Sujet Précédent Sujet Suivant

[Virus] Infécté par System doctor

Fermé
Wally - 9 oct. 2006 à 20:24
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 1 nov. 2006 à 17:05
Bonjour, je suis infecté par System Doctor.
J'ai vu sur d'autres posts qu'il faut faire un scan Hijackthis pour pouvoir recevoir de l'aide.
Ainsi, je serait très reconnaissant si quelqu'un pouvait m'aider avec ce problème.
Merci par avance, voici mon log:

Logfile of HijackThis v1.99.1
Scan saved at 20:16:20, on 09/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://pokman.forumactif.com/login?redirect=/f1-forum
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DC48EB5-DCC3-4A28-B67F-E295F69587CC}: NameServer = 84.103.237.145 86.64.145.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

Merci encore

21 réponses

  • 1
  • 2
Réponse 1 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
10 oct. 2006 à 13:03
Salut;

Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

a+
0
Réponse 2 / 21
Wally
10 oct. 2006 à 13:32
Merci beaucoup, c'est vraiment sympa de ta part.
Alors voilà ce que ça donne:

fsbl-20061010112706.log

10/10/06 13:27:06 [Info]: BlackLight Engine 1.0.47 initialized
10/10/06 13:27:06 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/10/06 13:27:06 [Note]: 7019 4
10/10/06 13:27:06 [Note]: 7005 0
10/10/06 13:27:19 [Note]: 7006 0
10/10/06 13:27:19 [Note]: 7011 1848
10/10/06 13:27:19 [Note]: 7026 0
10/10/06 13:27:19 [Note]: 7026 0
10/10/06 13:27:23 [Note]: FSRAW library version 1.7.1020
0
Réponse 3 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
10 oct. 2006 à 15:21
Salut

Rien de bien terrible...

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
0
Réponse 4 / 21
Wally
10 oct. 2006 à 19:06
Salut,
ça donne ça:

"Silent Runners.vbs", revision 48, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"nTrayFw" = "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" ["NVIDIA Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Launch Ai Booster" = ""C:\Program Files\ASUS\Ai Booster\OverClk.exe"" [null data]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"VGAUtil" = "C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [empty string]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" = "CopyToCD shell extension"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Drew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\AXIALI~1.SCR" (Axialis Aurora.scr) ["Axialis Software"]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - Drew" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SYSTEMROOT%\system32\nvappfilter.dll ["NVIDIA"], 01 - 17, 35
%SystemRoot%\system32\mswsock.dll [MS], 18 - 20, 23 - 34
%SystemRoot%\system32\rsvpsp.dll [MS], 21 - 22


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 2 lines


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe" [empty string]
ForceWare IP service, nSvcIp, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe" ["NVIDIA"]
ForceWare user log service, nSvcLog, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe" ["NVIDIA"]
Forceware Web Interface, ForcewareWebInterface, ""C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice" ["Apache Software Foundation"]
ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 48 seconds, including 18 seconds for message boxes)

Merci encore
A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
10 oct. 2006 à 21:39
Salut

scan ton pc avec spybot et copie colle le rapport

a+
0
Réponse 6 / 21
Wally
11 oct. 2006 à 12:56
Yep yep!
Alors voilà:

--- Search result list ---


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/917283/ms06-033-a-vulnerability-in-asp-net-could-allow-information-disclosure
/ Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
/ Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
/ Windows XP / SP3: Correctif Windows XP - KB867282
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB883939)
/ Windows XP / SP3: Correctif Windows XP - KB884883
/ Windows XP / SP3: Correctif Windows XP - KB885894
/ Windows XP / SP3: Correctif Windows XP - KB886716
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046)
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Correctif Windows XP - KB890923
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893066)
/ Windows XP / SP3: Correctif Windows XP - KB893086
/ Windows XP / SP3: Correctif pour Windows XP (KB893357)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB894391)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB896427)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428)
/ Windows XP / SP3: Correctif Windows XP - KB896626
/ Windows XP / SP3: Mise à jour pour Windows XP (KB897663)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Correctif pour Windows XP (KB898900)
/ Windows XP / SP3: Correctif pour Windows XP (KB899271)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899588)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899589)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB900485)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900930)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB903235)
/ Windows XP / SP3: Correctif pour Windows XP (KB904412)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB904942)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905915)
/ Windows XP / SP3: Correctif pour Windows XP (KB906569)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB907265)
/ Windows XP / SP3: Correctif pour Windows XP (KB907865)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB908521)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908531)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB910437)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911280)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911562)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911567)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911927)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912812)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912919)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913446)
/ Windows XP / SP3: Correctif pour Windows XP (KB913538)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913580)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914388)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB916281)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB916595)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917159)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917344)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917953)
/ Windows XP / SP3: Correctif pour Windows XP (KB918005)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918439)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918899)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB919007)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920214)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920670)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920685)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB920872)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921398)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921883)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB922582)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922616)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925486)


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
file: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 59040
MD5: 42d55a54df63361a3207f830508ba4a4

Located: HK_LM:Run, DAEMON Tools
command: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
file: C:\Program Files\DAEMON Tools\daemon.exe
size: 133016
MD5: d050311a72d10d4d2cffacf5728fc978

Located: HK_LM:Run, Launch Ai Booster
command: "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
file: C:\Program Files\ASUS\Ai Booster\OverClk.exe
size: 3627520
MD5: 52bc9172885f2ad43383de7f0511969e

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, nTrayFw
command: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
file: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
size: 266240
MD5: 144d815eba5f324cdd5128841abf3b1a

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 7ecd5764e6418cb3baf52381c67fda11

Located: HK_LM:Run, Omnipage
command: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
file: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: 1d0f6aeaceddda839eeb6af0e9db9f9b

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 8fb740d758b14b1bc950cc347c21e461

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: d5d0cd6a04617a15c2df76cd668ff540

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
size: 36975
MD5: 892eb04bc0b1a542a97197d3fa31268f

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, VGAUtil
command: C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
file: C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
size: 544768
MD5: 4b31471360a0ca510a5b42a1fe085341

Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
size: 155896
MD5: 249338b21eac30a454fd27a939308855

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: https://get2.adobe.com/reader/otherversions/
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/01/2006 19:38:22
Date (last access): 12/09/2006 22:32:50
Date (last write): 12/01/2006 19:38:22
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 07/10/2006 11:39:42
Date (last access): 07/10/2006 11:39:42
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 03/05/2006 02:57:02
Date (last access): 03/05/2006 02:57:02
Date (last write): 03/05/2006 03:14:38
Filesize: 434279
Attributes: archive
MD5: 162186B53BBB5964F9E806F96934338E
CRC32: 1C68240D
Version: 5.0.70.3

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Norton Internet Security)
BHO name: Norton Internet Security
CLSID name: CNisExtBho Class
description: NIS 2004,
classification: Legitimate
known filename: NISShExt.dll
info link: https://us.norton.com/internet-security
info source: TonyKlein
Path: C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\
Long name: NISShExt.dll
Short name:
Date (created): 31/08/2004 10:29:54
Date (last access): 12/09/2006 23:36:56
Date (last write): 31/08/2004 10:29:54
Filesize: 103568
Attributes: archive
MD5: C022E044C7693F7581FFA624BC61BA16
CRC32: AAC028CD
Version: 8.0.0.64

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://www.google.com/intl/fr/toolbar/ie/index.html
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 13/09/2006 12:42:22
Date (last access): 13/09/2006 12:42:22
Date (last write): 13/09/2006 12:42:22
Filesize: 2051136
Attributes: readonly archive
MD5: 041A63735841B6A4A658C1D427EF0ACC
CRC32: 3C29D67A
Version: 4.0.1019.5266

{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: https://us.norton.com/antivirus
info source: TonyKlein
Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 31/08/2004 02:34:34
Date (last access): 03/11/2005
Date (last write): 19/10/2005 12:54:30
Filesize: 218736
Attributes: archive
MD5: EB77A64845D96A77C148A3905641FD45
CRC32: 777D84AF
Version: 11.0.16.2



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 03/05/2006 02:57:02
Date (last access): 03/05/2006 02:57:02
Date (last write): 03/05/2006 03:14:38
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3

{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_07.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 03/05/2006 02:57:02
Date (last access): 03/05/2006 02:57:02
Date (last write): 03/05/2006 03:14:38
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 03/05/2006 02:57:02
Date (last access): 03/05/2006 02:57:02
Date (last write): 03/05/2006 03:14:38
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3



--- Process list ---
PID: 0 ( 0) [System]
PID: 800 ( 4) \SystemRoot\System32\smss.exe
PID: 848 ( 800) \??\C:\WINDOWS\system32\csrss.exe
PID: 872 ( 800) \??\C:\WINDOWS\system32\winlogon.exe
PID: 920 ( 872) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 63DCDE1A0D86EEB8924D6738FF616EAD
PID: 932 ( 872) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 259AF82A0932EEA4F316F92DB94707B6
PID: 1084 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1132 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1276 ( 920) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1324 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1376 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1688 (1668) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 76B3D5A12E1008FD656921D3035783F1
PID: 1800 ( 920) C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
size: 235168
MD5: 9C19BA0D3F8909BAF321D5FD7CCA428C
PID: 1836 ( 920) C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
size: 181920
MD5: 103D570135D9AD6F99AAFB54B7323E99
PID: 1884 ( 920) C:\Program Files\Norton Internet Security\ISSVC.exe
size: 83584
MD5: 64BC5239264896C8D8FCE558CFBA029B
PID: 1904 ( 920) C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1924 ( 920) C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 173160
MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
PID: 2016 ( 920) C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
size: 198304
MD5: B0BEB1D0B3506919A56CDF04ACEA9F70
PID: 580 ( 920) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: AD3D9D191AEA7B5445FE1D82FFBB4788
PID: 664 ( 920) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 100032
MD5: 7768CE75C5CBF0D8F441CE2BBD806B7F
PID: 708 ( 920) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
size: 20543
MD5: B81F8778F5BB485F3B75114F0C99A49F
PID: 740 ( 920) C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 177264
MD5: 8FC8458BCB585617AAC9E17A558D9155
PID: 764 ( 920) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
size: 131136
MD5: CF0FA7F8366002692BF7E46805F531B9
PID: 996 ( 920) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
size: 57412
MD5: ACE9C161B76C066288A17FEA4BB7BFFC
PID: 1092 ( 920) C:\WINDOWS\system32\nvsvc32.exe
size: 127043
MD5: F6FCA6047879DE7A2964757EB8B2101B
PID: 1300 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1528 ( 920) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
size: 139264
MD5: B47576825F0A397E1C807C7EC23E1560
PID: 1916 ( 708) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
size: 20543
MD5: B81F8778F5BB485F3B75114F0C99A49F
PID: 3356 (1688) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
size: 266240
MD5: 144D815EBA5F324CDD5128841ABF3B1A
PID: 3360 ( 920) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: B43CC0F07752D456038CD0268E4D84E9
PID: 3372 (1688) C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: D5D0CD6A04617A15C2DF76CD668FF540
PID: 3380 (1688) C:\Program Files\ASUS\Ai Booster\OverClk.exe
size: 3627520
MD5: 52BC9172885F2AD43383DE7F0511969E
PID: 3400 (1688) C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 59040
MD5: 42D55A54DF63361A3207F830508BA4A4
PID: 3476 (1688) C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
size: 544768
MD5: 4B31471360A0CA510A5B42A1FE085341
PID: 3484 (1688) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 8FB740D758B14B1BC950CC347C21E461
PID: 3740 (1688) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: 1D0F6AEACEDDDA839EEB6AF0E9DB9F9B
PID: 3772 (1688) C:\Program Files\DAEMON Tools\daemon.exe
size: 133016
MD5: D050311A72D10D4D2CFFACF5728FC978
PID: 3780 (1688) C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
size: 36975
MD5: 892EB04BC0B1A542A97197D3FA31268F
PID: 3788 (1688) C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
size: 155896
MD5: 249338B21EAC30A454FD27A939308855
PID: 1652 (1688) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: 385D1644E676C96EB07848ADA63E37FA
PID: 3936 (1084) C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
size: 119952
MD5: 3927925DF9F3542DD016D3E65CCC71B1
PID: 5996 (1084) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 2FE6F76ADB634D4ED7EF9EAE726BC654
PID: 5348 (1084) C:\PROGRA~1\MESSEN~1\Msmsgs.exe
size: 1658592
MD5: 790F93E8EF18DB55A8780726864DE0E8
PID: 5608 (1688) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/10/2006 12:52:40

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://pokman.forumactif.com/login?redirect=/f1-forum
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.fr/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 1: NVIDIA App Filter over [MSAFD Tcpip [UDP/IP]]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 2: NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 3: NVIDIA App Filter over [RSVP UDP Service Provider]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 4: NVIDIA App Filter over [RSVP TCP Service Provider]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 5: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D57FB69-FED7-4A29-BD63-DDFACB4DF1F9}] SEQPACKET 3]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 6: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D57FB69-FED7-4A29-BD63-DDFACB4DF1F9}] DATAGRAM 3]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 7: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFF74082-F0B7-4EB5-9C45-96E6806D156E}] SEQPACKET 0]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 8: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFF74082-F0B7-4EB5-9C45-96E6806D156E}] DATAGRAM 0]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 9: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BD055CE-BDB8-40C6-9499-73CA20EDB252}] SEQPACKET 1]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 10: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BD055CE-BDB8-40C6-9499-73CA20EDB252}] DATAGRAM 1]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 11: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E12159D-01C8-4CAF-955A-97B5151E959F}] SEQPACKET 2]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 12: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E12159D-01C8-4CAF-955A-97B5151E959F}] DATAGRAM 2]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 13: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{27C10337-7E60-48B1-B241-6762148FF3D7}] SEQPACKET 4]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 14: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{27C10337-7E60-48B1-B241-6762148FF3D7}] DATAGRAM 4]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 15: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DC48EB5-DCC3-4A28-B67F-E295F69587CC}] SEQPACKET 5]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 16: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DC48EB5-DCC3-4A28-B67F-E295F69587CC}] DATAGRAM 5]
GUID: {1FABA825-5EE8-4202-B952-3ADF6A725BC1}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 17: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 18: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 19: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 20: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 21: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D57FB69-FED7-4A29-BD63-DDFACB4DF1F9}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D57FB69-FED7-4A29-BD63-DDFACB4DF1F9}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFF74082-F0B7-4EB5-9C45-96E6806D156E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFF74082-F0B7-4EB5-9C45-96E6806D156E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BD055CE-BDB8-40C6-9499-73CA20EDB252}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BD055CE-BDB8-40C6-9499-73CA20EDB252}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E12159D-01C8-4CAF-955A-97B5151E959F}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E12159D-01C8-4CAF-955A-97B5151E959F}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip_{27C10337-7E60-48B1-B241-6762148FF3D7}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip_{27C10337-7E60-48B1-B241-6762148FF3D7}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DC48EB5-DCC3-4A28-B67F-E295F69587CC}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DC48EB5-DCC3-4A28-B67F-E295F69587CC}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: NVIDIA App Filter
GUID: {561A1E9F-D78B-40E3-866D-4CE5CF6BB83F}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: https://www.adaware.com/

(AddressBook)

AI - Series (AI - Series)
uninstall cmd: "C:\Program Files\AI - Series\AI - Series.scr" /S /Uninstall

AsusUpdate (AsusUpdate)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"

(Branding)

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

(Fontcore)

GIGABYTE VGA Utility Manager (GIGABYTE VGA Utility Manager)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GigaByte\VGA Utility Manager\Uninst.isu"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Drew\Local Settings\Temporary Internet Files\Content.IE5\SREH4PU5\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

NVIDIA ForceWare Network Access Manager 2.03.467 (InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347})
version: 33751507
version (major): 2
version (minor): 3
estimated size: 38356
install date: 20060912
install source: C:\WINDOWS\Downloaded Installations\{9DF687E7-381C-4882-A05F-4ADF1DD53394}\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
publisher: NVIDIA Corporation
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

Correctif Windows XP - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/867282

Correctif Windows XP - KB885894 20040923.185333 (KB885894)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/885894

Windows Media Player 10 Hotfix - KB888656 (KB888656)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/888656

Hotfix for Windows Media Format SDK (KB902344) (KB902344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/902344

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) (KB911565)
install date: 20060912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/911565

Mise à jour de sécurité pour Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/913433

Mise à jour de sécurité pour Windows XP (KB914388) 1 (KB914388)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/914388

Mise à jour de sécurité pour Windows XP (KB916281) 1 (KB916281)
install date: 20060912
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/916281

Mise à jour pour Windows XP (KB916595) 1 (KB916595)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/916595

Mise à jour de sécurité pour Windows XP (KB917159) 1 (KB917159)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/917159

Security Update pour Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/917283/ms06-033-a-vulnerability-in-asp-net-could-allow-information-disclosure

Mise à jour de sécurité pour Windows XP (KB917422) 1 (KB917422)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/917422

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) (KB917734_WMP10)
install date: 20060912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/917734

Mise à jour de sécurité pour Windows XP (KB917953) 1 (KB917953)
install date: 20060912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/917953

Mise à jour de sécurité pour Windows XP (KB918899) 1 (KB918899)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/918899

Mise à jour de sécurité pour Windows XP (KB919007) 1 (KB919007)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/919007/ms06-052-vulnerability-in-pragmatic-general-multicast-pgm-could-result

Mise à jour de sécurité pour Windows XP (KB920214) 1 (KB920214)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/920214

Mise à jour de sécurité pour Windows XP (KB920670) 1 (KB920670)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/920670

Mise à jour de sécurité pour Windows XP (KB920683) 1 (KB920683)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/920683

Mise à jour de sécurité pour Windows XP (KB920685) 1 (KB920685)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/920685

Mise à jour pour Windows XP (KB920872) 1 (KB920872)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/920872

Mise à jour de sécurité pour Windows XP (KB921398) 1 (KB921398)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/921398

Mise à jour de sécurité pour Windows XP (KB921883) 1 (KB921883)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/921883/ms06-040-vulnerability-in-server-service-could-allow-remote-code-execu

Mise à jour pour Windows XP (KB922582) 1 (KB922582)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/922582/error-message-when-you-try-to-update-a-microsoft-windows-based-compute

Mise à jour de sécurité pour Windows XP (KB922616) 1 (KB922616)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/922616

Mise à jour de sécurité pour Windows XP (KB925486) 1 (KB925486)
install date: 20061003
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/925486

LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: C:\Program Files\Fichiers communs\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 3.0 (Symantec Corporation) 3.0.0.171 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Media Player Classic fr 6.4.9.0 (Media Player Classic)
install location: C:\Program Files\Media Player Classic
uninstall cmd: "C:\Program Files\Media Player Classic\uninstall.exe"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/ph/8291

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA (Microsoft .NET Framework 2.0 Language Pack - FRA)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/ph/8291

Matroska Pack - Lazy Man's MKV 0.9.9 (MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1)
install location: C:\Program Files\LD-Anime\
uninstall cmd: "C:\Program Files\LD-Anime\unins000.exe"
help link: http://ld-anime.subforge.net/guide/mkv

MKV TO AVI CONVERTER version 3.0 (MKV TO AVI CONVERTER_is1)
install location: C:\Program Files\MKVTOAVI\
uninstall cmd: "C:\Program Files\MKVTOAVI\unins000.exe"

(MobileOptionPack)

(MPlayer2)

Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvudisp.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(SchedulingAgent)

(Sevinst)

Shareaza version 2.2.1.0 2.2.1.0 (Shareaza_is1)
install location: C:\Program Files\Shareaza\
uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
publisher: Macromedia
help link: https://helpx.adobe.com/flash-player.html

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Norton Internet Security 2005 (Symantec Corporation) 8.0.0.64 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: C:\Program Files\Norton Internet Security
install source: C:\DOCUME~1\Drew\LOCALS~1\Temp\NORTON~1
uninstall cmd: C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
publisher: Symantec Corporation

VideoLAN VLC media player 0.8.5 0.8.5 (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Windows Genuine Advantage Notifications (KB905474) 1.5.0532.0 (WgaNotify)
install date: 20060912
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/905474

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

Codeur Windows Media Série 9 (Windows Media Encoder 9)
uninstall cmd: msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

Windows Media Connect (WMCSetup)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/windows/get-windows-media-player-81718e0d-cfce-25b1-aee3-94596b658287

Microsoft Windows Media Video 9 VCM (WMV9_VCM)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall

ArcSoft PhotoStudio 5 ({03F1CC67-5BD8-4C36-8394-76311B2AE69A})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x40c -uninst

USB MODEM Driver ({042E2C9D-6647-4C5F-9CEF-387D72023128})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL

Norton Internet Security 8.0.0.64 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 134217728
version (major): 8
estimated size: 13455
install date: 20060912
install source: C:\DOCUME~1\Drew\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

Cool & Quiet ({1ADE1AA0-7F82-4BB1-B1BD-727DE438057B})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9

le Parrain® LE JEU VIDEO ({1D2CF076-A63F-41A5-00A1-5924FADFAD9D})
uninstall cmd: C:\Program Files\Electronic Arts\le Parrain® LE JEU VIDEO\EAUninstall.exe

NVIDIA ForceWare Network Access Manager 2.03.467 ({1F6423DE-7959-4178-80E0-023C7EAA5347})
version: 33751507
version (major): 2
version (minor): 3
estimated size: 38356
install date: 20060912
install source: C:\WINDOWS\Downloaded Installations\{9DF687E7-381C-4882-A05F-4ADF1DD53394}\
publisher: NVIDIA Corporation
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

SymNet 5.4.2.17 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 84148226
version (major): 5
version (minor): 4
estimated size: 2714
install date: 20060912
install source: C:\DOCUME~1\Drew\LOCALS~1\Temp\NORTON~1\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation

J2SE Runtime Environment 5.0 Update 7 1.5.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0150070})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 156545
install date: 20060912
install source: C:\applications\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.5.0_07\README.txt

WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 764
install date: 20060912
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/

Norton AntiSpam 2005.1.0.163 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2005
version (minor): 1
estimated size: 929
install date: 20060912
install source: C:\DOCUME~1\Drew\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation

Visionneuse Journal Windows Microsoft 1.5.2316.0 ({43DCF766-6838-4F9A-8C91-D92DA586DFA8})
version: 17107212
version (major): 1
version (minor): 5
estimated size: 3864
install date: 20060912
install source: C:\applications\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
publisher: Microsoft
comments: Visionneuse de documents créés avec l'application Journal Windows.
contact: Microsoft

Norton Internet Security 8.0.0.64 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 134217728
version (major): 8
estimated size: 709
install date: 20060912
install source: C:\DOCUME~1\Drew\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation

Norton Internet Security 8.0.0.64 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 134217728
version (major): 8
estimated size: 1304
install date: 20060912
install source: C:\DOCUME~1\Drew\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

Photorécit 3 pour Windows 3.0.1115.15 ({4F41AD68-89F2-4262-A32C-2F70B01FCE9E})
version: 50332763
version (major): 3
estimated size: 16369
install date: 20060912
install source: C:\applications\
uninstall cmd: MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
publisher: Microsoft Corporation
contact: support@microsoft.com
help link: https://support.microsoft.com/en-us
help telephone: +1-425-882-8080

Norton Internet Security 8.0.0.64 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 134217728
version (major): 8
estimated size: 1081
install date: 20060912
install source: C:\DOCUME~1\Drew\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation

Madrics Superbox Pro and Superbox3 2005.11.23 ({55EEC3B1-3F34-4E59-8D42-E2C6A51B1D5E})
install location: C:\Program Files\VID_0E8F&PID_3013\Masspread\Madrics Superbox Pro and Superbox3
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55EEC3B1-3F34-4E59-8D42-E2C6A51B1D5E}\setup.exe" -l0x9

Norton AntiSpam 2005.1.0.163 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2005
version (minor): 1
estimated size: 10139
0
Réponse 7 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
11 oct. 2006 à 18:05
Salut

Spybot semble clean.

Lance ce scan en ligne:
http://www.bitdefender.fr/scan8/ie.html
Copie/colle le rapport

A+
0
Réponse 8 / 21
Wally
11 oct. 2006 à 20:01
Salut,
J'essaye de le lancer le scan, j'accepte la licence, mais au bout de quelques secondes, ça me mets ça:

Impossible de charger le scanner online!
Le Service Pack 2 a été détecté sur cet ordinateur.
Cliquez sur la barre d'information et sélectionnez "Installer le contrôle ActiveX...".

J'ai cherché un peu ce que je pouvais faire, mais j'ai pas trouvé. La barre d'info je sais pas ce que c'est, Active X non plus. Désolé chuis carrément novice.
A +
0
Réponse 9 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 oct. 2006 à 12:23
Salut

La barre se trouve juste en dessou des menus, clik dessu et accepte l active x.
Si tu n y arrives pas, n hesites pas a nous en faire part.

A+
0
Réponse 10 / 21
Wally
12 oct. 2006 à 20:31
Salut,
Désolé j'avais pas vu, pourtant elle est dure à louper.
Voici, le rapport:
BitDefender Online Scanner



Rapport d'analyse généré à: Thu, Oct 12, 2006 - 20:21:16





Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;







Statistiques

Temps
01:10:57

Fichiers
289617

Directoires
4030

Secteurs de boot
3

Archives
1463

Paquets programmes
28741




Résultats

Virus identifiés
1

Fichiers infectés
1

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
1




Info sur les moteurs

Définition virus
475844

Version des moteurs
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Analyse des plugins
13

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\Documents and Settings\Drew\Mes documents\Jeux\Le Maillon Faible Jeux Pc Fr.rar=>Le_maillon_Faible.img=>Setup/max/audio/LetsPlay_1min50.wav
Nettoyé

C:\Documents and Settings\Drew\Mes documents\Jeux\Mini Jeux - Solitaire, Motus, Mastermind, Cartes, Casse Tete, Puissance 4, Etc.ace=>Mini Jeux\gun.exe
Infecté par: Joke.Winshoot.A

C:\Documents and Settings\Drew\Mes documents\Jeux\Mini Jeux - Solitaire, Motus, Mastermind, Cartes, Casse Tete, Puissance 4, Etc.ace=>Mini Jeux\gun.exe
Echec de la désinfection

C:\Documents and Settings\Drew\Mes documents\Jeux\Mini Jeux - Solitaire, Motus, Mastermind, Cartes, Casse Tete, Puissance 4, Etc.ace=>Mini Jeux\gun.exe
Supprimé

C:\Documents and Settings\Drew\Mes documents\Jeux\Mini Jeux - Solitaire, Motus, Mastermind, Cartes, Casse Tete, Puissance 4, Etc.ace
Echec de la mise à jour

Merci
A+
0
Réponse 11 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 oct. 2006 à 21:42
salut

Va dans demarer < executer
tape msconfig
va dans l onglet demarrage et dis moi ce qu il y a stp

merci

a+
0
Réponse 12 / 21
Wally
13 oct. 2006 à 01:48
Salut,
Voilà ce qu'il y a:
[URL=https://imageshack.com/][IMG]http://img175.imageshack.us/img175/496/excuterzu1.png[/IMG][/URL]

A+
0
Réponse 13 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
13 oct. 2006 à 16:13
salut

ou en sont tes soucis?

a+
0
Réponse 14 / 21
Wally
15 oct. 2006 à 20:49
Salut,
En fait j'ai toujours des problèmes avec le curseur, ça fait des doubles clics de temps en temps alors que je clique qu'une fois. J'ai essayer avec une autre souris et c'est la même...?
Si t'as des idées?
En tout cas merci de m'avoir aider à nettoyer un peu mon PC.
A+
0
Réponse 15 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
17 oct. 2006 à 13:08
Salut

Est ce que tu as configuré le double clik sur plus sensible ou tu ne sais pas?

A+
0
Réponse 16 / 21
Wally
17 oct. 2006 à 13:21
Salut,
Si si, j'ai essayé de changer la sensibilité dans le panneau de configuration, mais ça le fait quand même.
C'est pour ça que je croyais que c'était System Doctor, mais comme chuis pas expert non plus.

A+
0
Réponse 17 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
18 oct. 2006 à 10:43
SALUT

Meme avec une autre souris, le probleme est identique?

a+
0
Réponse 18 / 21
Wally
18 oct. 2006 à 13:01
Salut,
Ben j'ai déjà essayé une fois, mais je vais réessayer pour voir.
A+
0
Réponse 19 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
18 oct. 2006 à 18:52
ok tiens moi au courant

Souris avec ou sans fil?

a+
0
Réponse 20 / 21
Wally
1 nov. 2006 à 12:36
Alors, je viens d'acheter une nouvelle souris et ça marche très bien, t'avais raison: mon ancienne était nase.
En tout cas merci de ton aide pour avoir nettoyer mon PC, c'est sympa de ta part.
Ciao
0

Discussions similaires

comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
Supprimer un fichier ouvert dans systeme.
kakashiles -
yly -

12 réponses