Sujet Précédent Sujet Suivant

Help infecter par drive cleaner system doctor

Résolu/Fermé
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007 - 10 mars 2007 à 15:09
zanolau Messages postés 32 Date d'inscription vendredi 27 janvier 2006 Statut Membre Dernière intervention 24 septembre 2007 - 24 sept. 2007 à 10:26
Bonjour à tous! je suis nouveau sur le forum & j'aurai besoin d'une âme charitable pour m'aider car je suis très ennuyer par des fenêtres : system doctor, spywere secuser drive cleaner qui infecte mon utilisation en ouvrant des fenêtres & j'ai passer plusieurs scans dont "spybot" ou "ad aware" "easy cleaner" & même AVG anti spyware mais rien n'y fait!!!
MERCI d'avance pour celui ou celle qui me filera les tuyaux!!
voici mon rapport Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 14:44:55, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raphaël\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/hlidAsstWordFromClientWithLogging/1036/EC01022712/2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by124fd.bay124.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/OvidieNue.exe
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58C307C3-45CF-4129-98D8-5A440BFD3C29}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
zanolau Messages postés 32 Date d'inscription vendredi 27 janvier 2006 Statut Membre Dernière intervention 24 septembre 2007 1
24 sept. 2007 à 10:26
bonjour,
ben voilà, c'est fait, je me suis fait avoir par ce sale virus, sysème doctor(entre autres). J'ai vu que tu as aidé une personne et je me demande si tu as 5 minutes pour faire de même avec mon souci? Ci-après le rapport de spybot:
(warning:je ne suis pas très douée en informatique!)
un grand merci d'avance.
nat
--- Search result list ---
eXact Advertising.BargainsBuddy: Code storage database (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650}

Tradedoubler: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


CoreMetrics: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


DoubleClick: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


ReliableStats: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


ErrorSafe: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


Zedo: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


MediaPlex: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


ErrorSafe: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


BurstMedia: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


BurstMedia: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


Winsoftware: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


TagASaurus: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


BlueStreak: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


FastClick: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


SystemDoctor2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


SystemDoctor2006: Cookie traceur (Internet Explorer: paul) (Cookie, nothing done)


Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)


Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)


Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)


Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done)


BurstMedia: Cookie traceur (Firefox: default) (Cookie, nothing done)


CasaleMedia: Cookie traceur (Firefox: default) (Cookie, nothing done)


DoubleClick: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


MediaPlex: Cookie traceur (Firefox: default) (Cookie, nothing done)


Win32.Small.ddx: Cookie traceur (Firefox: default) (Cookie, nothing done)


SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)


SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)


Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)


Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)


Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)


Tradedoubler: Cookie traceur (Firefox: default) (Cookie, nothing done)


Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)


Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)


Zedo: Cookie traceur (Firefox: default) (Cookie, nothing done)


CoreMetrics: Cookie traceur (Firefox: default) (Cookie, nothing done)


SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)


SystemDoctor2006: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


Winsoftware: Cookie traceur (Firefox: default) (Cookie, nothing done)


ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)


ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)


ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)


ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)


ReliableStats: Cookie traceur (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows 2003 (Build: 3790) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)


--- Startup entries list ---
Located: HK_LM:Run, hid_start
command: C:\WINDOWS\SysWow64\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
file: C:\WINDOWS\SysWow64\Rundll32.exe
size: 34816
MD5: 75139c5e6b968e39a5a35e7003fa7049

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 257088
MD5: b0e9efadf04e9e25c0001b48757f3e71

Located: HK_LM:Run, Picasa Media Detector
command: "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
file: C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
size: 366400
MD5: 72b2cad5f56b875ca8b75b39412ada20

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\qttask.exe
size: 282624
MD5: 30e1f03dcc8825988528d9058312ede2

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1681920
MD5: 4c2f0cbcb62f7c601c350e9b3228eb22

Located: HK_CU:Run, NBJ
command: "C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
file: C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe
size: 1957888
MD5: 9cab916797d8d39f78b8800c2a23add6

Located: Démarrage (tous utilisateurs), Démarrage d'Office.lnk
command: C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
file: C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d

Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk
command: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Démarrage (tous utilisateurs), Microsoft Recherche accélérée.lnk
command: C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
file: C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: 7fb98f00d51601071d2f490b82e3cfa2

Located: Démarrage (utilisateur), LimeWire On Startup.lnk
command: C:\Program Files (x86)\LimeWire\LimeWire.exe
file: C:\Program Files (x86)\LimeWire\LimeWire.exe
size: 147456
MD5: 365418b2fefca481c6ce388da076eac2

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, dimsntfy
command: dimsntfy.dll
file: dimsntfy.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll



--- Browser helper object list ---
{36A91CEC-6C71-4758-B492-397BFC8E96A2} (rightonadz.biz browser optimizer)
BHO name:
CLSID name: rightonadz.biz browser optimizer
Path: C:\WINDOWS\SysWow64\
Long name: gzmrotate.dll
Short name: GZMROT~2.DLL
Date (created): 12/09/2007 12:46:22
Date (last access): 24/09/2007 10:01:44
Date (last write): 12/09/2007 12:46:22
Filesize: 62464
Attributes: archive
MD5: 1A10CC10BC97FB3D8D19F5E7236C851E
CRC32: 51C14F71
Version: 1.0.6.2

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Fichiers communs\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 31/08/2006 20:33:06
Date (last access): 24/09/2007 08:25:16
Date (last write): 31/08/2006 20:33:06
Filesize: 322368
Attributes: archive
MD5: E43F7CFDEE2B00A22C96C168147B20D3
CRC32: 2AEACC43
Version: 4.100.313.1

{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program Files (x86)\MSN Apps\ST\01.03.0000.1005\en-xu\
Long name: stmain.dll
Short name:
Date (created): 06/01/2006 19:16:42
Date (last access): 24/09/2007 10:03:20
Date (last write): 13/08/2004 18:42:00
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 1.2.3000.1001

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
BHO name:
CLSID name: MSNToolBandBHO
Path: C:\Program Files (x86)\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\
Long name: msntb.dll
Short name:
Date (created): 10/02/2006 15:46:56
Date (last access): 24/09/2007 08:25:38
Date (last write): 17/01/2006 17:04:16
Filesize: 282624
Attributes: archive
MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
CRC32: 1DF31317
Version: 1.2.5000.1021

{F31B3634-12AA-41ca-B021-0685C3B3E4CA} (adssite)
BHO name:
CLSID name: adssite
Path: C:\WINDOWS\SysWow64\
Long name: nsq23D2.dll
Short name:
Date (created): 13/09/2007 16:55:18
Date (last access): 24/09/2007 09:45:22
Date (last write): 13/09/2007 16:55:18
Filesize: 139264
Attributes: archive
MD5: 683B4AC8C210D60FC7716B4D5F08AC63
CRC32: 0D55C007
Version: 3.4.0.0



--- ActiveX list ---
{0878B424-1F95-4E26-B5AB-F0D349D89650} ()
DPF name:
CLSID name:
Installer:
Codebase: http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 1564 ( 600) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 59008
MD5: DC995DA2D258C0590C3AE07EC68BFEE6
PID: 1636 ( 600) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 132736
MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
PID: 1980 (1364) C:\Program Files\Messenger\msmsgs.exe
size: 1681920
MD5: 4C2F0CBCB62F7C601C350E9B3228EB22
PID: 280 (1364) C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: D06276D4CAD46CDCEABEFDEB1A0D3C0D
PID: 296 (1364) C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: 7FB98F00D51601071D2F490B82E3CFA2
PID: 316 (1364) C:\Program Files (x86)\LimeWire\LimeWire.exe
size: 147456
MD5: 365418B2FEFCA481C6CE388DA076EAC2
PID: 408 ( 252) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
size: 366400
MD5: 72B2CAD5F56B875CA8B75B39412ADA20
PID: 416 ( 252) C:\Program Files (x86)\QuickTime\qttask.exe
size: 282624
MD5: 30E1F03DCC8825988528D9058312EDE2
PID: 440 ( 252) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 257088
MD5: B0E9EFADF04E9E25C0001B48757F3E71
PID: 480 ( 252) C:\WINDOWS\SysWow64\Rundll32.exe
size: 34816
MD5: 75139C5E6B968E39A5A35E7003FA7049
PID: 2076 ( 796) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 94208
MD5: DACFC2F360CE06B5FF89CE8CA3D7E346
PID: 2144 ( 600) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 255616
MD5: AA6691D73782FA5D94E0CED6D27C3DE8
PID: 2208 ( 600) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 370304
MD5: D6B2638DDBFB34AC78B153CDD0792C37
PID: 2228 ( 600) C:\Program Files (x86)\iPod\bin\iPodService.exe
size: 500800
MD5: 661194608009B558DE1925C7EBE1A4BA
PID: 2748 ( 796) C:\Program Files (x86)\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 115024
MD5: 44CDED85B91EEF32E9CBCA348371F6BB
PID: 1048 (2076) C:\Program Files (x86)\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
size: 86016
MD5: E377C992DFBB5837826EA311E436C66D
PID: 2004 (2076) C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 71288
MD5: 6C37AD8C2212D3DDC456BB48A3AA398E
PID: 1120 (1364) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1596 (1364) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 7604331
MD5: CB49C8AE9B44535D2B6FCDE74C589AC9
PID: 4 ( 0) System
PID: 256 ( 4) smss.exe
PID: 304 ( 256) csrss.exe
PID: 552 ( 256) winlogon.exe
PID: 600 ( 552) services.exe
PID: 612 ( 552) lsass.exe
PID: 796 ( 600) svchost.exe
PID: 888 ( 600) svchost.exe
PID: 928 ( 600) svchost.exe
PID: 1000 ( 600) svchost.exe
PID: 1032 ( 600) svchost.exe
PID: 1152 ( 600) spoolsv.exe
PID: 1364 (1328) explorer.exe
PID: 1680 ( 600) svchost.exe
PID: 1800 ( 600) svchost.exe
PID: 2392 ( 796) wmiprvse.exe
PID: 2672 ( 600) alg.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 24/09/2007 10:17:08

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.google.com/search?q=http+google&gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(AddressBook)

Adssite Browser Optimizer 3.4.0.0 (adssite)
uninstall cmd: C:\WINDOWS\system32\adssite-remove.exe

Adssite Games Collection (AdssiteGames)
uninstall cmd: C:\Program Files (x86)\Adssite Games Collection\uninstall.exe

Adssite Advanced Toolbar 1.0.1.2 (AdssiteToolBar)
uninstall cmd: C:\Program Files (x86)\Adssite Advanced Toolbar\uninstall.exe

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: https://www.avast.com/fr-fr/index

(Branding)

DFX for Winamp 7 (DFX for Winamp)
uninstall cmd: "C:\Program Files (x86)\Winamp\uninstall_dfx.exe"
publisher: Power Technology

(DirectDrawEx)

(DXM_Runtime)

EPSON Scan (EPSON Scanner)
uninstall cmd: C:\Program Files (x86)\epson\escndv\setup\setup.exe /r

(Fontcore)

Haali Media Splitter (HaaliMkx)
uninstall cmd: "C:\Program Files (x86)\Matroska Pack\haali\uninstall.exe"

HijackThis 2.0.0 2.0.0 (HijackThis)
uninstall cmd: "C:\Documents and Settings\paul\Desktop\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Security Update for Windows XP (KB923789) (KB923789)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/923789/ms06-069-vulnerabilities-in-macromedia-flash-player-from-adobe-could-a

LimeWire 4.14.8 4.14.8 (LimeWire)
uninstall cmd: "C:\Program Files (x86)\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: https://helpx.adobe.com/shockwave.html

Matroska Pack (Matroska Pack)
uninstall cmd: C:\Program Files (x86)\Matroska Pack\uninstall.exe

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(MobileOptionPack)

Mozilla Firefox (2.0) 2.0 (fr) (Mozilla Firefox (2.0))
install location: C:\Program Files (x86)\Mozilla Firefox
uninstall cmd: C:\Program Files (x86)\Mozilla Firefox\uninstall\uninst.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Firefox (2.0.0.7) 2.0.0.7 (fr) (Mozilla Firefox (2.0.0.7))
install location: C:\PROGRA~2\Mozilla Firefox
uninstall cmd: C:\PROGRA~2\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Thunderbird (1.0) 1.0 (fr) (Mozilla Thunderbird (1.0))
install location: C:\Program Files (x86)\Mozilla Thunderbird
uninstall cmd: C:\WINDOWS\UninstallThunderbird.exe /ua "1.0 (fr)"
publisher: Mozilla

(MPlayer2)

Barre d'outils MSN (MSN Toolbar)
uninstall cmd: C:\Program Files (x86)\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files (x86)\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Microsoft Office 97 Standard (Office8.0)
uninstall cmd: C:\Program Files (x86)\Microsoft Office\Office\Install\Acme.exe /w Off97Std.stf

(OutlookExpress)

PhotoFiltre (PhotoFiltre)
uninstall cmd: "C:\Documents and Settings\paul\My Documents\photofiltre\Uninst.exe"

Picasa 2 2.0 (Picasa2)
uninstall cmd: "C:\Program Files (x86)\Picasa2\Uninstall.exe"
publisher: Google, Inc.
help link: http://picasa.google.com/

PowerCheck 4.2.3 Ver 4.2.3 (PowerCheck_is1)
uninstall cmd: "C:\Program Files (x86)\PowerCheck\unins000.exe"

Rightonadz Browser Optimizer 1.0.6.2 (rightonadz)
uninstall cmd: C:\WINDOWS\system32\gzmrot-uninst.exe

(SchedulingAgent)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
publisher: Adobe Systems
help link: https://helpx.adobe.com/flash-player.html

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files (x86)\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Subdo Viewer 1.71 (Subdo Viewer)
uninstall cmd: C:\Program Files (x86)\Subdo\Subdo Viewer\uninst.exe
publisher: Virtual Business Solutions & Systems

File Scavenger 3.1 3.1 (V3.1_is1)
install location: C:\Temp\File Scavenger 3.1\
uninstall cmd: "C:\Temp\File Scavenger 3.1\unins000.exe"
publisher: QueTek™ Consulting Corporation

VideoLAN VLC media player 0.8.2 0.8.2 (VLC media player)
uninstall cmd: C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files (x86)\Winamp\UninstWA.exe"

The GIMP 2.0.5 (WinGimp-2.0_is1)
install location: C:\Program Files (x86)\GIMP-2.0\
uninstall cmd: "C:\Program Files (x86)\GIMP-2.0\unins000.exe"
publisher: <Gimp for Windows homepage>
help link: https://groups.yahoo.com/neo/groups/gimpwin-users/info

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files (x86)\WinRAR\uninstall.exe

3.0.20070525 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20070525
version (major): 3

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20060118
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files (x86)\Java\jre1.5.0_06\README.txt

Google Earth 4.0.2744 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 67111608
install date: 20070515
install location: C:\Program Files (x86)\Google\Google Earth
install source: C:\Documents and Settings\paul\Desktop\GoogleEarthWin_EARE.exe
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
publisher: Google

Petit Larousse 2003 ({495D3648-1D6B-4B71-B174-6A2452FFF8CD})
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{495D3648-1D6B-4B71-B174-6A2452FFF8CD}\setup.exe" -l0x40c

Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
version: 73662777
version (major): 4
version (minor): 100
estimated size: 1220
install date: 20070816
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
publisher: Microsoft Corporation

QuickTime 7.1.5.120 ({5E863175-E85D-44A6-8968-82507D34AE7F})
version: 117506053
version (major): 7
version (minor): 1
estimated size: 69655
install date: 20070421
install location: C:\Program Files (x86)\QuickTime\
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP547.TMP\
uninstall cmd: MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
publisher: Apple Computer, Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: (33) 0825 888 024

Pro Evolution Soccer 5 1.00.0000 ({85C3FA3C-4832-4204-B21E-168E4920936A})
version: 16777216
version (major): 1
estimated size: 1099080
install date: 20060404
install location: C:\appsProgram Files (x86)\KONAMI\Pro Evolution Soccer 5\
install source: D:\
publisher: KONAMI

PC Applications v4.0 1.00.0000 ({95D23536-4111-463C-88F7-77BBBBBF109A})
version: 16777216
install location: C:\Program Files (x86)\VK Mobile\PC Applications v4.0
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{95D23536-4111-463C-88F7-77BBBBBF109A}\setup.exe" -l0x40c

iTunes 7.1.1.5 ({AB90749C-7422-4580-8A7A-66CC5E9E5F98})
version: 117506049
version (major): 7
version (minor): 1
estimated size: 51658
install date: 20070421
install location: C:\Program Files (x86)\iTunes\
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP547.TMP\
uninstall cmd: MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: +33 (0) 825 888 024

Adobe Reader 7.0.9 - Français 7.0.9 ({AC76BA86-7AD7-1036-7B44-A70900000002})
version: 117440521
version (major): 7
estimated size: 78484
install date: 20070119
install source: C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: https://helpx.adobe.com/support.html
help telephone:
readme: C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\Readme.htm

Apple Software Update 2.0.2.92 ({B74F042E-E1B9-4A5B-8D46-387BB172F0A4})
version: 33554434
version (major): 2
estimated size: 2204
install date: 20070919
install location: C:\Program Files (x86)\Apple Software Update\
install source: C:\Program Files (x86)\Apple Software Update\Packages\
uninstall cmd: MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: 0825 888 024

Sony ACID Pro 5.0c 5.0.345 ({C263C8DC-FFBC-4358-A62F-BDBCD58AE64A})
version: 83886425
version (major): 5
estimated size: 76383
install date: 20060326
install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\
uninstall cmd: MsiExec.exe /X{C263C8DC-FFBC-4358-A62F-BDBCD58AE64A}
publisher: Sony
help link: https://www.sonycreativesoftware.com/support

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 75259
install date: 20070712
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Sony Media Manager 2.0 2.0.55 ({D60D2B02-125F-4DDB-9674-41DD538C457A})
version: 33554487
version (major): 2
estimated size: 6831
install date: 20060326
install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\mediamgr\
uninstall cmd: MsiExec.exe /X{D60D2B02-125F-4DDB-9674-41DD538C457A}
publisher: Sony
help link: https://www.sonycreativesoftware.com/support

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) 8.00.761 ({E09B48B5-E141-427A-AB0C-D3605127224A})
version: 134218489
version (major): 8
estimated size: 70731
install date: 20060326
install source: C:\Program Files (x86)\Sony Setup\ACID Pro 5.0\mediamgr\msde\Setup\
uninstall cmd: MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
publisher: Microsoft Corporation

Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files (x86)\Adobe\Photoshop CS
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\Rar$EX06.359\
uninstall cmd: RunDll32 C:\PROGRA~2\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
publisher: Adobe Systems, Inc.

Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 31939
install date: 20070816
install source: C:\DOCUME~1\paul\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
publisher: Microsoft Corporation

Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Aavmker4
Display name: avast! Asynchronous Virus Monitor
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): Adobe LM Service
Display name: Adobe LM Service
Description: Adobe LM Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 68096
Image MD5: D01DD9E6A7DFE540181147A38B13F43A
Start: 3
Type: 16
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): AeLookupSvc
Display name: Application Experience Lookup Service
Description: Process application compatibility lookup requests for applications as they are launched.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Realtek AC97 Audio (WDM)
Image path: system32\drivers\ALCWDM64.SYS
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 45056
Image MD5: FD79AFA46B60D32557CB62F6050C2B69
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Display name: AMD K8 Processor Driver
Image path: system32\DRIVERS\amdk8.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Processes installation, removal, and enumeration requests for Active Directory IntelliMirror group policy programs. If the service is disabled, users will be unable to install, remove, or enumerate any IntelliMirror programs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 3
Type: 32
Error Control: 1

Service (registry key): arc
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: E1A1206A4FB19B675E947B29CCD25FBA
Start: 3
Type: 16
Error Control: 1

Service (registry key): aswMon2
Display name: avast! Standard Shield Support
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Display name: aswRdr
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswTdi
Display name: avast! Network Shield Support
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswUpdSv
Display name: avast! iAVS4 Control Service
Description: Fournit la mise à jour automatique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Image size: 59008
Image MD5: DC995DA2D258C0590C3AE07EC68BFEE6
Start: 2
Type: 272
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): ati2mtag
Image path: system32\DRIVERS\ati2mtag.sys
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): avast! Antivirus
Display name: avast! Antivirus
Description: Gère et implémente les services de l'antivirus avast! pour cet ordinateur. Ceci inclut la protection résidente, la zone de quarantaine et le planificateur.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Image size: 132736
Image MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
Start: 2
Type: 272
Error Control: 1
Depends On services: aswMon2,RpcSS

Service (registry key): avast! Mail Scanner
Display name: avast! Mail Scanner
Description: Implémente l'analyse du courrier électronique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Image size: 255616
Image MD5: AA6691D73782FA5D94E0CED6D27C3DE8
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): avast! Web Scanner
Display name: avast! Web Scanner
Description: Implémente l'analyse du contenu web (HTTP) pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Image size: 370304
Image MD5: D6B2638DDBFB34AC78B153CDD0792C37
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Bdfndisf
Display name: BitDefender Firewall NDIS Filter Service
Image path: system32\DRIVERS\bdfndisf.sys
Image size: 44288
Image MD5: A3C7298A67D4924C329393F920CCEDC1
Start: 3
Type: 1
Error Control: 1

Service (registry key): bdftdif
Display name: bdftdif
Image path: \??\C:\Program Files (x86)\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss,EventSystem

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): CdaC15BA
Display name: CdaC15BA
Image path: system32\DRIVERS\CdaC15BA.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): CdaD10BA
Display name: CdaD10BA
Image path: system32\DRIVERS\CdaD10BA.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Service d'indexation
Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 6656
Image MD5: EBC34382D0B069AEBA6E9168A9826BAA
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 32256
Image MD5: E53196BA56081F154E2D7A9E50A1D33F
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: Application système COM+
Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model). Si ce service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. S'il est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5632
Image MD5: 5437813752863E1201E353FCAD8CAE37
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss,eventsystem

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): crcdisk
Display name: CRC Disk Filter Driver
Image path: system32\DRIVERS\crcdisk.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dfs
Start: 0
Type: 0
Error Control: 0

Service (registry key): Dhcp
Display name: DHCP Client
Description: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: system32\DRIVERS\dmio.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Collects, stores, and reports unexpected application crashes to Microsoft. If this service is stopped, then Error Reporting will occur only for kernel faults and some types of user mode faults. If this service is disabled, any services that explicitly depend on it will not start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k WinErr
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: Système d'événements de COM+
Description: Prend en charge le service de notification d'événements système (SENS, System Event Notification Service), qui fournit une distribution automatique d'événements aux composants COM (Component Object Model) abonnés. Si le service est arrêté, SENS sera fermé et ne pourra fournir des informations d'ouverture et de fermeture de session. Si ce service est désactivé, le démarrage de tout service qui en dépend explicitement échouera.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Start: 0
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 15664
Image MD5: 4AC51459805264AFFD5F6FDFB9D9235F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): gusvc
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 136120
Image MD5: C1B577B2169900F4CF7190C39F085794
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): helpsvc
Display name: Aide et support
Description: Permet à l'application Aide et support de fonctionner sur cet ordinateur. Si ce service est arrêté, la fonctionnalité Aide et support ne sera pas disponible. S'il est désactivé, tous les services dépendant explicitement de ce service ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14848
Image MD5: C09CCFE81DEC9B162533D7184D705682
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HidUsb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Start: 3
Type: 1
Error Control: 0

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Dri
1
Réponse 2 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
10 mars 2007 à 15:12
Bonjour,

Télécharge navilog

http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip

Une fois télécharger dezippe-le dans un dossier dédié ex:
C:\navilog1

Double clique sur navilog1.bat.

Suis les instruction.(il va ferifier des truc)
a un moment tu verra il te demandera de choisir une option.

Choisie l'option 1 !!!! et que l'option 1 !!!!
Il va chercher des fichier infecter sur ton PC soi patient.

A la fin le rapport fixnavi.txt s'ouvre copie/colle-le dans ton prochain message
0
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 15:31
Bonjour Darkiller merci pour ton secours! je commence les manip's
0
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 15:33
dezipper cet à dire?
0
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 15:37
dois je l'extraire ou l'éxécuter??
0
Réponse 3 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
Modifié le 24 sept. 2007 à 10:26
Re,

Dezipper veut dire "décompresser" tu peux le faire avec winrar disponible la : https://www.commentcamarche.net/telecharger/utilitaires/24097-winrar/

Et tu le télécharge ensuite tu fait clique droit sur navilog.zip et tu fait dezipper ou decompresser
ATTENTION TU DOIT DECOMPRESSER NAVILOG DANS 1 SEUL FICHIER

Bonne chance

Et tu post le rapport navi fix
0
Réponse 4 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
10 mars 2007 à 15:39
Extraire
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 15:49
J'ai telecharger winrar mais ensuite je comprends rien!
y'a pas plus simple comme utilisation?!
0
Réponse 6 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 15:54
bon j'ai extrait navilog mais ensuite je suis paumé!
0
Réponse 7 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 15:56
darkkiller ça y'est j'ai décompresser navilog!!! le rapport arrive!
0
Réponse 8 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
10 mars 2007 à 15:59
Re,

Ben voila tu y est arrivé ;)
Je n'ai pas pu te repondre car je m'occupais d'un autre post dsl
0
Réponse 9 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 16:03
Search Navipromo version 1.0.6 commencé le 10/03/2007 à 15:56:59,28

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Documents and Settings\Rapha‰l\Local Settings\Temporary Internet Files\Content.IE5\X131T7KQ\navilog1[1]
Mise a jour le 08.03.2007 a 14h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Rapha‰l\Application Data ***


...\Application Data\MessengerSkinner trouvé !

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

c:\WINDOWS\system32\bladyr.dat
C:\windows\system32\bladyr.exe
c:\WINDOWS\system32\bladyr_nav.dat
c:\WINDOWS\system32\bladyr_navps.dat

Processus caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\bladyr.exe


*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_USERS\S-1-5-21-3021557479-3178266611-2288706297-1005\Software\Lanconfig trouvé !


*** Module de recherche complémentaire ***
(recherche fichiers spécifiques)

1)Recherche nouveaux fichiers connus:

2)Recherche Heuristique :
*
C:\WINDOWS\system32\bladyr.dat
**
C:\WINDOWS\system32\bladyr.dat
***
****
C:\WINDOWS\system32\bladyr_navps.dat


*** Analyse Terminé le 10/03/2007 à 16:00:42,96 ***
0
Réponse 10 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
10 mars 2007 à 16:06
Re,

Tu clique sur navilog.bat

Et la choisis l'option (Cela veut dire qu'il va supprimer ce qu'il a trouvé)

Puis post le rapport de navilog avec un rapport hijackthis

Bonne chance
0
Réponse 11 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 16:11
peux tu m'expliquer en détails la manip' car j'ai pas "option" , si je re rouvre navilog je retombe sur la fenêtre noir!
0
Réponse 12 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
10 mars 2007 à 16:13
Re,


Double clique sur navilog1.bat.

Suis les instruction.(il va verifier des truc)
a un moment tu verra il te demandera de choisir une option.

Choisie l'option 2 !!!! et que l'option 2 !!!!
Il va supprimer des fichier infecter sur ton PC soi patient.

A la fin le rapport fixnavi.txt s'ouvre copie/colle-le dans ton prochain message

PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Cliques en haut à gauche sur fichiers et choisis "exécuter"
Tapes explorer et valides. Cela te fera apparaître ton bureau
0
Réponse 13 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 16:16
ok donc j'ai reéxécuter navilog j'ai la fenêtre noir je tape sur une touche 2 fois puis sur 2 là ça me demande de redémarrer en mode sans echec c'est normal?!
0
Réponse 14 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
10 mars 2007 à 16:19
Re,

Excuse moi je suis helpeur débutant donc j'oublie certaines chose.

Oui effectivement tu dois redemarrer en mode sans échec

Tiens un petit tuto pour redemarrer en mode sans échec :

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
0
Réponse 15 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 16:55
Clean Navipromo version 1.0.6 commencé le 10/03/2007 à 16:49:10,14

Fix lancé depuis C:\Documents and Settings\Rapha‰l\Mes documents
Mise a jour le 08.03.2007 a 14h00 by IL-MAFIOSO

Executé en mode sans echec

Mode suppression automatique avec prise en charge résultats Blacklight

*** Creation backups fichiers scan Blbeta ***

Copie vers "C:\Documents and Settings\Rapha‰l\Mes documents\Backupnavi"


*** Suppression des fichiers trouvés avec Blbeta ***

c:\WINDOWS\system32\bladyr.dat supprimé !
C:\windows\system32\bladyr.exe supprimé !
c:\WINDOWS\system32\bladyr_nav.dat supprimé !
c:\WINDOWS\system32\bladyr_navps.dat supprimé !

*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Rapha‰l\Application Data ***

...\Application Data\MessengerSkinner ...suppression...
...\Application Data\MessengerSkinner supprimé !



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Rapha‰l\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalisée avec succès !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***

1)Recherche/Suppressions nouveaux fichiers connus:

2)Recherche Heuristique (Fichiers à supprimer si nécéssaire):
*
**
***
****

*** Nettoyage termine le 10/03/2007 à 16:49:40,81 ***
0
Réponse 16 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 16:56
Voilà Darkkiller ensuite?
0
Réponse 17 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 16:58
Logfile of HijackThis v1.99.1
Scan saved at 16:58:11, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raphaël\Bureau\HijackThis.exe
0
Réponse 18 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 16:59
C'est le dernier rapport hijackthis!
0
Réponse 19 / 27
Darkkiller Messages postés 2330 Date d'inscription jeudi 8 mars 2007 Statut Contributeur Dernière intervention 26 juin 2009 67
10 mars 2007 à 17:04
Re,

Pour paufiner on va faier un scan en ligne BitDefender :

Lance ce scan en ligne:

http://www.bitdefender.fr/scan8/ie.html

Copie/colle le rapport

Aide en image :

http://pageperso.aol.fr/rginformatique/mapage/defender.htm
0
Réponse 20 / 27
raph' Messages postés 19 Date d'inscription samedi 10 mars 2007 Statut Membre Dernière intervention 10 mars 2007
10 mars 2007 à 17:09
Le truc l'ami c'est que je passe par mozilla...& là ça veut me faire télécharger la dernière version explorer :-(
0

Discussions similaires

comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Volume musique de fond Netflix trop fort
Mimi_1611 -
Meg -

17 réponses