Sujet Précédent Sujet Suivant

Comment se debarasser de epass-key

Fermé
gaston -  
zanolau Messages postés 32 Statut Membre -
salut

j ai un probleme avec des fenetres epass-key qui s affichent quand je suis sur internet

comment faire pour m en debarasser

merci

19 réponses

Réponse 1 / 19
incognito02 Messages postés 3487 Statut Contributeur 138
 
Bonsoir ,

Dans un premier temps, fait déja tout cela (Si possible dans l’ordre) :

telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)

(1) ad-aware version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

***

(2) spybot version 1.4

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***

et aussi ceci

(3) Ccleaner :
Télécharge Ccleaner ici :
https://www.ccleaner.com/ccleaner/download

Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

(4) Ewido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.
Ouvre ewido et clic sur l'onglet Settings, pour How to Act sélèctionne Quarantine.
Clique sur scanner puis sur scan complet du système.
A la fin cliquer sur Apply all actions
Puis sur Save report et pour finir Save report as enregistrer sur le Bureau.

Coller le rapport dans votre prochaine réponse.

Tutorial ici :
https://www.malekal.com/tutorial-et-guide-ewido-v4/

(5) Pour vérifier, scanne ton PC avec cet antivirus en ligne :
https://www.bitdefender.com/toolbox/

(6) télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
0
Réponse 2 / 19
gaston
 
ok voici le copie du logfile

Logfile of HijackThis v1.99.1
Scan saved at 07:36:02, on 02/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StofWare\NoSpam\NoSpam.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Documents and Settings\olivier\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Update Draven] draven.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.206.67.116/activex/AxisCamControl.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.6/ttinst-french.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
0
Réponse 3 / 19
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Slt,

Manque les rapports ==> 4/ et ==> 5/

A++
0
Réponse 4 / 19
gaston
 
voici le raport de bitdefender

BitDefender Online Scanner

Rapport d'analyse généré à: Sat, Sep 02, 2006 - 14:08:25

Voie d'analyse: A:\;C:\;D:\;E:\;G:\;H:\;

Statistiques

Temps
01:46:22

Fichiers
404158

Directoires
9105

Secteurs de boot
4

Archives
2884

Paquets programmes
22171

Résultats

Virus identifiés
2

Fichiers infectés
5

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
1

Info sur les moteurs

Définition virus
452109

Version des moteurs
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Analyse des plugins
13

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Aucun

Heuristique
Non

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\RECYCLER\NPROTECT\00000331.dll
Infecté par: Generic.Botget.FA448EDF

C:\RECYCLER\NPROTECT\00000331.dll
Supprimé

C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925891.dll
Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925891.dll
Echec de la désinfection

C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925892.dll
Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

C:\System Volume Information\_restore{B08E398F-5138-4BF8-B682-F2203F9D19F5}\RP667\A0925892.dll
Echec de la désinfection

C:\WINDOWS\system32\EGACCESS.dll
Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

C:\WINDOWS\system32\EGACCESS.dll
Echec de la désinfection

C:\WINDOWS\system32\egaccess4_1064.dll
Infecté par: DeepScan:Generic.Dialer.DDF5A8AB

C:\WINDOWS\system32\egaccess4_1064.dll
Echec de la désinfection

et le rapport de ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:01:38 02/09/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-651377827-682003330-1003\Software\egdhtml -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\olivier\Cookies\olivier@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

::Report end

merci

gaston
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Tu gagnes de l'argent au Poker ???
0
Réponse 6 / 19
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut,

Essaie ce qui suit
Stp
Merci

Télécharge Blacklight(de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exeet accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

A++
0
Réponse 7 / 19
gaston
 
non je ne gagne pas d argent au poker. je ne joue pas en ligne
0
Réponse 8 / 19
gaston
 
09/02/06 20:31:42 [Info]: BlackLight Engine 1.0.46 initialized
09/02/06 20:31:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/02/06 20:31:42 [Note]: 7019 4
09/02/06 20:31:42 [Note]: 7005 0
09/02/06 20:31:45 [Note]: 7006 0
09/02/06 20:31:45 [Note]: 7011 1308
09/02/06 20:31:46 [Note]: 7026 0
09/02/06 20:31:46 [Note]: 7026 0
09/02/06 20:31:46 [Note]: 7015 1744
09/02/06 20:31:46 [Note]: 7015 5
09/02/06 20:31:46 [Note]: 7015 1824
09/02/06 20:31:46 [Note]: 7015 5
09/02/06 20:31:46 [Note]: 7024 3
09/02/06 20:31:46 [Info]: Hidden process: C:\windows\system32\nzhfkvosc.exe
09/02/06 20:31:46 [Note]: 7015 2044
09/02/06 20:31:46 [Note]: 7015 5
09/02/06 20:31:46 [Note]: FSRAW library version 1.7.1019
09/02/06 20:37:53 [Info]: Hidden file: c:\WINDOWS\system32\nzhfkvosc_nav.dat
09/02/06 20:37:53 [Note]: 10002 1
09/02/06 20:37:55 [Info]: Hidden file: c:\WINDOWS\system32\nzhfkvosc.dat
09/02/06 20:37:55 [Note]: 10002 1
09/02/06 20:37:57 [Info]: Hidden file: C:\windows\system32\nzhfkvosc.exe
09/02/06 20:37:57 [Note]: 10002 1
09/02/06 20:37:58 [Info]: Hidden file: c:\WINDOWS\system32\nzhfkvosc_navps.dat
09/02/06 20:37:58 [Note]: 10002 1
09/02/06 20:38:15 [Info]: Hidden file: c:\WINDOWS\Prefetch\NZHFKVOSC.EXE-28117FD9.pf
09/02/06 20:38:15 [Note]: 10002 1
09/02/06 20:43:17 [Note]: 7007 0
0
Réponse 9 / 19
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
On continue

Télécharge Brute Force Uninstaller (de Merijn) ici:
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU.
Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)

Ensuite, télécharge EGDACCESS.bfu (de Metallica) :

Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers".
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
- Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu
- Coches la case Show log after script ends
- Clique sur Execute pour que le fix fasse son boulot :-)

Attends que le message Complete script execution apparaîsse et clique sur OK.
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
Clique Exit pour fermer le programme BFU.

==========================================

Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
Clique sur Scan pour lancer l'analyse.
Une fois fait, sélectionnes chaque fichiers trouvés et clic sur "RENAME"
Puis valide.
Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Après le reboot du pc, les fichiers :

C:\windows\system32\nzhfkvosc.exe
c:\WINDOWS\system32\nzhfkvosc_nav.dat
c:\WINDOWS\system32\nzhfkvosc.dat
c:\WINDOWS\system32\nzhfkvosc_navps.dat

devraient être visible et pouvoir être supprimés sans aucuns soucis.
Blacklight ne les supprimes pas, il les renomme simplement et il va falloir que tu les vires toi-même:
Va dans C:\windows\system32\ et recherches et effaces:

nzhfkvosc.exe
nzhfkvosc_nav.dat
nzhfkvosc.dat
nzhfkvosc_navps.dat

Une fois fait, reposte un rapport hijackthis et un nouveau rapport de blacklight.

A++
0
Réponse 10 / 19
gaston
 
voici hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 08:04:02, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StofWare\NoSpam\NoSpam.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\olivier\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Update Draven] draven.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [nzhfkvosc] c:\windows\system32\nzhfkvosc.exe nzhfkvosc
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.206.67.116/activex/AxisCamControl.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.6/ttinst-french.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

et blacklight

09/03/06 08:04:23 [Info]: BlackLight Engine 1.0.46 initialized
09/03/06 08:04:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/03/06 08:04:24 [Note]: 7019 4
09/03/06 08:04:24 [Note]: 7005 0
09/03/06 08:04:29 [Note]: 7006 0
09/03/06 08:04:29 [Note]: 7011 1308
09/03/06 08:04:29 [Note]: 7026 0
09/03/06 08:04:30 [Note]: 7026 0
09/03/06 08:04:30 [Note]: 7015 504
09/03/06 08:04:30 [Note]: 7015 5
09/03/06 08:04:30 [Note]: 7015 1724
09/03/06 08:04:30 [Note]: 7015 5
09/03/06 08:04:30 [Note]: 7015 1884
09/03/06 08:04:30 [Note]: 7015 5
09/03/06 08:04:43 [Note]: FSRAW library version 1.7.1019
09/03/06 08:08:12 [Note]: 2000 1006
09/03/06 08:08:19 [Note]: 7007 0
0
Réponse 11 / 19
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut,

Fais ce qui suit et c'est bon :
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.206.67.116/activex/AxisCamControl.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.6/ttinst-french.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

023 France TELECOM

clique sur demarrer, executer, tape: services.msc ,cherche dans la liste et regle cette ligne sur "desactivé"

France Telecom Routing Table Service (inutile)

supprime l'executable

C:\WINDOWS\System32\FTRTSVC.exe

Tiens nous au courant
A++

0
Réponse 12 / 19
gaston
 
ok je crois que cette fois c est bon

merci beaucoup

a plus
0
Réponse 13 / 19
incognito02 Messages postés 3487 Statut Contributeur 138
 
Bonsoir,

Ben je suis désolé, mais à mon avis, c'est pas encore bon !

Peux tu remettre un hijackthis, stp.

A+
0
Réponse 14 / 19
gaston
 
voila

Logfile of HijackThis v1.99.1
Scan saved at 20:23:56, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StofWare\NoSpam\NoSpam.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Documents and Settings\olivier\Bureau\APPLICATIONS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Update Draven] draven.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [nzhfkvosc] c:\windows\system32\nzhfkvosc.exe nzhfkvosc
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
0
Réponse 15 / 19
incognito02 Messages postés 3487 Statut Contributeur 138
 
Bonsoir,

Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !

Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O4 - HKLM\..\Run: [Windows Update Draven] draven.exe

O4 - HKLM\..\Run: [nzhfkvosc] c:\windows\system32\nzhfkvosc.exe nzhfkvosc

O4 - HKLM\..\RunServices: [Windows Update Draven] draven.exe

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

draven.exe

c:\windows\system32\nzhfkvosc.exe

C:\WINDOWS\system32\nvsvcd.exe

----------------------------------------------------------------------------
Arrête ces services :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: Windows Log

Règle-le sur "Arrêté" et "Désactivé".

Vide ta Corbeille.

Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Bon courage.

A+
0
Réponse 16 / 19
gaston
 
Logfile of HijackThis v1.99.1
Scan saved at 08:07:47, on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StofWare\NoSpam\NoSpam.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\olivier\Bureau\APPLICATIONS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C5D79C6-9C00-42B0-97A9-32DFE3621C23} - C:\WINDOWS\system32\webclntd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: assistant d'acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O17 - HKLM\System\CCS\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS3\Services\Tcpip\..\{12303F08-377F-46B6-BFAA-54C73A68FF94}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: mspr32.dll - {2E6039B1-21A1-3582-2FC5-A58921F819ED} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 17 / 19
incognito02 Messages postés 3487 Statut Contributeur 138
 
Bonjour Gaston,

Ton log hijackthis me parait ok.

Où en sont tes soucis ?

A+
0
Réponse 18 / 19
19reyes Messages postés 3 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 20:44:36, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" Vimicro USB PC Camera LTI301P
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5A0DD-E238-4FAB-8DCC-1CB78EF04F8F}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 19 / 19
zanolau Messages postés 32 Statut Membre 1
 
bonjour,
je me greffe à la discussion car je ne sais comment faire pour intervenir sur ce virus "système doctor"(entres autres). Au secours!!!!
merci d'avance pour toute aide car je ne suis pas toujours en place en ce qui concerne l'informatique.
nat
voici mon rapport Spybot:

--- Search result list ---
eXact Advertising.BargainsBuddy: Code storage database (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650}

Tradedoubler: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

CoreMetrics: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

DoubleClick: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

ReliableStats: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

ErrorSafe: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

Zedo: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

Winsoftware.WinAntiVirusPro2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

MediaPlex: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

ErrorSafe: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

BurstMedia: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

BurstMedia: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

TagASaurus: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

BlueStreak: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

FastClick: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

SystemDoctor2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

SystemDoctor2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)

Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)

BurstMedia: Cookie traceur (Firefox: default) (Cookie, nothing done)

CasaleMedia: Cookie traceur (Firefox: default) (Cookie, nothing done)

DoubleClick: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

MediaPlex: Cookie traceur (Firefox: default) (Cookie, nothing done)

Win32.Small.ddx: Cookie traceur (Firefox: default) (Cookie, nothing done)

SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)

Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)

Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)

Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)

CoreMetrics: Cookie traceur (Firefox: default) (Cookie, nothing done)

SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)

ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

--- System information ---
Windows 2003 (Build: 3790) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

--- Startup entries list ---
Located: HK_LM:Run, hid_start
command: C:\WINDOWS\SysWow64\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
file: C:\WINDOWS\SysWow64\Rundll32.exe
size: 34816
MD5: 75139c5e6b968e39a5a35e7003fa7049

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 257088
MD5: b0e9efadf04e9e25c0001b48757f3e71

Located: HK_LM:Run, Picasa Media Detector
command: "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
file: C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
size: 366400
MD5: 72b2cad5f56b875ca8b75b39412ada20

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\qttask.exe
size: 282624
MD5: 30e1f03dcc8825988528d9058312ede2

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1681920
MD5: 4c2f0cbcb62f7c601c350e9b3228eb22

Located: HK_CU:Run, NBJ
command: "C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
file: C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe
size: 1957888
MD5: 9cab916797d8d39f78b8800c2a23add6

Located: Démarrage (tous utilisateurs), Démarrage d'Office.lnk
command: C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
file: C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d

Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk
command: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Démarrage (tous utilisateurs), Microsoft Recherche accélérée.lnk
command: C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
file: C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: 7fb98f00d51601071d2f490b82e3cfa2

Located: Démarrage (utilisateur), LimeWire On Startup.lnk
command: C:\Program Files (x86)\LimeWire\LimeWire.exe
file: C:\Program Files (x86)\LimeWire\LimeWire.exe
size: 147456
MD5: 365418b2fefca481c6ce388da076eac2

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, dimsntfy
command: dimsntfy.dll
file: dimsntfy.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll

--- Browser helper object list ---
{36A91CEC-6C71-4758-B492-397BFC8E96A2} (rightonadz.biz browser optimizer)
BHO name:
CLSID name: rightonadz.biz browser optimizer
Path: C:\WINDOWS\SysWow64\
Long name: gzmrotate.dll
Short name: GZMROT~2.DLL
Date (created): 12/09/2007 12:46:22
Date (last access): 24/09/2007 10:01:44
Date (last write): 12/09/2007 12:46:22
Filesize: 62464
Attributes: archive
MD5: 1A10CC10BC97FB3D8D19F5E7236C851E
CRC32: 51C14F71
Version: 1.0.6.2

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Fichiers communs\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 31/08/2006 20:33:06
Date (last access): 24/09/2007 08:25:16
Date (last write): 31/08/2006 20:33:06
Filesize: 322368
Attributes: archive
MD5: E43F7CFDEE2B00A22C96C168147B20D3
CRC32: 2AEACC43
Version: 4.100.313.1

{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program Files (x86)\MSN Apps\ST\01.03.0000.1005\en-xu\
Long name: stmain.dll
Short name:
Date (created): 06/01/2006 19:16:42
Date (last access): 24/09/2007 10:03:20
Date (last write): 13/08/2004 18:42:00
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 1.2.3000.1001

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
BHO name:
CLSID name: MSNToolBandBHO
Path: C:\Program Files (x86)\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\
Long name: msntb.dll
Short name:
Date (created): 10/02/2006 15:46:56
Date (last access): 24/09/2007 08:25:38
Date (last write): 17/01/2006 17:04:16
Filesize: 282624
Attributes: archive
MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
CRC32: 1DF31317
Version: 1.2.5000.1021

{F31B3634-12AA-41ca-B021-0685C3B3E4CA} (adssite)
BHO name:
CLSID name: adssite
Path: C:\WINDOWS\SysWow64\
Long name: nsq23D2.dll
Short name:
Date (created): 13/09/2007 16:55:18
Date (last access): 24/09/2007 09:45:22
Date (last write): 13/09/2007 16:55:18
Filesize: 139264
Attributes: archive
MD5: 683B4AC8C210D60FC7716B4D5F08AC63
CRC32: 0D55C007
Version: 3.4.0.0

--- ActiveX list ---
{0878B424-1F95-4E26-B5AB-F0D349D89650} ()
DPF name:
CLSID name:
Installer:
Codebase: http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab

--- Process list ---
PID: 0 ( 0) [System]
PID: 1564 ( 600) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 59008
MD5: DC995DA2D258C0590C3AE07EC68BFEE6
PID: 1636 ( 600) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 132736
MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
PID: 1980 (1364) C:\Program Files\Messenger\msmsgs.exe
size: 1681920
MD5: 4C2F0CBCB62F7C601C350E9B3228EB22
PID: 280 (1364) C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: D06276D4CAD46CDCEABEFDEB1A0D3C0D
PID: 296 (1364) C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: 7FB98F00D51601071D2F490B82E3CFA2
PID: 316 (1364) C:\Program Files (x86)\LimeWire\LimeWire.exe
size: 147456
MD5: 365418B2FEFCA481C6CE388DA076EAC2
PID: 408 ( 252) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
size: 366400
MD5: 72B2CAD5F56B875CA8B75B39412ADA20
PID: 416 ( 252) C:\Program Files (x86)\QuickTime\qttask.exe
size: 282624
MD5: 30E1F03DCC8825988528D9058312EDE2
PID: 440 ( 252) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 257088
MD5: B0E9EFADF04E9E25C0001B48757F3E71
PID: 480 ( 252) C:\WINDOWS\SysWow64\Rundll32.exe
size: 34816
MD5: 75139C5E6B968E39A5A35E7003FA7049
PID: 2076 ( 796) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 94208
MD5: DACFC2F360CE06B5FF89CE8CA3D7E346
PID: 2144 ( 600) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 255616
MD5: AA6691D73782FA5D94E0CED6D27C3DE8
PID: 2208 ( 600) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 370304
MD5: D6B2638DDBFB34AC78B153CDD0792C37
PID: 2228 ( 600) C:\Program Files (x86)\iPod\bin\iPodService.exe
size: 500800
MD5: 661194608009B558DE1925C7EBE1A4BA
PID: 2748 ( 796) C:\Program Files (x86)\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 115024
MD5: 44CDED85B91EEF32E9CBCA348371F6BB
PID: 1048 (2076) C:\Program Files (x86)\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
size: 86016
MD5: E377C992DFBB5837826EA311E436C66D
PID: 2004 (2076) C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 71288
MD5: 6C37AD8C2212D3DDC456BB48A3AA398E
PID: 1120 (1364) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1596 (1364) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 7604331
MD5: CB49C8AE9B44535D2B6FCDE74C589AC9
PID: 4 ( 0) System
PID: 256 ( 4) smss.exe
PID: 304 ( 256) csrss.exe
PID: 552 ( 256) winlogon.exe
PID: 600 ( 552) services.exe
PID: 612 ( 552) lsass.exe
PID: 796 ( 600) svchost.exe
PID: 888 ( 600) svchost.exe
PID: 928 ( 600) svchost.exe
PID: 1000 ( 600) svchost.exe
PID: 1032 ( 600) svchost.exe
PID: 1152 ( 600) spoolsv.exe
PID: 1364 (1328) explorer.exe
PID: 1680 ( 600) svchost.exe
PID: 1800 ( 600) svchost.exe
PID: 2392 ( 796) wmiprvse.exe
PID: 2672 ( 600) alg.exe

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 24/09/2007 10:17:08

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.google.com/search?q=http+google&gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
(AddressBook)

Adssite Browser Optimizer 3.4.0.0 (adssite)
uninstall cmd: C:\WINDOWS\system32\adssite-remove.exe

Adssite Games Collection (AdssiteGames)
uninstall cmd: C:\Program Files (x86)\Adssite Games Collection\uninstall.exe

Adssite Advanced Toolbar 1.0.1.2 (AdssiteToolBar)
uninstall cmd: C:\Program Files (x86)\Adssite Advanced Toolbar\uninstall.exe

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: https://www.avast.com/fr-fr/index

(Branding)

DFX for Winamp 7 (DFX for Winamp)
uninstall cmd: "C:\Program Files (x86)\Winamp\uninstall_dfx.exe"
publisher: Power Technology

(DirectDrawEx)

(DXM_Runtime)

EPSON Scan (EPSON Scanner)
uninstall cmd: C:\Program Files (x86)\epson\escndv\setup\setup.exe /r

(Fontcore)

Haali Media Splitter (HaaliMkx)
uninstall cmd: "C:\Program Files (x86)\Matroska Pack\haali\uninstall.exe"

HijackThis 2.0.0 2.0.0 (HijackThis)
uninstall cmd: "C:\Documents and Settings\paul\Desktop\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Security Update for Windows XP (KB923789) (KB923789)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/923789/ms06-069-vulnerabilities-in-macromedia-flash-player-from-adobe-could-a

LimeWire 4.14.8 4.14.8 (LimeWire)
uninstall cmd: "C:\Program Files (x86)\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: https://helpx.adobe.com/shockwave.html

Matroska Pack (Matroska Pack)
uninstall cmd: C:\Program Files (x86)\Matroska Pack\uninstall.exe

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(MobileOptionPack)

Mozilla Firefox (2.0) 2.0 (fr) (Mozilla Firefox (2.0))
install location: C:\Program Files (x86)\Mozilla Firefox
uninstall cmd: C:\Program Files (x86)\Mozilla Firefox\uninstall\uninst.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Firefox (2.0.0.7) 2.0.0.7 (fr) (Mozilla Firefox (2.0.0.7))
install location: C:\PROGRA~2\Mozilla Firefox
uninstall cmd: C:\PROGRA~2\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Thunderbird (1.0) 1.0 (fr) (Mozilla Thunderbird (1.0))
install location: C:\Program Files (x86)\Mozilla Thunderbird
uninstall cmd: C:\WINDOWS\UninstallThunderbird.exe /ua "1.0 (fr)"
publisher: Mozilla

(MPlayer2)

Barre d'outils MSN (MSN Toolbar)
uninstall cmd: C:\Program Files (x86)\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files (x86)\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Microsoft Office 97 Standard (Office8.0)
uninstall cmd: C:\Program Files (x86)\Microsoft Office\Office\Install\Acme.exe /w Off97Std.stf

(OutlookExpress)

PhotoFiltre (PhotoFiltre)
uninstall cmd: "C:\Documents and Settings\paul\My Documents\photofiltre\Uninst.exe"

Picasa 2 2.0 (Picasa2)
uninstall cmd: "C:\Program Files (x86)\Picasa2\Uninstall.exe"
publisher: Google, Inc.
help link: http://picasa.google.com/

PowerCheck 4.2.3 Ver 4.2.3 (PowerCheck_is1)
uninstall cmd: "C:\Program Files (x86)\PowerCheck\unins000.exe"

Rightonadz Browser Optimizer 1.0.6.2 (rightonadz)
uninstall cmd: C:\WINDOWS\system32\gzmrot-uninst.exe

(SchedulingAgent)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
publisher: Adobe Systems
help link: https://helpx.adobe.com/flash-player.html

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files (x86)\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Subdo Viewer 1.71 (Subdo Viewer)
uninstall cmd: C:\Program Files (x86)\Subdo\Subdo Viewer\uninst.exe
publisher: Virtual Business Solutions & Systems

File Scavenger 3.1 3.1 (V3.1_is1)
install location: C:\Temp\File Scavenger 3.1\
uninstall cmd: "C:\Temp\File Scavenger 3.1\unins000.exe"
publisher: QueTek™ Consulting Corporation

VideoLAN VLC media player 0.8.2 0.8.2 (VLC media player)
uninstall cmd: C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files (x86)\Winamp\UninstWA.exe"

The GIMP 2.0.5 (WinGimp-2.0_is1)
install location: C:\Program Files (x86)\GIMP-2.0\
uninstall cmd: "C:\Program Files (x86)\GIMP-2.0\unins000.exe"
publisher: <Gimp for Windows homepage>
help link: https://groups.yahoo.com/neo/groups/gimpwin-users/info

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files (x86)\WinRAR\uninstall.exe

3.0.20070525 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20070525
version (major): 3

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20060118
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files (x86)\Java\jre1.5.0_06\README.txt

Google Earth 4.0.2744 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 67111608
install date: 20070515
install location: C:\Program Files (x86)\Google\Google Earth
install source: C:\Documents and Settings\paul\Desktop\GoogleEarthWin_EARE.exe
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
publisher: Google

Petit Larousse 2003 ({495D3648-1D6B-4B71-B174-6A2452FFF8CD})
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{495D3648-1D6B-4B71-B174-6A2452FFF8CD}\setup.exe" -l0x40c

Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
version: 73662777
version (major): 4
version (minor): 100
estimated size: 1220
install date: 20070816
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
publisher: Microsoft Corporation

QuickTime 7.1.5.120 ({5E863175-E85D-44A6-8968-82507D34AE7F})
version: 117506053
version (major): 7
version (minor): 1
estimated size: 69655
install date: 20070421
install location: C:\Program Files (x86)\QuickTime\
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP547.TMP\
uninstall cmd: MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
publisher: Apple Computer, Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: (33) 0825 888 024

Pro Evolution Soccer 5 1.00.0000 ({85C3FA3C-4832-4204-B21E-168E4920936A})
version: 16777216
version (major): 1
estimated size: 1099080
install date: 20060404
install location: C:\appsProgram Files (x86)\KONAMI\Pro Evolution Soccer 5\
install source: D:\
publisher: KONAMI

PC Applications v4.0 1.00.0000 ({95D23536-4111-463C-88F7-77BBBBBF109A})
version: 16777216
install location: C:\Program Files (x86)\VK Mobile\PC Applications v4.0
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{95D23536-4111-463C-88F7-77BBBBBF109A}\setup.exe" -l0x40c

iTunes 7.1.1.5 ({AB90749C-7422-4580-8A7A-66CC5E9E5F98})
version: 117506049
version (major): 7
version (minor): 1
estimated size: 51658
install date: 20070421
install location: C:\Program Files (x86)\iTunes\
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP547.TMP\
uninstall cmd: MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: +33 (0) 825 888 024

Adobe Reader 7.0.9 - Français 7.0.9 ({AC76BA86-7AD7-1036-7B44-A70900000002})
version: 117440521
version (major): 7
estimated size: 78484
install date: 20070119
install source: C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: https://helpx.adobe.com/support.html
help telephone:
readme: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\Readme.htm

Apple Software Update 2.0.2.92 ({B74F042E-E1B9-4A5B-8D46-387BB172F0A4})
version: 33554434
version (major): 2
estimated size: 2204
install date: 20070919
install location: C:\Program Files (x86)\Apple Software Update\
install source: C:\Program Files (x86)\Apple Software Update\Packages\
uninstall cmd: MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: 0825 888 024

Sony ACID Pro 5.0c 5.0.345 ({C263C8DC-FFBC-4358-A62F-BDBCD58AE64A})
version: 83886425
version (major): 5
estimated size: 76383
install date: 20060326
install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\
uninstall cmd: MsiExec.exe /X{C263C8DC-FFBC-4358-A62F-BDBCD58AE64A}
publisher: Sony
help link: https://www.sonycreativesoftware.com/support

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 75259
install date: 20070712
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Sony Media Manager 2.0 2.0.55 ({D60D2B02-125F-4DDB-9674-41DD538C457A})
version: 33554487
version (major): 2
estimated size: 6831
install date: 20060326
install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\mediamgr\
uninstall cmd: MsiExec.exe /X{D60D2B02-125F-4DDB-9674-41DD538C457A}
publisher: Sony
help link: https://www.sonycreativesoftware.com/support

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) 8.00.761 ({E09B48B5-E141-427A-AB0C-D3605127224A})
version: 134218489
version (major): 8
estimated size: 70731
install date: 20060326
install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\mediamgr\msde\Setup\
uninstall cmd: MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
publisher: Microsoft Corporation

Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files (x86)\Adobe\Photoshop CS
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\Rar$EX06.359\
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
publisher: Adobe Systems, Inc.

Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 31939
install date: 20070816
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
publisher: Microsoft Corporation

Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Aavmker4
Display name: avast! Asynchronous Virus Monitor
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): Adobe LM Service
Display name: Adobe LM Service
Description: Adobe LM Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 68096
Image MD5: D01DD9E6A7DFE540181147A38B13F43A
Start: 3
Type: 16
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): AeLookupSvc
Display name: Application Experience Lookup Service
Description: Process application compatibility lookup requests for applications as they are launched.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Realtek AC97 Audio (WDM)
Image path: system32\drivers\ALCWDM64.SYS
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 45056
Image MD5: FD79AFA46B60D32557CB62F6050C2B69
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Display name: AMD K8 Processor Driver
Image path: system32\DRIVERS\amdk8.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Processes installation, removal, and enumeration requests for Active Directory IntelliMirror group policy programs. If the service is disabled, users will be unable to install, remove, or enumerate any IntelliMirror programs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 3
Type: 32
Error Control: 1

Service (registry key): arc
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: E1A1206A4FB19B675E947B29CCD25FBA
Start: 3
Type: 16
Error Control: 1

Service (registry key): aswMon2
Display name: avast! Standard Shield Support
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Display name: aswRdr
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswTdi
Display name: avast! Network Shield Support
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswUpdSv
Display name: avast! iAVS4 Control Service
Description: Fournit la mise à jour automatique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Image size: 59008
Image MD5: DC995DA2D258C0590C3AE07EC68BFEE6
Start: 2
Type: 272
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): ati2mtag
Image path: system32\DRIVERS\ati2mtag.sys
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): avast! Antivirus
Display name: avast! Antivirus
Description: Gère et implémente les services de l'antivirus avast! pour cet ordinateur. Ceci inclut la protection résidente, la zone de quarantaine et le planificateur.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Image size: 132736
Image MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
Start: 2
Type: 272
Error Control: 1
Depends On services: aswMon2,RpcSS

Service (registry key): avast! Mail Scanner
Display name: avast! Mail Scanner
Description: Implémente l'analyse du courrier électronique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Image size: 255616
Image MD5: AA6691D73782FA5D94E0CED6D27C3DE8
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): avast! Web Scanner
Display name: avast! Web Scanner
Description: Implémente l'analyse du contenu web (HTTP) pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Image size: 370304
Image MD5: D6B2638DDBFB34AC78B153CDD0792C37
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Bdfndisf
Display name: BitDefender Firewall NDIS Filter Service
Image path: system32\DRIVERS\bdfndisf.sys
Image size: 44288
Image MD5: A3C7298A67D4924C329393F920CCEDC1
Start: 3
Type: 1
Error Control: 1

Service (registry key): bdftdif
Display name: bdftdif
Image path: \??\C:\Program Files (x86)\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss,EventSystem

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): CdaC15BA
Display name: CdaC15BA
Image path: system32\DRIVERS\CdaC15BA.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): CdaD10BA
Display name: CdaD10BA
Image path: system32\DRIVERS\CdaD10BA.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Service d'indexation
Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 6656
Image MD5: EBC34382D0B069AEBA6E9168A9826BAA
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 32256
Image MD5: E53196BA56081F154E2D7A9E50A1D33F
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: Application système COM+
Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model). Si ce service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. S'il est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5632
Image MD5: 5437813752863E1201E353FCAD8CAE37
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss,eventsystem

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): crcdisk
Display name: CRC Disk Filter Driver
Image path: system32\DRIVERS\crcdisk.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dfs
Start: 0
Type: 0
Error Control: 0

Service (registry key): Dhcp
Display name: DHCP Client
Description: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: system32\DRIVERS\dmio.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Collects, stores, and reports unexpected application crashes to Microsoft. If this service is stopped, then Error Reporting will occur only for kernel faults and some types of user mode faults. If this service is disabled, any services that explicitly depend on it will not start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k WinErr
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: Système d'événements de COM+
Description: Prend en charge le service de notification d'événements système (SENS, System Event Notification Service), qui fournit une distribution automatique d'événements aux composants COM (Component Object Model) abonnés. Si le service est arrêté, SENS sera fermé et ne pourra fournir des informations d'ouverture et de fermeture de session. Si ce service est désactivé, le démarrage de tout service qui en dépend explicitement échouera.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15664
Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): gusvc
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 136120
Image MD5: C1B577B2169900F4CF7190C39F085794
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): helpsvc
Display name: Aide et support
Description: Permet à l'application Aide et support de fonctionner sur cet ordinateur. Si ce service est arrêté, la fonctionnalité Aide et support ne sera pas disponible. S'il est désactivé, tous les services dépendant explicitement de ce service ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HidUsb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Start: 3
Type: 1
Error Control: 0

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: syst
0

Discussions similaires

comment ouvrir un fichier .key ?
joaferre -
toto44 -

16 réponses
convertir fichier .key en .ppt ( powerpoint pour Macoffice 2008
melimelo56 -
marmotte -

2 réponses
Comment ouvrir un fichier .key sous Windows 7
Eldrid -
Eldrid -

3 réponses
wifi master key = fonctionnement
mahmoud9111 -
pistouri -

1 réponse
Keys pour camtasia studio 8
ArmoireSansPortes -
-L0Lock- -

2 réponses