewido-setup.exe
    Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
    Ouvre ewido et clic sur l'onglet Settings, pour How to Act sélèctionne Quarantine.
    Clique sur scanner puis sur scan complet du système.
    A la fin cliquer sur Apply all actions
    Puis sur Save report et pour finir Save report as enregistrer sur le Bureau.

    Coller le rapport dans votre prochaine réponse.

    Tutorial ici :
    https://www.malekal.com/tutorial-et-guide-ewido-v4/

    (5) Pour vérifier, scanne ton PC avec cet antivirus en ligne :
    https://www.bitdefender.com/toolbox/

    (6) télécharge HijackThis ici:
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
  2. gaston
     
    ok voici le copie du logfile

    Logfile of HijackThis v1.99.1
    Scan saved at 07:36:02, on 02/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\StofWare\NoSpam\NoSpam.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
    C:\Documents and Settings\olivier\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Windows Update Draven] draven.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
    O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.206.67.116/activex/AxisCamControl.cab
    O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.6/ttinst-french.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
    O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
    O17 - HKLM\System\CS3\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
    0
  3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Slt,

    Manque les rapports ==> 4/ et ==> 5/

    A++
    0
  4. gaston
     
    voici le raport de bitdefender

    BitDefender Online Scanner

    Rapport d'analyse généré à: Sat, Sep 02, 2006 - 14:08:25

    Voie d'analyse: A:\;C:\;D:\;E:\;G:\;H:\;

    Statistiques

    Temps
    01:46:22

    Fichiers
    404158

    Directoires
    9105

    Secteurs de boot
    4

    Archives
    2884

    Paquets programmes
    22171

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    5

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    1

    Info sur les moteurs

    Définition virus
    452109

    Version des moteurs
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Analyse des plugins
    13

    Archive des plugins
    38

    Unpack des plugins
    6

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Aucun

    Heuristique
    Non

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\RECYCLER\NPROTECT\00000331.dll
    Infecté par: Generic.Botget.FA448EDF

    C:\RECYCLER\NPROTECT\00000331.dll
    Supprimé

    C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925891.dll
    Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

    C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925891.dll
    Echec de la désinfection

    C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925892.dll
    Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

    C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925892.dll
    Echec de la désinfection

    C:\WINDOWS\system32\EGACCESS.dll
    Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

    C:\WINDOWS\system32\EGACCESS.dll
    Echec de la désinfection

    C:\WINDOWS\system32\egaccess4_1064.dll
    Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

    C:\WINDOWS\system32\egaccess4_1064.dll
    Echec de la désinfection

    et le rapport de ewido

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 17:01:38 02/09/2006

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1708537768-651377827-682003330-1003\Software\egdhtml -> Dialer.Generic : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\olivier\Cookies\olivier@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

    ::Report end

    merci

    gaston
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Tu gagnes de l'argent au Poker ???
    0
  7. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Essaie ce qui suit
    Stp
    Merci

    Télécharge Blacklight(de F-Secure) a l’une des 2 adresses :
    https://www.f-secure.com/en
    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exeet accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    A++
    0
  8. gaston
     
    non je ne gagne pas d argent au poker. je ne joue pas en ligne
    0
  9. gaston
     
    09/02/06 20:31:42 [Info]: BlackLight Engine 1.0.46 initialized
    09/02/06 20:31:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    09/02/06 20:31:42 [Note]: 7019 4
    09/02/06 20:31:42 [Note]: 7005 0
    09/02/06 20:31:45 [Note]: 7006 0
    09/02/06 20:31:45 [Note]: 7011 1308
    09/02/06 20:31:46 [Note]: 7026 0
    09/02/06 20:31:46 [Note]: 7026 0
    09/02/06 20:31:46 [Note]: 7015 1744
    09/02/06 20:31:46 [Note]: 7015 5
    09/02/06 20:31:46 [Note]: 7015 1824
    09/02/06 20:31:46 [Note]: 7015 5
    09/02/06 20:31:46 [Note]: 7024 3
    09/02/06 20:31:46 [Info]: Hidden process: C:\windows\system32\nzhfkvosc.exe
    09/02/06 20:31:46 [Note]: 7015 2044
    09/02/06 20:31:46 [Note]: 7015 5
    09/02/06 20:31:46 [Note]: FSRAW library version 1.7.1019
    09/02/06 20:37:53 [Info]: Hidden file: c:\WINDOWS\system32\nzhfkvosc_nav.dat
    09/02/06 20:37:53 [Note]: 10002 1
    09/02/06 20:37:55 [Info]: Hidden file: c:\WINDOWS\system32\nzhfkvosc.dat
    09/02/06 20:37:55 [Note]: 10002 1
    09/02/06 20:37:57 [Info]: Hidden file: C:\windows\system32\nzhfkvosc.exe
    09/02/06 20:37:57 [Note]: 10002 1
    09/02/06 20:37:58 [Info]: Hidden file: c:\WINDOWS\system32\nzhfkvosc_navps.dat
    09/02/06 20:37:58 [Note]: 10002 1
    09/02/06 20:38:15 [Info]: Hidden file: c:\WINDOWS\Prefetch\NZHFKVOSC.EXE-28117FD9.pf
    09/02/06 20:38:15 [Note]: 10002 1
    09/02/06 20:43:17 [Note]: 7007 0
    0
  10. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    On continue

    Télécharge Brute Force Uninstaller (de Merijn) ici:
    http://www.merijn.org/files/bfu.zip
    Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU.
    Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)

    Ensuite, télécharge EGDACCESS.bfu (de Metallica) :

    Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers".
    Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
    - Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu
    - Coches la case Show log after script ends
    - Clique sur Execute pour que le fix fasse son boulot :-)

    Attends que le message Complete script execution apparaîsse et clique sur OK.
    Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
    Clique Exit pour fermer le programme BFU.

    ==========================================

    Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
    Clique sur Scan pour lancer l'analyse.
    Une fois fait, sélectionnes chaque fichiers trouvés et clic sur "RENAME"
    Puis valide.
    Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Après le reboot du pc, les fichiers :

    C:\windows\system32\nzhfkvosc.exe
    c:\WINDOWS\system32\nzhfkvosc_nav.dat
    c:\WINDOWS\system32\nzhfkvosc.dat
    c:\WINDOWS\system32\nzhfkvosc_navps.dat

    devraient être visible et pouvoir être supprimés sans aucuns soucis.
    Blacklight ne les supprimes pas, il les renomme simplement et il va falloir que tu les vires toi-même:
    Va dans C:\windows\system32\ et recherches et effaces:

    nzhfkvosc.exe
    nzhfkvosc_nav.dat
    nzhfkvosc.dat
    nzhfkvosc_navps.dat

    Une fois fait, reposte un rapport hijackthis et un nouveau rapport de blacklight.

    A++
    0
  11. gaston
     
    voici hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 08:04:02, on 03/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\StofWare\NoSpam\NoSpam.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\olivier\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Windows Update Draven] draven.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [nzhfkvosc] c:\windows\system32\nzhfkvosc.exe nzhfkvosc
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.206.67.116/activex/AxisCamControl.cab
    O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.6/ttinst-french.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
    O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CS2\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.1 80.10.246.132
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

    et blacklight

    09/03/06 08:04:23 [Info]: BlackLight Engine 1.0.46 initialized
    09/03/06 08:04:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    09/03/06 08:04:24 [Note]: 7019 4
    09/03/06 08:04:24 [Note]: 7005 0
    09/03/06 08:04:29 [Note]: 7006 0
    09/03/06 08:04:29 [Note]: 7011 1308
    09/03/06 08:04:29 [Note]: 7026 0
    09/03/06 08:04:30 [Note]: 7026 0
    09/03/06 08:04:30 [Note]: 7015 504
    09/03/06 08:04:30 [Note]: 7015 5
    09/03/06 08:04:30 [Note]: 7015 1724
    09/03/06 08:04:30 [Note]: 7015 5
    09/03/06 08:04:30 [Note]: 7015 1884
    09/03/06 08:04:30 [Note]: 7015 5
    09/03/06 08:04:43 [Note]: FSRAW library version 1.7.1019
    09/03/06 08:08:12 [Note]: 2000 1006
    09/03/06 08:08:19 [Note]: 7007 0
    0
  12. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Fais ce qui suit et c'est bon :
    Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.206.67.116/activex/AxisCamControl.cab
    O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.6/ttinst-french.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
    O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

    023 France TELECOM

    clique sur demarrer, executer, tape: services.msc ,cherche dans la liste et regle cette ligne sur "desactivé"

    France Telecom Routing Table Service (inutile)

    supprime l'executable

    C:\WINDOWS\System32\FTRTSVC.exe

    Tiens nous au courant
    A++

    0
  13. gaston
     
    ok je crois que cette fois c est bon

    merci beaucoup

    a plus
    0
  14. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonsoir,

    Ben je suis désolé, mais à mon avis, c'est pas encore bon !

    Peux tu remettre un hijackthis, stp.

    A+
    0
  15. gaston
     
    voila

    Logfile of HijackThis v1.99.1
    Scan saved at 20:23:56, on 06/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\StofWare\NoSpam\NoSpam.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\eMule\emule.exe
    C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
    C:\Documents and Settings\olivier\Bureau\APPLICATIONS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Windows Update Draven] draven.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [nzhfkvosc] c:\windows\system32\nzhfkvosc.exe nzhfkvosc
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O17 - HKLM\System\CCS\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
    O17 - HKLM\System\CS3\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
    0
  16. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonsoir,

    Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !

    Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [Windows Update Draven] draven.exe

    O4 - HKLM\..\Run: [nzhfkvosc] c:\windows\system32\nzhfkvosc.exe nzhfkvosc

    O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe

    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    draven.exe

    c:\windows\system32\
    nzhfkvosc.exe

    C:\WINDOWS\system32\nvsvcd.exe

    ----------------------------------------------------------------------------
    Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Windows Log

    Règle-le sur "Arrêté" et "Désactivé".

    Vide ta Corbeille.

    Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Bon courage.

    A+
    0
  17. gaston
     
    Logfile of HijackThis v1.99.1
    Scan saved at 08:07:47, on 10/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\StofWare\NoSpam\NoSpam.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\eMule\emule.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\Documents and Settings\olivier\Bureau\APPLICATIONS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3C5D79C6-9C00-42B0-97A9-32DFE3621C23} - C:\WINDOWS\system32\webclntd.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.1 80.10.246.132
    O17 - HKLM\System\CS3\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  18. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonjour Gaston,

    Ton log hijackthis me parait ok.

    Où en sont tes soucis ?

    A+
    0
  19. 19reyes Messages postés 3 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 20:44:36, on 13/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\VM_STI.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" Vimicro USB PC Camera LTI301P
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5A0DD-E238-4FAB-8DCC-1CB78EF04F8F}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    0
  20. zanolau Messages postés 32 Statut Membre 1
     
    bonjour,
    je me greffe à la discussion car je ne sais comment faire pour intervenir sur ce virus "système doctor"(entres autres). Au secours!!!!
    merci d'avance pour toute aide car je ne suis pas toujours en place en ce qui concerne l'informatique.
    nat
    voici mon rapport Spybot:

    --- Search result list ---
    eXact Advertising.BargainsBuddy: Code storage database (Clé du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650}

    Tradedoubler: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    CoreMetrics: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    DoubleClick: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    ReliableStats: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    ErrorSafe: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    Zedo: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    Winsoftware.WinAntiVirusPro2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    MediaPlex: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    ErrorSafe: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    BurstMedia: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    BurstMedia: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    TagASaurus: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    BlueStreak: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    FastClick: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    SystemDoctor2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    SystemDoctor2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

    Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

    BurstMedia: Cookie traceur (Firefox: default) (Cookie, nothing done)

    CasaleMedia: Cookie traceur (Firefox: default) (Cookie, nothing done)

    DoubleClick: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    MediaPlex: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Win32.Small.ddx: Cookie traceur (Firefox: default) (Cookie, nothing done)

    SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

    SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)

    CoreMetrics: Cookie traceur (Firefox: default) (Cookie, nothing done)

    SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

    SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

    ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

    ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

    ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

    ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

    ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-12-20 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-05-23 advcheck.dll (1.5.3.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-07-31 Tools.dll (2.1.2.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-09-19 Includes\Cookies.sbi (*)
    2007-07-25 Includes\Dialer.sbi (*)
    2007-09-19 Includes\DialerC.sbi (*)
    2007-08-29 Includes\Hijackers.sbi (*)
    2007-09-19 Includes\HijackersC.sbi (*)
    2007-07-25 Includes\Keyloggers.sbi (*)
    2007-09-19 Includes\KeyloggersC.sbi (*)
    2007-09-12 Includes\Malware.sbi (*)
    2007-09-19 Includes\MalwareC.sbi (*)
    2007-09-05 Includes\PUPS.sbi (*)
    2007-09-19 Includes\PUPSC.sbi (*)
    2007-09-19 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-09-19 Includes\SecurityC.sbi (*)
    2007-09-12 Includes\Spybots.sbi (*)
    2007-09-19 Includes\SpybotsC.sbi (*)
    2007-08-21 Includes\Tracks.uti
    2007-09-12 Includes\Trojans.sbi (*)
    2007-09-19 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows 2003 (Build: 3790) Service Pack 2
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

    --- Startup entries list ---
    Located: HK_LM:Run, hid_start
    command: C:\WINDOWS\SysWow64\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
    file: C:\WINDOWS\SysWow64\Rundll32.exe
    size: 34816
    MD5: 75139c5e6b968e39a5a35e7003fa7049

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
    size: 257088
    MD5: b0e9efadf04e9e25c0001b48757f3e71

    Located: HK_LM:Run, Picasa Media Detector
    command: "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
    file: C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
    size: 366400
    MD5: 72b2cad5f56b875ca8b75b39412ada20

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files (x86)\QuickTime\qttask.exe
    size: 282624
    MD5: 30e1f03dcc8825988528d9058312ede2

    Located: HK_CU:Run, MSMSGS
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1681920
    MD5: 4c2f0cbcb62f7c601c350e9b3228eb22

    Located: HK_CU:Run, NBJ
    command: "C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
    file: C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe
    size: 1957888
    MD5: 9cab916797d8d39f78b8800c2a23add6

    Located: Démarrage (tous utilisateurs), Démarrage d'Office.lnk
    command: C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
    file: C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
    size: 51984
    MD5: d06276d4cad46cdceabefdeb1a0d3c0d

    Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk
    command: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: 43362b96870ce8649f4f2ec893da93f0

    Located: Démarrage (tous utilisateurs), Microsoft Recherche accélérée.lnk
    command: C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
    file: C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
    size: 111376
    MD5: 7fb98f00d51601071d2f490b82e3cfa2

    Located: Démarrage (utilisateur), LimeWire On Startup.lnk
    command: C:\Program Files (x86)\LimeWire\LimeWire.exe
    file: C:\Program Files (x86)\LimeWire\LimeWire.exe
    size: 147456
    MD5: 365418b2fefca481c6ce388da076eac2

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, dimsntfy
    command: dimsntfy.dll
    file: dimsntfy.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, WRNotifier
    command: WRLogonNTF.dll
    file: WRLogonNTF.dll

    --- Browser helper object list ---
    {36A91CEC-6C71-4758-B492-397BFC8E96A2} (rightonadz.biz browser optimizer)
    BHO name:
    CLSID name: rightonadz.biz browser optimizer
    Path: C:\WINDOWS\SysWow64\
    Long name: gzmrotate.dll
    Short name: GZMROT~2.DLL
    Date (created): 12/09/2007 12:46:22
    Date (last access): 24/09/2007 10:01:44
    Date (last write): 12/09/2007 12:46:22
    Filesize: 62464
    Attributes: archive
    MD5: 1A10CC10BC97FB3D8D19F5E7236C851E
    CRC32: 51C14F71
    Version: 1.0.6.2

    {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    BHO name:
    CLSID name:

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files (x86)\Fichiers communs\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 31/08/2006 20:33:06
    Date (last access): 24/09/2007 08:25:16
    Date (last write): 31/08/2006 20:33:06
    Filesize: 322368
    Attributes: archive
    MD5: E43F7CFDEE2B00A22C96C168147B20D3
    CRC32: 2AEACC43
    Version: 4.100.313.1

    {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
    BHO name:
    CLSID name: ST
    Path: C:\Program Files (x86)\MSN Apps\ST\01.03.0000.1005\en-xu\
    Long name: stmain.dll
    Short name:
    Date (created): 06/01/2006 19:16:42
    Date (last access): 24/09/2007 10:03:20
    Date (last write): 13/08/2004 18:42:00
    Filesize: 155648
    Attributes: archive
    MD5: 0DA1349495955CB41A5899047C5A1267
    CRC32: C050EECD
    Version: 1.2.3000.1001

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
    BHO name:
    CLSID name: MSNToolBandBHO
    Path: C:\Program Files (x86)\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\
    Long name: msntb.dll
    Short name:
    Date (created): 10/02/2006 15:46:56
    Date (last access): 24/09/2007 08:25:38
    Date (last write): 17/01/2006 17:04:16
    Filesize: 282624
    Attributes: archive
    MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
    CRC32: 1DF31317
    Version: 1.2.5000.1021

    {F31B3634-12AA-41ca-B021-0685C3B3E4CA} (adssite)
    BHO name:
    CLSID name: adssite
    Path: C:\WINDOWS\SysWow64\
    Long name: nsq23D2.dll
    Short name:
    Date (created): 13/09/2007 16:55:18
    Date (last access): 24/09/2007 09:45:22
    Date (last write): 13/09/2007 16:55:18
    Filesize: 139264
    Attributes: archive
    MD5: 683B4AC8C210D60FC7716B4D5F08AC63
    CRC32: 0D55C007
    Version: 3.4.0.0

    --- ActiveX list ---
    {0878B424-1F95-4E26-B5AB-F0D349D89650} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase: http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab

    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 1564 ( 600) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    size: 59008
    MD5: DC995DA2D258C0590C3AE07EC68BFEE6
    PID: 1636 ( 600) C:\Program Files\Alwil Software\Avast4\ashServ.exe
    size: 132736
    MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
    PID: 1980 (1364) C:\Program Files\Messenger\msmsgs.exe
    size: 1681920
    MD5: 4C2F0CBCB62F7C601C350E9B3228EB22
    PID: 280 (1364) C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
    size: 51984
    MD5: D06276D4CAD46CDCEABEFDEB1A0D3C0D
    PID: 296 (1364) C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
    size: 111376
    MD5: 7FB98F00D51601071D2F490B82E3CFA2
    PID: 316 (1364) C:\Program Files (x86)\LimeWire\LimeWire.exe
    size: 147456
    MD5: 365418B2FEFCA481C6CE388DA076EAC2
    PID: 408 ( 252) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
    size: 366400
    MD5: 72B2CAD5F56B875CA8B75B39412ADA20
    PID: 416 ( 252) C:\Program Files (x86)\QuickTime\qttask.exe
    size: 282624
    MD5: 30E1F03DCC8825988528D9058312EDE2
    PID: 440 ( 252) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    size: 257088
    MD5: B0E9EFADF04E9E25C0001B48757F3E71
    PID: 480 ( 252) C:\WINDOWS\SysWow64\Rundll32.exe
    size: 34816
    MD5: 75139C5E6B968E39A5A35E7003FA7049
    PID: 2076 ( 796) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 94208
    MD5: DACFC2F360CE06B5FF89CE8CA3D7E346
    PID: 2144 ( 600) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    size: 255616
    MD5: AA6691D73782FA5D94E0CED6D27C3DE8
    PID: 2208 ( 600) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    size: 370304
    MD5: D6B2638DDBFB34AC78B153CDD0792C37
    PID: 2228 ( 600) C:\Program Files (x86)\iPod\bin\iPodService.exe
    size: 500800
    MD5: 661194608009B558DE1925C7EBE1A4BA
    PID: 2748 ( 796) C:\Program Files (x86)\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    size: 115024
    MD5: 44CDED85B91EEF32E9CBCA348371F6BB
    PID: 1048 (2076) C:\Program Files (x86)\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
    size: 86016
    MD5: E377C992DFBB5837826EA311E436C66D
    PID: 2004 (2076) C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    size: 71288
    MD5: 6C37AD8C2212D3DDC456BB48A3AA398E
    PID: 1120 (1364) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 1596 (1364) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    size: 7604331
    MD5: CB49C8AE9B44535D2B6FCDE74C589AC9
    PID: 4 ( 0) System
    PID: 256 ( 4) smss.exe
    PID: 304 ( 256) csrss.exe
    PID: 552 ( 256) winlogon.exe
    PID: 600 ( 552) services.exe
    PID: 612 ( 552) lsass.exe
    PID: 796 ( 600) svchost.exe
    PID: 888 ( 600) svchost.exe
    PID: 928 ( 600) svchost.exe
    PID: 1000 ( 600) svchost.exe
    PID: 1032 ( 600) svchost.exe
    PID: 1152 ( 600) spoolsv.exe
    PID: 1364 (1328) explorer.exe
    PID: 1680 ( 600) svchost.exe
    PID: 1800 ( 600) svchost.exe
    PID: 2392 ( 796) wmiprvse.exe
    PID: 2672 ( 600) alg.exe

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 24/09/2007 10:17:08

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.google.com/search?q=http+google&gws_rd=ssl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.google.com/toolbar/ie8/sidebar.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/toolbar/ie8/sidebar.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://www.google.com/search?q=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

    --- Winsock Layered Service Provider list ---

    --- Uninstall list ---
    (AddressBook)

    Adssite Browser Optimizer 3.4.0.0 (adssite)
    uninstall cmd: C:\WINDOWS\system32\adssite-remove.exe

    Adssite Games Collection (AdssiteGames)
    uninstall cmd: C:\Program Files (x86)\Adssite Games Collection\uninstall.exe

    Adssite Advanced Toolbar 1.0.1.2 (AdssiteToolBar)
    uninstall cmd: C:\Program Files (x86)\Adssite Advanced Toolbar\uninstall.exe

    avast! Antivirus 4.7 (avast!)
    version (major): 4
    version (minor): 7
    install location: C:\PROGRA~1\ALWILS~1\Avast4
    install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
    uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    publisher: Alwil Software
    help link: https://www.avast.com/fr-fr/index

    (Branding)

    DFX for Winamp 7 (DFX for Winamp)
    uninstall cmd: "C:\Program Files (x86)\Winamp\uninstall_dfx.exe"
    publisher: Power Technology

    (DirectDrawEx)

    (DXM_Runtime)

    EPSON Scan (EPSON Scanner)
    uninstall cmd: C:\Program Files (x86)\epson\escndv\setup\setup.exe /r

    (Fontcore)

    Haali Media Splitter (HaaliMkx)
    uninstall cmd: "C:\Program Files (x86)\Matroska Pack\haali\uninstall.exe"

    HijackThis 2.0.0 2.0.0 (HijackThis)
    uninstall cmd: "C:\Documents and Settings\paul\Desktop\HijackThis.exe" /uninstall
    publisher: TrendMicro

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    (InstallShield Uninstall Information)

    Security Update for Windows XP (KB923789) (KB923789)
    uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/923789/ms06-069-vulnerabilities-in-macromedia-flash-player-from-adobe-could-a

    LimeWire 4.14.8 4.14.8 (LimeWire)
    uninstall cmd: "C:\Program Files (x86)\LimeWire\uninstall.exe"
    publisher: Lime Wire, LLC
    help link: http://www.limewire.com/support

    Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
    uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

    Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    publisher: Macromedia, Inc.
    help link: https://helpx.adobe.com/shockwave.html

    Matroska Pack (Matroska Pack)
    uninstall cmd: C:\Program Files (x86)\Matroska Pack\uninstall.exe

    Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
    uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

    (MobileOptionPack)

    Mozilla Firefox (2.0) 2.0 (fr) (Mozilla Firefox (2.0))
    install location: C:\Program Files (x86)\Mozilla Firefox
    uninstall cmd: C:\Program Files (x86)\Mozilla Firefox\uninstall\uninst.exe
    publisher: Mozilla
    comments: Mozilla Firefox

    Mozilla Firefox (2.0.0.7) 2.0.0.7 (fr) (Mozilla Firefox (2.0.0.7))
    install location: C:\PROGRA~2\Mozilla Firefox
    uninstall cmd: C:\PROGRA~2\Mozilla Firefox\uninstall\helper.exe
    publisher: Mozilla
    comments: Mozilla Firefox

    Mozilla Thunderbird (1.0) 1.0 (fr) (Mozilla Thunderbird (1.0))
    install location: C:\Program Files (x86)\Mozilla Thunderbird
    uninstall cmd: C:\WINDOWS\UninstallThunderbird.exe /ua "1.0 (fr)"
    publisher: Mozilla

    (MPlayer2)

    Barre d'outils MSN (MSN Toolbar)
    uninstall cmd: C:\Program Files (x86)\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c

    Nero OEM (Nero - Burning Rom!UninstallKey)
    uninstall cmd: C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

    Nero Suite (NeroMultiInstaller!UninstallKey)
    uninstall cmd: C:\Program Files (x86)\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""

    (NeroVision!UninstallKey)
    uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

    (NetMeeting)

    Microsoft Office 97 Standard (Office8.0)
    uninstall cmd: C:\Program Files (x86)\Microsoft Office\Office\Install\Acme.exe /w Off97Std.stf

    (OutlookExpress)

    PhotoFiltre (PhotoFiltre)
    uninstall cmd: "C:\Documents and Settings\paul\My Documents\photofiltre\Uninst.exe"

    Picasa 2 2.0 (Picasa2)
    uninstall cmd: "C:\Program Files (x86)\Picasa2\Uninstall.exe"
    publisher: Google, Inc.
    help link: http://picasa.google.com/

    PowerCheck 4.2.3 Ver 4.2.3 (PowerCheck_is1)
    uninstall cmd: "C:\Program Files (x86)\PowerCheck\unins000.exe"

    Rightonadz Browser Optimizer 1.0.6.2 (rightonadz)
    uninstall cmd: C:\WINDOWS\system32\gzmrot-uninst.exe

    (SchedulingAgent)

    Shockwave (Shockwave)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log

    Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
    uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    publisher: Adobe Systems
    help link: https://helpx.adobe.com/flash-player.html

    Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
    install location: C:\Program Files (x86)\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited

    Subdo Viewer 1.71 (Subdo Viewer)
    uninstall cmd: C:\Program Files (x86)\Subdo\Subdo Viewer\uninst.exe
    publisher: Virtual Business Solutions & Systems

    File Scavenger 3.1 3.1 (V3.1_is1)
    install location: C:\Temp\File Scavenger 3.1\
    uninstall cmd: "C:\Temp\File Scavenger 3.1\unins000.exe"
    publisher: QueTek™ Consulting Corporation

    VideoLAN VLC media player 0.8.2 0.8.2 (VLC media player)
    uninstall cmd: C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
    publisher: VideoLAN Team

    Winamp (remove only) (Winamp)
    uninstall cmd: "C:\Program Files (x86)\Winamp\UninstWA.exe"

    The GIMP 2.0.5 (WinGimp-2.0_is1)
    install location: C:\Program Files (x86)\GIMP-2.0\
    uninstall cmd: "C:\Program Files (x86)\GIMP-2.0\unins000.exe"
    publisher: <Gimp for Windows homepage>
    help link: https://groups.yahoo.com/neo/groups/gimpwin-users/info

    WinRAR archiver (WinRAR archiver)
    uninstall cmd: C:\Program Files (x86)\WinRAR\uninstall.exe

    3.0.20070525 ({2CCBABCB-6427-4A55-B091-49864623C43F})
    version: 20070525
    version (major): 3

    J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 122273
    install date: 20060118
    install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    publisher: Sun Microsystems, Inc.
    contact: https://www.java.com/en/
    help link: https://www.java.com/en/
    readme: C:\Program Files (x86)\Java\jre1.5.0_06\README.txt

    Google Earth 4.0.2744 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
    version: 67111608
    install date: 20070515
    install location: C:\Program Files (x86)\Google\Google Earth
    install source: C:\Documents and Settings\paul\Desktop\GoogleEarthWin_EARE.exe
    uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
    publisher: Google

    Petit Larousse 2003 ({495D3648-1D6B-4B71-B174-6A2452FFF8CD})
    uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{495D3648-1D6B-4B71-B174-6A2452FFF8CD}\setup.exe" -l0x40c

    Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
    version: 73662777
    version (major): 4
    version (minor): 100
    estimated size: 1220
    install date: 20070816
    install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    publisher: Microsoft Corporation

    QuickTime 7.1.5.120 ({5E863175-E85D-44A6-8968-82507D34AE7F})
    version: 117506053
    version (major): 7
    version (minor): 1
    estimated size: 69655
    install date: 20070421
    install location: C:\Program Files (x86)\QuickTime\
    install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP547.TMP\
    uninstall cmd: MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
    publisher: Apple Computer, Inc.
    contact: Assistance AppleCare
    help link: https://support.apple.com/fr-fr
    help telephone: (33) 0825 888 024

    Pro Evolution Soccer 5 1.00.0000 ({85C3FA3C-4832-4204-B21E-168E4920936A})
    version: 16777216
    version (major): 1
    estimated size: 1099080
    install date: 20060404
    install location: C:\appsProgram Files (x86)\KONAMI\Pro Evolution Soccer 5\
    install source: D:\
    publisher: KONAMI

    PC Applications v4.0 1.00.0000 ({95D23536-4111-463C-88F7-77BBBBBF109A})
    version: 16777216
    install location: C:\Program Files (x86)\VK Mobile\PC Applications v4.0
    uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{95D23536-4111-463C-88F7-77BBBBBF109A}\setup.exe" -l0x40c

    iTunes 7.1.1.5 ({AB90749C-7422-4580-8A7A-66CC5E9E5F98})
    version: 117506049
    version (major): 7
    version (minor): 1
    estimated size: 51658
    install date: 20070421
    install location: C:\Program Files (x86)\iTunes\
    install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP547.TMP\
    uninstall cmd: MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
    publisher: Apple Inc.
    contact: Assistance AppleCare
    help link: https://support.apple.com/fr-fr
    help telephone: +33 (0) 825 888 024

    Adobe Reader 7.0.9 - Français 7.0.9 ({AC76BA86-7AD7-1036-7B44-A70900000002})
    version: 117440521
    version (major): 7
    estimated size: 78484
    install date: 20070119
    install source: C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\
    uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
    publisher: Adobe Systems Incorporated
    comments:
    contact:
    help link: https://helpx.adobe.com/support.html
    help telephone:
    readme: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\Readme.htm

    Apple Software Update 2.0.2.92 ({B74F042E-E1B9-4A5B-8D46-387BB172F0A4})
    version: 33554434
    version (major): 2
    estimated size: 2204
    install date: 20070919
    install location: C:\Program Files (x86)\Apple Software Update\
    install source: C:\Program Files (x86)\Apple Software Update\Packages\
    uninstall cmd: MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    publisher: Apple Inc.
    contact: Assistance AppleCare
    help link: https://support.apple.com/fr-fr
    help telephone: 0825 888 024

    Sony ACID Pro 5.0c 5.0.345 ({C263C8DC-FFBC-4358-A62F-BDBCD58AE64A})
    version: 83886425
    version (major): 5
    estimated size: 76383
    install date: 20060326
    install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\
    uninstall cmd: MsiExec.exe /X{C263C8DC-FFBC-4358-A62F-BDBCD58AE64A}
    publisher: Sony
    help link: https://www.sonycreativesoftware.com/support

    Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
    version: 16847074
    version (major): 1
    version (minor): 1
    estimated size: 75259
    install date: 20070712
    install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    publisher: Microsoft
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

    Sony Media Manager 2.0 2.0.55 ({D60D2B02-125F-4DDB-9674-41DD538C457A})
    version: 33554487
    version (major): 2
    estimated size: 6831
    install date: 20060326
    install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\mediamgr\
    uninstall cmd: MsiExec.exe /X{D60D2B02-125F-4DDB-9674-41DD538C457A}
    publisher: Sony
    help link: https://www.sonycreativesoftware.com/support

    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) 8.00.761 ({E09B48B5-E141-427A-AB0C-D3605127224A})
    version: 134218489
    version (major): 8
    estimated size: 70731
    install date: 20060326
    install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\mediamgr\msde\Setup\
    uninstall cmd: MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    publisher: Microsoft Corporation

    Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
    version: 134217728
    version (major): 8
    install location: C:\Program Files (x86)\Adobe\Photoshop CS
    install source: C:\DOCUME~1\paul\LOCALS~1\Temp\Rar$EX06.359\
    uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
    publisher: Adobe Systems, Inc.

    Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
    version: 134283442
    version (major): 8
    version (minor): 1
    estimated size: 31939
    install date: 20070816
    install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    publisher: Microsoft Corporation

    Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
    uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

    --- System Services ---
    Service (registry key): .NET CLR Data
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET CLR Networking
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NETFramework
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Aavmker4
    Display name: avast! Asynchronous Virus Monitor
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Abiosdsk
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): ACPI
    Display name: Microsoft ACPI Driver
    Image path: system32\DRIVERS\ACPI.sys
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ACPIEC
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Adobe LM Service
    Display name: Adobe LM Service
    Description: Adobe LM Service
    Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
    Image size: 68096
    Image MD5: D01DD9E6A7DFE540181147A38B13F43A
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): adpu160m
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu320
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aec
    Display name: Microsoft Kernel Acoustic Echo Canceller
    Image path: system32\drivers\aec.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AeLookupSvc
    Display name: Application Experience Lookup Service
    Description: Process application compatibility lookup requests for applications as they are launched.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): AFD
    Display name: AFD
    Description: AFD Networking Support Environment
    Image path: \SystemRoot\System32\drivers\afd.sys
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): aic78u2
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ALCXWDM
    Display name: Service for Realtek AC97 Audio (WDM)
    Image path: system32\drivers\ALCWDM64.SYS
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Alerter
    Display name: Alerter
    Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): ALG
    Display name: Application Layer Gateway Service
    Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 45056
    Image MD5: FD79AFA46B60D32557CB62F6050C2B69
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): AliIde
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AmdIde
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AmdK8
    Display name: AMD K8 Processor Driver
    Image path: system32\DRIVERS\amdk8.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AppMgmt
    Display name: Application Management
    Description: Processes installation, removal, and enumeration requests for Active Directory IntelliMirror group policy programs. If the service is disabled, users will be unable to install, remove, or enumerate any IntelliMirror programs. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): arc
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ASP.NET
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ASP.NET_1.1.4322
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): aspnet_state
    Display name: ASP.NET State Service
    Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    Image size: 32768
    Image MD5: E1A1206A4FB19B675E947B29CCD25FBA
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): aswMon2
    Display name: avast! Standard Shield Support
    Start: 2
    Type: 2
    Error Control: 1

    Service (registry key): aswRdr
    Display name: aswRdr
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: tcpip

    Service (registry key): aswTdi
    Display name: avast! Network Shield Support
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: tcpip

    Service (registry key): aswUpdSv
    Display name: avast! iAVS4 Control Service
    Description: Fournit la mise à jour automatique pour l'antivirus avast!.
    Object name: LocalSystem
    Image path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    Image size: 59008
    Image MD5: DC995DA2D258C0590C3AE07EC68BFEE6
    Start: 2
    Type: 272
    Error Control: 1

    Service (registry key): AsyncMac
    Display name: RAS Asynchronous Media Driver
    Description: RAS Asynchronous Media Driver
    Image path: system32\DRIVERS\asyncmac.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Display name: Standard IDE/ESDI Hard Disk Controller
    Image path: system32\DRIVERS\atapi.sys
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Atdisk
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): ati2mtag
    Image path: system32\DRIVERS\ati2mtag.sys
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): Atmarpc
    Display name: ATM ARP Client Protocol
    Description: ATM ARP Client Protocol
    Image path: system32\DRIVERS\atmarpc.sys
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): AudioSrv
    Display name: Windows Audio
    Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): audstub
    Display name: Audio Stub Driver
    Image path: system32\DRIVERS\audstub.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): avast! Antivirus
    Display name: avast! Antivirus
    Description: Gère et implémente les services de l'antivirus avast! pour cet ordinateur. Ceci inclut la protection résidente, la zone de quarantaine et le planificateur.
    Object name: LocalSystem
    Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    Image size: 132736
    Image MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: aswMon2,RpcSS

    Service (registry key): avast! Mail Scanner
    Display name: avast! Mail Scanner
    Description: Implémente l'analyse du courrier électronique pour l'antivirus avast!.
    Object name: LocalSystem
    Image path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    Image size: 255616
    Image MD5: AA6691D73782FA5D94E0CED6D27C3DE8
    Start: 3
    Type: 272
    Error Control: 1
    Depends On services: "avast! Antivirus"

    Service (registry key): avast! Web Scanner
    Display name: avast! Web Scanner
    Description: Implémente l'analyse du contenu web (HTTP) pour l'antivirus avast!.
    Object name: LocalSystem
    Image path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    Image size: 370304
    Image MD5: D6B2638DDBFB34AC78B153CDD0792C37
    Start: 3
    Type: 272
    Error Control: 1
    Depends On services: "avast! Antivirus"

    Service (registry key): BattC
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Bdfndisf
    Display name: BitDefender Firewall NDIS Filter Service
    Image path: system32\DRIVERS\bdfndisf.sys
    Image size: 44288
    Image MD5: A3C7298A67D4924C329393F920CCEDC1
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): bdftdif
    Display name: bdftdif
    Image path: \??\C:\Program Files (x86)\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Beep
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BITS
    Display name: Background Intelligent Transfer Service
    Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Rpcss,EventSystem

    Service (registry key): Browser
    Display name: Computer Browser
    Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): CdaC15BA
    Display name: CdaC15BA
    Image path: system32\DRIVERS\CdaC15BA.sys
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): CdaD10BA
    Display name: CdaD10BA
    Image path: system32\DRIVERS\CdaD10BA.sys
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): Cdfs
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): Cdrom
    Display name: CD-ROM Driver
    Image path: system32\DRIVERS\cdrom.sys
    Start: 1
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): Changer
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): CiSvc
    Display name: Service d'indexation
    Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\cisvc.exe
    Image size: 6656
    Image MD5: EBC34382D0B069AEBA6E9168A9826BAA
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): ClipSrv
    Display name: ClipBook
    Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\clipsrv.exe
    Image size: 32256
    Image MD5: E53196BA56081F154E2D7A9E50A1D33F
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: NetDDE

    Service (registry key): CmdIde
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): COMSysApp
    Display name: Application système COM+
    Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model). Si ce service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. S'il est désactivé, les services qui en dépendent ne pourront pas démarrer.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 5632
    Image MD5: 5437813752863E1201E353FCAD8CAE37
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: rpcss,eventsystem

    Service (registry key): ContentFilter
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ContentIndex
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): crcdisk
    Display name: CRC Disk Filter Driver
    Image path: system32\DRIVERS\crcdisk.sys
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): CryptSvc
    Display name: Cryptographic Services
    Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): DcomLaunch
    Display name: DCOM Server Process Launcher
    Description: Provides launch functionality for DCOM services.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): Dfs
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Dhcp
    Display name: DHCP Client
    Description: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,Afd

    Service (registry key): Disk
    Display name: Disk Driver
    Image path: system32\DRIVERS\disk.sys
    Start: 0
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): dmadmin
    Display name: Logical Disk Manager Administrative Service
    Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\dmadmin.exe /com
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay,DmServer

    Service (registry key): dmboot
    Image path: System32\drivers\dmboot.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dmio
    Display name: Logical Disk Manager Driver
    Image path: system32\DRIVERS\dmio.sys
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmload
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmserver
    Display name: Logical Disk Manager
    Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay

    Service (registry key): Dnscache
    Display name: DNS Client
    Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): dpti2o
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ERSvc
    Display name: Error Reporting Service
    Description: Collects, stores, and reports unexpected application crashes to Microsoft. If this service is stopped, then Error Reporting will occur only for kernel faults and some types of user mode faults. If this service is disabled, any services that explicitly depend on it will not start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k WinErr
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RpcSs

    Service (registry key): Eventlog
    Display name: Event Log
    Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\services.exe
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): EventSystem
    Display name: Système d'événements de COM+
    Description: Prend en charge le service de notification d'événements système (SENS, System Event Notification Service), qui fournit une distribution automatique d'événements aux composants COM (Component Object Model) abonnés. Si le service est arrêté, SENS sera fermé et ne pourra fournir des informations d'ouverture et de fermeture de session. Si ce service est désactivé, le démarrage de tout service qui en dépend explicitement échouera.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Fastfat
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): Fdc
    Display name: Floppy Disk Controller Driver
    Image path: system32\DRIVERS\fdc.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Fips
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Flpydisk
    Display name: Floppy Disk Driver
    Image path: system32\DRIVERS\flpydisk.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): FltMgr
    Display name: FltMgr
    Description: File System Filter Manager Driver
    Image path: system32\drivers\fltmgr.sys
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): Fs_Rec
    Start: 1
    Type: 8
    Error Control: 0

    Service (registry key): Ftdisk
    Display name: Volume Manager Driver
    Image path: system32\DRIVERS\ftdisk.sys
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): GEARAspiWDM
    Display name: GEARAspiWDM
    Image path: System32\Drivers\GEARAspiWDM.sys
    Image size: 15664
    Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Gpc
    Display name: Generic Packet Classifier
    Description: Generic Packet Classifier
    Image path: system32\DRIVERS\msgpc.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): gusvc
    Display name: Google Updater Service
    Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
    Image size: 136120
    Image MD5: C1B577B2169900F4CF7190C39F085794
    Start: 3
    Type: 16
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): helpsvc
    Display name: Aide et support
    Description: Permet à l'application Aide et support de fonctionner sur cet ordinateur. Si ce service est arrêté, la fonctionnalité Aide et support ne sera pas disponible. S'il est désactivé, tous les services dépendant explicitement de ce service ne pourront pas démarrer.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): HidServ
    Display name: Human Interface Device Access
    Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14848
    Image MD5: C09CCFE81DEC9B162533D7184D705682
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): HidUsb
    Display name: Microsoft HID Class Driver
    Image path: system32\DRIVERS\hidusb.sys
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): HTTP
    Display name: HTTP
    Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
    Image path: System32\Drivers\HTTP.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): HTTPFilter
    Display name: HTTP SSL
    Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\lsass.exe
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: HTTP

    Service (registry key): i2omgmt
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): i8042prt
    Display name: i8042 Keyboard and PS/2 Mouse Port Driver
    Image path: syst
    0