Sujet Précédent Sujet Suivant

Systeme infecté

Résolu/Fermé
Julien - 30 nov. 2007 à 17:31
 Lyonnais92 - 13 déc. 2007 à 21:26
Bonjour,
Je pense que mon PC est infecté par un ou plusieur virus. je mets un scan de hijackthis pour celui qui peut m'aider

Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:18, on 30/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Documents and Settings\maison\1.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\cj1.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\cj2.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\cj6.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\cj9.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\cj8.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\teste3_p.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\teste2_p.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\teste4_p.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\maison\LOCALS~1\Temp\avto.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

74 réponses

Précédent
Réponse 21 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
2 déc. 2007 à 20:38
ok

pour ca:

C:\RECYCLER


vide tout smplement ta pourbeille (corbeille)
0
Réponse 22 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 20:51
re, ok pour recycler c'est ok merci.

Sinon pour le mode ss echec et spybot le rapport est le suivant


--- Search result list ---
RealDownloadExpress: [SBI $1EDE24BC] Root class (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RealDownloadExpress.IE

RealDownloadExpress: [SBI $1EDE24BC] Root class (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RealDownloadExpress.IE.1

RealDownloadExpress: [SBI $1EDE24BC] Class ID (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56336BCB-3D8A-11d6-A00B-0050DA18DE71}

RealDownloadExpress: [SBI $3BB925FD] Class ID (Clé du registre, fixed)
HKEY_CLASSES_ROOT\TypeLib\{FDF5CDE5-17A6-40B3-A544-A8527AE8B243}

UtileProtection: [SBI $7162C2E7] Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair

Vario.AntiVirus: [SBI $6DD17C26] Dossier Programme (Répertoire, fixed)
c:\UGA6PV\

Vario.AntiVirus: [SBI $FD1D24F8] Réglages utilisateur (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-2025429265-1417001333-725345543-1003\Software\VirusGarde

Vario.AntiVirus: [SBI $AAAFC4B0] Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\VirusGarde

Vario.AntiVirus: [SBI $28842A62] Dossier Programme (Répertoire, fixed)
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VirusGarde\

Vario.AntiVirus: [SBI $68FB8D46] Lien (Fichier, fixed)
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\virusgarde\VirusGarde.lnk

EverestPoker: [SBI $03A31629] Réglages (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-2025429265-1417001333-725345543-1003\Software\Grand Virtual

EverestPoker: [SBI $34F4B617] Réglages désinstallation (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker

EverestPoker: [SBI $EB906E36] Dossier Programme (Répertoire, fixed)
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker\

EverestPoker: [SBI $C42AAFB3] Réglages utilisateur (Valeur du registre, fixed)
HKEY_USERS\S-1-5-21-2025429265-1417001333-725345543-1003\Software\Grand Virtual\XD3C

Microsoft.Windows.Explorer: [SBI $E3838056] Réglages utilisateur (Modification du registre, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

Microsoft.Windows.Explorer: [SBI $E3838056] Réglages utilisateur (Modification du registre, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: [SBI $5509538C] Réglages (Modification du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Réglages (Modification du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Alexa Related: [SBI $9263101F] Lien (Remplacer le fichier, fixed)
C:\WINDOWS\Web\related.htm

Win32.Banker.aipy.rtk: [SBI $1C9E9F4A] Bibliothèque (Fichier, fixed)
C:\WINDOWS\system32\iebudata.dll

Win32.Banker.aipy.rtk: [SBI $7B5B3ACC] Bibliothèque (Fichier, fixed)
C:\WINDOWS\system32\ierql.dll

Win32.Banker.aipy.rtk: [SBI $D875AB6E] Bibliothèque (Fichier, fixed)
C:\WINDOWS\system32\qshl.dll

Win32.Murlo.ff.rtk: [SBI $67E0FCFD] Réglages (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UID

DoubleClick: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


SexTracker: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


Statcounter: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


Zedo: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


WebTrends live: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


MediaPlex: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


MediaPlex: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


BlueStreak: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


TagASaurus: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


Tradedoubler: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


SexTracker: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-02 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-11-28 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-28 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-28 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-28 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-28 Includes\PUPSC.sbi (*)
2007-11-28 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-28 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-28 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-28 Includes\Trojans.sbi (*)
2007-11-28 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 1 (5.1.2600)
/ Windows XP / SP2: Correctif Windows XP - KB842773
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: 8CF58586AE4577ED71FFE8883A6D4B3B

Located: HK_LM:Run, EasyTuneV
command: C:\Program Files\Gigabyte\ET5\GUI.exe
file: C:\Program Files\Gigabyte\ET5\GUI.exe
size: 200704
MD5: 9565F8CA2D91EBD35DFE2979764C21C7

Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAShCut.exe
file: C:\WINDOWS\system32\HDAShCut.exe
size: 61952
MD5: 9C3B2302B60FB0EFB13BC880A5E3E93E

Located: HK_LM:Run, M1000Mnt
command: M1000Rmv.exe /StartStillMnt
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 14679552
MD5: 8658493317CD85B5C655557061D08B53

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
size: 185632
MD5: 28525D80EA1D33CF60B8AC318A5F1C82

Located: HK_LM:Run, UpdateWin
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_LM:Run, WOOTASKBARICON
command: C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
file: C:\PROGRA~1\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9

Located: HK_LM:Run, WOOWATCH
command: C:\PROGRA~1\Wanadoo\Watch.exe
file: C:\PROGRA~1\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 7462B3864DA32E6B3D1EF0524E663A23

Located: HK_LM:RunServices, UpdateWin
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5674352
MD5: A7EFC7EA7EF6FB022A8A95813EDCBE5D

Located: HK_CU:Run, Shareaza
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: "C:\Program Files\Shareaza\Shareaza.exe" -tray
file: C:\Program Files\Shareaza\Shareaza.exe
size: 4354048
MD5: 58DA6D8B55FEDFF760FA3980BDBDDB7E

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, swg
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, UpdateWin
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_CU:Run, WOOKIT
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
file: C:\PROGRA~1\Wanadoo\Shell.exe
size: 122880
MD5: 2BD5E1E68614DBC6B320597856ED6EA7

Located: HK_CU:RunServices, UpdateWin
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 394856
MD5: 6D23B8CB307E455428A778535BE6E6D9

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{91AD9DC2-523A-47E2-A598-6C277F16CC50} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: c:\windows\system32\
Long name: aadcaad.dll
Short name:
Date (created): 16/10/2007 21:45:18
Date (last access): 02/12/2007 20:29:24
Date (last write): 16/10/2007 21:56:00
Filesize: 81408
Attributes: archive
MD5: F60656A17ADB3D4447479B2ADFC882C6
CRC32: 95F9647E



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\Director\
Long name: swdir.dll
Short name:
Date (created): 21/07/2007 11:49:48
Date (last access): 01/12/2007 11:16:48
Date (last write): 02/05/2007 11:32:04
Filesize: 182512
Attributes: archive
MD5: 95F03ABE4B96C50CF4DA8245819138E4
CRC32: 12E5BB80
Version: 10.2.0.22

{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ascstubie.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 21/08/2007 14:37:26
Date (last access): 02/12/2007 09:57:36
Date (last write): 21/08/2007 14:37:26
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7

{56336BCB-3D8A-11D6-A00B-0050DA18DE71} ()
DPF name:
CLSID name:
Installer:
Codebase: http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:

{8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class)
DPF name:
CLSID name: NanoInstaller Class
Installer: C:\WINDOWS\Downloaded Program Files\nanoinst.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Path: C:\WINDOWS\Downloaded Program Files\
Long name: NanoInst.dll
Short name:
Date (created): 11/09/2007 13:49:28
Date (last access): 02/12/2007 20:28:16
Date (last write): 11/09/2007 13:49:28
Filesize: 38280
Attributes: archive
MD5: 4BEEB9E3A93CF218602A7A9AE21EDCA7
CRC32: FD77ABF2
Version: 2.2.0.5

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 12/10/2007 16:57:42
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 03/06/2005 02:52:58
Date (last access): 12/10/2007 16:53:06
Date (last write): 03/06/2005 03:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 02/12/2007 20:44:52
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 02/12/2007 20:44:52
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash9c.ocx
Short name:
Date (created): 26/03/2007 17:34:38
Date (last access): 02/12/2007 19:22:24
Date (last write): 26/03/2007 17:34:38
Filesize: 2267368
Attributes: readonly archive
MD5: 82FCE4AC7EC2D077A8DD3C14EDEAD219
CRC32: 7167E898
Version: 9.0.45.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 148 ( 0) \SystemRoot\System32\smss.exe
size: 45568
PID: 200 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 4096
PID: 224 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 520704
PID: 268 ( 0) C:\WINDOWS\system32\services.exe
size: 101888
MD5: FC0691097471EE374907E1024EDCBD43
PID: 280 ( 0) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B7B1C150AFF59455DB4DF082815F88F5
PID: 440 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 472 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 484 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 748 ( 0) C:\WINDOWS\Explorer.EXE
size: 1008128
MD5: 82FE0D400CB1AC937234467B927B867A
PID: 872 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 02/12/2007 20:44:52

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
7-Zip 4.23 (7-Zip)
uninstall cmd: "C:\Program Files\7-Zip\Uninstall.exe"

@BIOS (@BIOS)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\BIOS\Uninst.isu"

(AddressBook)

Adobe Shockwave Player 10.2.0.22 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: https://helpx.adobe.com/shockwave.html

ATI Display Driver 8.152-050629m-024086C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\DOCUME~1\maison\LOCALS~1\TEMPOR~1\Content.IE5\0DERST6V
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: https://www.avast.com/fr-fr/index

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: https://www.avg.com/fr-fr/homepage

(Branding)

Composant Hmk (Composant Hmk)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Vidal\Communs\Hmk.isu"

(Connection Manager)

VIDAL CD (Dictionnaire Vidal)
uninstall cmd: C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\VIDAL\VIDAL CD\Uninst.isu" -c"C:\Program Files\VIDAL\VIDAL CD\Bin\UnInstVCD.dll"

(DirectAnimation)

(DirectDrawEx)

EasyTune5 (EasyTune5)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

(Fontcore)

Navigateur Orange (FranceTelecomUninstall_FTBrowser)
install location: C:\PROGRA~1\Wanadoo\WOOBrowser
uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl

Gestionnaire Internet (GestionnaireInternet.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\uninstall.exe

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Information Center (Information Center)
uninstall cmd: "C:\Program Files\Online Add-on\icun.exe"

(InstallShield Uninstall Information)

Correctif Windows XP - KB842773 20040805.140010 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/842773

(KB884016)

High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXP)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us

Correctif Windows XP - KB890859 1 (KB890859)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/890859

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

Mise à jour pour Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/898461/

Mise à jour de sécurité pour Windows XP (KB908519) 1 (KB908519)
install date: 20071130
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/908519

Mise à jour de sécurité pour Windows XP (KB914389) 1 (KB914389)
install date: 20071130
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/914389

Mise à jour de sécurité pour Windows XP (KB920683) 1 (KB920683)
install date: 20071130
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/920683

Malwarebytes' RogueRemover 1.22 (Malwarebytes' RogueRemover FREE_is1)
install date: 20071202
install location: C:\Program Files\RogueRemover FREE\
uninstall cmd: "C:\Program Files\RogueRemover FREE\unins000.exe"
publisher: Malwarebytes
help link: https://www.malwarebytes.com/

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.0.7) 1.0.7 (fr-FR) (Mozilla Firefox (1.0.7))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (fr-FR)"
publisher: Mozilla

Mozilla Thunderbird (1.0.6) 1.0.6 (fr) (Mozilla Thunderbird (1.0.6))
install location: C:\Program Files\Mozilla Thunderbird
uninstall cmd: C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.6 (fr)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

Panda NanoScan (NanoScan)
estimated size: 400
install location: C:\Program Files\Panda Security\NanoScan
uninstall cmd: C:\Program Files\Panda Security\NanoScan\nanounst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/mediacenter/?ref=mc_blogcav

Navilog1 3.3.0 (Navilog1_is1)
install date: 20071019
install location: C:\Program Files\Navilog1\
uninstall cmd: "C:\Program Files\Navilog1\unins000.exe"
publisher: @IL-MAFIOSO

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files\Fichiers communs\Ahead\Uninstall\Setup.exe /uninstall

NeroVision Express 2 (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

(NVEContent!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNVEContent.exe /UNINSTALL

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\System32\nvunrm.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
install location: C:\Program Files\Real\RealPlayer\realplay.exe
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
publisher: RealNetworks
comments: Diffusez, enregistrez et organisez votre musique et vos vidéos, gravez un CD ou emportez votre musique partout avec vous.
contact: RealNetworks

(SchedulingAgent)

Shareaza version 2.2.5.0 2.2.5.0 (Shareaza_is1)
install date: 20070401
install location: C:\Program Files\Shareaza\
uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support

(Shockwave)

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
publisher: Adobe Systems
help link: https://helpx.adobe.com/flash-player.html

Panda TotalScan 01.01.01.0002 (TotalScan)
estimated size: 4000
install location: C:\Program Files\Panda Security\TotalScan
uninstall cmd: C:\Program Files\Panda Security\TotalScan\ascuninst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

ZoneAlarm 7.0.362.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

livebox ({17342E3B-0818-4A6F-BFF8-99476605ADD6})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

J2SE Runtime Environment 5.0 Update 4 1.5.0.40 ({3248F0A8-6813-11D6-A77B-00B0D0150040})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 121289
install date: 20070330
install source: C:\Documents and Settings\maison\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.5.0_04\README.txt

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113938
install date: 20070721
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2652
install date: 20070329
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/

Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
version: 73662777
version (major): 4
version (minor): 100
estimated size: 1240
install date: 20070401
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
publisher: Microsoft Corporation

USB2.0 Web Camera ({56A648C2-D185-46A9-BBFF-78AE7A501000})
uninstall cmd: C:\WINDOWS\System\M1000Rmv.exe

Microsoft Works 08.04.0702 ({A059DE09-1B49-4450-B340-7AE097EC3F04})
version: 134480574
version (major): 8
version (minor): 4
estimated size: 296363
install date: 20070330
install location: INSTALLDIR
install source: D:\MSWORKS\
uninstall cmd: MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: https://support.microsoft.com/en-us
help telephone:

Microsoft Visual C++ 2005 Redistributable 8.0.50727.42 ({A49F249F-0C91-497F-86DF-B2585E8E76B7})
version: 134268455
version (major): 8
estimated size: 5192
install date: 20071006
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
publisher: Microsoft Corporation

Adobe Reader 7.0 - Français 7.0.0 ({AC76BA86-7AD7-1036-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 74744
install date: 20070330
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBIG\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: https://helpx.adobe.com/support.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071202
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: https://www.safer-networking.org/?page=support

Athlon 64 Processor Driver 1.2.2.2 ({C151CE54-E7EA-4804-854B-F515368B0798})
version: 16908290
install location: C:\Program Files\AMD\Athlon 64 Processor Driver
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c

WinZip 11.1 11.1.7466 ({CD95F661-A5C4-44F5-A6AA-ECDD91C240B5})
version: 184622378
version (major): 11
version (minor): 1
estimated size: 11558
install date: 20071202
install location: C:\Program Files\WinZip\
install source: C:\Documents and Settings\maison\Local Settings\Temporary Internet Files\Content.IE5\IZO7JS9C\
uninstall cmd: MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
publisher: WinZip Computing, S.L.
help link: https://www.winzip.com/win/fr/contact.html

GEAR 32bit Driver Installer 2.005.1 ({E89B484C-B913-49A0-959B-89E836001658})
version: 33882113
version (major): 2
version (minor): 5
estimated size: 124
install date: 20071006
install location: C:\Program Files\GEAR Software, Inc.\My Product Name\
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\_is5\
uninstall cmd: MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
publisher: GEAR Software, Inc.
contact: Technical Support
help link: http://gearsoftware.com/support/online-support.php
help telephone: +1 561-575-3247

Realtek High Definition Audio Driver 1.92 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 22806528
install date: 20070329
install location: C:\Program Files\Realtek\InstallShield\
install source: D:\audio\HD_Audio\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
publisher: Realtek Semiconductor Corp.

Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 32219
install date: 20070401
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
publisher: Microsoft Corporation



--- System Services ---
Service (registry key): Aavmker4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Asynchronous Virus Monitor
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: System32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de la passerelle de la couche Application
Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de processeur AMD
Image path: System32\DRIVERS\AmdK8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ARP 1394
Description: Protocole client ARP 1394
Image path: System32\DRIVERS\arp1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aswMon2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Standard Shield Support
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aswRdr
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswTdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Network Shield Support
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswUpdSv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! iAVS4 Control Service
Description: Fournit la mise à jour automatique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Image size: 16248
Image MD5: 765E0E2BDB83C58FFC411DA401D8BA66
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: System32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: System32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\System32\Ati2evxx.exe
Image size: 376832
Image MD5: 06B67E6A0B679D037D2D9E27A64CE90C
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): ati2mtag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\ati2mtag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atierecord
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): atinrvxx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATI WDM Rage Theater Video
Image path: System32\DRIVERS\atinrvxx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: System32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Windows
Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote audio Stub
Image path: System32\DRIVERS\audstub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): avast! Antivirus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Antivirus
Description: Gère et implémente les services de l'antivirus avast! pour cet ordinateur. Ceci inclut la protection résidente, la zone de quarantaine et le planificateur.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Image size: 132472
Image MD5: 47DF7F40F77FCE0A134021C6BF0FF52A
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: aswMon2,RpcSS

Service (registry key): avast! Mail Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Mail Scanner
Description: Implémente l'analyse du courrier électronique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Image size: 243064
Image MD5: 3F4A782FECFA42AB86CEA759EB929106
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): avast! Web Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Web Scanner
Description: Implémente l'analyse du contenu web (HTTP) pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Image size: 345464
Image MD5: CDED5892E327CDCBB64E598AE6C4E3E3
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): AVG Anti-Spyware Driver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Driver
Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): AVG Anti-Spyware Guard
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Guard
Object name: LocalSystem
Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Image size: 312880
Image MD5: 5DCD235C061022BCDA9AA48670B64211
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AvgAsCln
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Clean Driver
Image path: System32\DRIVERS\AvgAsCln.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
0
Réponse 23 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 20:51
re, ok pour recycler c'est ok merci.

Sinon pour le mode ss echec et spybot le rapport est le suivant


--- Search result list ---
RealDownloadExpress: [SBI $1EDE24BC] Root class (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RealDownloadExpress.IE

RealDownloadExpress: [SBI $1EDE24BC] Root class (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RealDownloadExpress.IE.1

RealDownloadExpress: [SBI $1EDE24BC] Class ID (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56336BCB-3D8A-11d6-A00B-0050DA18DE71}

RealDownloadExpress: [SBI $3BB925FD] Class ID (Clé du registre, fixed)
HKEY_CLASSES_ROOT\TypeLib\{FDF5CDE5-17A6-40B3-A544-A8527AE8B243}

UtileProtection: [SBI $7162C2E7] Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair

Vario.AntiVirus: [SBI $6DD17C26] Dossier Programme (Répertoire, fixed)
c:\UGA6PV\

Vario.AntiVirus: [SBI $FD1D24F8] Réglages utilisateur (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-2025429265-1417001333-725345543-1003\Software\VirusGarde

Vario.AntiVirus: [SBI $AAAFC4B0] Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\VirusGarde

Vario.AntiVirus: [SBI $28842A62] Dossier Programme (Répertoire, fixed)
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VirusGarde\

Vario.AntiVirus: [SBI $68FB8D46] Lien (Fichier, fixed)
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\virusgarde\VirusGarde.lnk

EverestPoker: [SBI $03A31629] Réglages (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-2025429265-1417001333-725345543-1003\Software\Grand Virtual

EverestPoker: [SBI $34F4B617] Réglages désinstallation (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker

EverestPoker: [SBI $EB906E36] Dossier Programme (Répertoire, fixed)
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker\

EverestPoker: [SBI $C42AAFB3] Réglages utilisateur (Valeur du registre, fixed)
HKEY_USERS\S-1-5-21-2025429265-1417001333-725345543-1003\Software\Grand Virtual\XD3C

Microsoft.Windows.Explorer: [SBI $E3838056] Réglages utilisateur (Modification du registre, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

Microsoft.Windows.Explorer: [SBI $E3838056] Réglages utilisateur (Modification du registre, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: [SBI $5509538C] Réglages (Modification du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Réglages (Modification du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Alexa Related: [SBI $9263101F] Lien (Remplacer le fichier, fixed)
C:\WINDOWS\Web\related.htm

Win32.Banker.aipy.rtk: [SBI $1C9E9F4A] Bibliothèque (Fichier, fixed)
C:\WINDOWS\system32\iebudata.dll

Win32.Banker.aipy.rtk: [SBI $7B5B3ACC] Bibliothèque (Fichier, fixed)
C:\WINDOWS\system32\ierql.dll

Win32.Banker.aipy.rtk: [SBI $D875AB6E] Bibliothèque (Fichier, fixed)
C:\WINDOWS\system32\qshl.dll

Win32.Murlo.ff.rtk: [SBI $67E0FCFD] Réglages (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UID

DoubleClick: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


SexTracker: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


Statcounter: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


Zedo: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


WebTrends live: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


MediaPlex: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


MediaPlex: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


BlueStreak: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


TagASaurus: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


Tradedoubler: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)


SexTracker: [SBI $4CDCC3D5] Cookie traceur (Internet Explorer: maison) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-02 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-11-28 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-28 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-28 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-28 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-28 Includes\PUPSC.sbi (*)
2007-11-28 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-28 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-28 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-28 Includes\Trojans.sbi (*)
2007-11-28 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 1 (5.1.2600)
/ Windows XP / SP2: Correctif Windows XP - KB842773
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: 8CF58586AE4577ED71FFE8883A6D4B3B

Located: HK_LM:Run, EasyTuneV
command: C:\Program Files\Gigabyte\ET5\GUI.exe
file: C:\Program Files\Gigabyte\ET5\GUI.exe
size: 200704
MD5: 9565F8CA2D91EBD35DFE2979764C21C7

Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAShCut.exe
file: C:\WINDOWS\system32\HDAShCut.exe
size: 61952
MD5: 9C3B2302B60FB0EFB13BC880A5E3E93E

Located: HK_LM:Run, M1000Mnt
command: M1000Rmv.exe /StartStillMnt
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 14679552
MD5: 8658493317CD85B5C655557061D08B53

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
size: 185632
MD5: 28525D80EA1D33CF60B8AC318A5F1C82

Located: HK_LM:Run, UpdateWin
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_LM:Run, WOOTASKBARICON
command: C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
file: C:\PROGRA~1\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9

Located: HK_LM:Run, WOOWATCH
command: C:\PROGRA~1\Wanadoo\Watch.exe
file: C:\PROGRA~1\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 7462B3864DA32E6B3D1EF0524E663A23

Located: HK_LM:RunServices, UpdateWin
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5674352
MD5: A7EFC7EA7EF6FB022A8A95813EDCBE5D

Located: HK_CU:Run, Shareaza
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: "C:\Program Files\Shareaza\Shareaza.exe" -tray
file: C:\Program Files\Shareaza\Shareaza.exe
size: 4354048
MD5: 58DA6D8B55FEDFF760FA3980BDBDDB7E

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, swg
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, UpdateWin
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_CU:Run, WOOKIT
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
file: C:\PROGRA~1\Wanadoo\Shell.exe
size: 122880
MD5: 2BD5E1E68614DBC6B320597856ED6EA7

Located: HK_CU:RunServices, UpdateWin
where: S-1-5-21-2025429265-1417001333-725345543-1003...
command: C:\WINDOWS\System32\1033v.exe
file: C:\WINDOWS\System32\1033v.exe
size: 45056
MD5: 7667B1977C2C63EE118D149722D1A38C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 394856
MD5: 6D23B8CB307E455428A778535BE6E6D9

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{91AD9DC2-523A-47E2-A598-6C277F16CC50} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: c:\windows\system32\
Long name: aadcaad.dll
Short name:
Date (created): 16/10/2007 21:45:18
Date (last access): 02/12/2007 20:29:24
Date (last write): 16/10/2007 21:56:00
Filesize: 81408
Attributes: archive
MD5: F60656A17ADB3D4447479B2ADFC882C6
CRC32: 95F9647E



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\Director\
Long name: swdir.dll
Short name:
Date (created): 21/07/2007 11:49:48
Date (last access): 01/12/2007 11:16:48
Date (last write): 02/05/2007 11:32:04
Filesize: 182512
Attributes: archive
MD5: 95F03ABE4B96C50CF4DA8245819138E4
CRC32: 12E5BB80
Version: 10.2.0.22

{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ascstubie.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 21/08/2007 14:37:26
Date (last access): 02/12/2007 09:57:36
Date (last write): 21/08/2007 14:37:26
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7

{56336BCB-3D8A-11D6-A00B-0050DA18DE71} ()
DPF name:
CLSID name:
Installer:
Codebase: http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:

{8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class)
DPF name:
CLSID name: NanoInstaller Class
Installer: C:\WINDOWS\Downloaded Program Files\nanoinst.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Path: C:\WINDOWS\Downloaded Program Files\
Long name: NanoInst.dll
Short name:
Date (created): 11/09/2007 13:49:28
Date (last access): 02/12/2007 20:28:16
Date (last write): 11/09/2007 13:49:28
Filesize: 38280
Attributes: archive
MD5: 4BEEB9E3A93CF218602A7A9AE21EDCA7
CRC32: FD77ABF2
Version: 2.2.0.5

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 12/10/2007 16:57:42
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 03/06/2005 02:52:58
Date (last access): 12/10/2007 16:53:06
Date (last write): 03/06/2005 03:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 02/12/2007 20:44:52
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 02/12/2007 20:44:52
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash9c.ocx
Short name:
Date (created): 26/03/2007 17:34:38
Date (last access): 02/12/2007 19:22:24
Date (last write): 26/03/2007 17:34:38
Filesize: 2267368
Attributes: readonly archive
MD5: 82FCE4AC7EC2D077A8DD3C14EDEAD219
CRC32: 7167E898
Version: 9.0.45.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 148 ( 0) \SystemRoot\System32\smss.exe
size: 45568
PID: 200 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 4096
PID: 224 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 520704
PID: 268 ( 0) C:\WINDOWS\system32\services.exe
size: 101888
MD5: FC0691097471EE374907E1024EDCBD43
PID: 280 ( 0) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B7B1C150AFF59455DB4DF082815F88F5
PID: 440 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 472 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 484 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 748 ( 0) C:\WINDOWS\Explorer.EXE
size: 1008128
MD5: 82FE0D400CB1AC937234467B927B867A
PID: 872 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 02/12/2007 20:44:52

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
7-Zip 4.23 (7-Zip)
uninstall cmd: "C:\Program Files\7-Zip\Uninstall.exe"

@BIOS (@BIOS)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\BIOS\Uninst.isu"

(AddressBook)

Adobe Shockwave Player 10.2.0.22 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: https://helpx.adobe.com/shockwave.html

ATI Display Driver 8.152-050629m-024086C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\DOCUME~1\maison\LOCALS~1\TEMPOR~1\Content.IE5\0DERST6V
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: https://www.avast.com/fr-fr/index

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: https://www.avg.com/fr-fr/homepage

(Branding)

Composant Hmk (Composant Hmk)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Vidal\Communs\Hmk.isu"

(Connection Manager)

VIDAL CD (Dictionnaire Vidal)
uninstall cmd: C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\VIDAL\VIDAL CD\Uninst.isu" -c"C:\Program Files\VIDAL\VIDAL CD\Bin\UnInstVCD.dll"

(DirectAnimation)

(DirectDrawEx)

EasyTune5 (EasyTune5)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

(Fontcore)

Navigateur Orange (FranceTelecomUninstall_FTBrowser)
install location: C:\PROGRA~1\Wanadoo\WOOBrowser
uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl

Gestionnaire Internet (GestionnaireInternet.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\uninstall.exe

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Information Center (Information Center)
uninstall cmd: "C:\Program Files\Online Add-on\icun.exe"

(InstallShield Uninstall Information)

Correctif Windows XP - KB842773 20040805.140010 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/842773

(KB884016)

High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXP)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us

Correctif Windows XP - KB890859 1 (KB890859)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/890859

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

Mise à jour pour Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/898461/

Mise à jour de sécurité pour Windows XP (KB908519) 1 (KB908519)
install date: 20071130
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/908519

Mise à jour de sécurité pour Windows XP (KB914389) 1 (KB914389)
install date: 20071130
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/914389

Mise à jour de sécurité pour Windows XP (KB920683) 1 (KB920683)
install date: 20071130
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/920683

Malwarebytes' RogueRemover 1.22 (Malwarebytes' RogueRemover FREE_is1)
install date: 20071202
install location: C:\Program Files\RogueRemover FREE\
uninstall cmd: "C:\Program Files\RogueRemover FREE\unins000.exe"
publisher: Malwarebytes
help link: https://www.malwarebytes.com/

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.0.7) 1.0.7 (fr-FR) (Mozilla Firefox (1.0.7))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (fr-FR)"
publisher: Mozilla

Mozilla Thunderbird (1.0.6) 1.0.6 (fr) (Mozilla Thunderbird (1.0.6))
install location: C:\Program Files\Mozilla Thunderbird
uninstall cmd: C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.6 (fr)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

Panda NanoScan (NanoScan)
estimated size: 400
install location: C:\Program Files\Panda Security\NanoScan
uninstall cmd: C:\Program Files\Panda Security\NanoScan\nanounst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/mediacenter/?ref=mc_blogcav

Navilog1 3.3.0 (Navilog1_is1)
install date: 20071019
install location: C:\Program Files\Navilog1\
uninstall cmd: "C:\Program Files\Navilog1\unins000.exe"
publisher: @IL-MAFIOSO

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files\Fichiers communs\Ahead\Uninstall\Setup.exe /uninstall

NeroVision Express 2 (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

(NVEContent!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNVEContent.exe /UNINSTALL

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\System32\nvunrm.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
install location: C:\Program Files\Real\RealPlayer\realplay.exe
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
publisher: RealNetworks
comments: Diffusez, enregistrez et organisez votre musique et vos vidéos, gravez un CD ou emportez votre musique partout avec vous.
contact: RealNetworks

(SchedulingAgent)

Shareaza version 2.2.5.0 2.2.5.0 (Shareaza_is1)
install date: 20070401
install location: C:\Program Files\Shareaza\
uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support

(Shockwave)

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
publisher: Adobe Systems
help link: https://helpx.adobe.com/flash-player.html

Panda TotalScan 01.01.01.0002 (TotalScan)
estimated size: 4000
install location: C:\Program Files\Panda Security\TotalScan
uninstall cmd: C:\Program Files\Panda Security\TotalScan\ascuninst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

ZoneAlarm 7.0.362.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

livebox ({17342E3B-0818-4A6F-BFF8-99476605ADD6})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

J2SE Runtime Environment 5.0 Update 4 1.5.0.40 ({3248F0A8-6813-11D6-A77B-00B0D0150040})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 121289
install date: 20070330
install source: C:\Documents and Settings\maison\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.5.0_04\README.txt

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113938
install date: 20070721
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2652
install date: 20070329
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/

Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
version: 73662777
version (major): 4
version (minor): 100
estimated size: 1240
install date: 20070401
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
publisher: Microsoft Corporation

USB2.0 Web Camera ({56A648C2-D185-46A9-BBFF-78AE7A501000})
uninstall cmd: C:\WINDOWS\System\M1000Rmv.exe

Microsoft Works 08.04.0702 ({A059DE09-1B49-4450-B340-7AE097EC3F04})
version: 134480574
version (major): 8
version (minor): 4
estimated size: 296363
install date: 20070330
install location: INSTALLDIR
install source: D:\MSWORKS\
uninstall cmd: MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: https://support.microsoft.com/en-us
help telephone:

Microsoft Visual C++ 2005 Redistributable 8.0.50727.42 ({A49F249F-0C91-497F-86DF-B2585E8E76B7})
version: 134268455
version (major): 8
estimated size: 5192
install date: 20071006
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
publisher: Microsoft Corporation

Adobe Reader 7.0 - Français 7.0.0 ({AC76BA86-7AD7-1036-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 74744
install date: 20070330
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBIG\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: https://helpx.adobe.com/support.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071202
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: https://www.safer-networking.org/?page=support

Athlon 64 Processor Driver 1.2.2.2 ({C151CE54-E7EA-4804-854B-F515368B0798})
version: 16908290
install location: C:\Program Files\AMD\Athlon 64 Processor Driver
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c

WinZip 11.1 11.1.7466 ({CD95F661-A5C4-44F5-A6AA-ECDD91C240B5})
version: 184622378
version (major): 11
version (minor): 1
estimated size: 11558
install date: 20071202
install location: C:\Program Files\WinZip\
install source: C:\Documents and Settings\maison\Local Settings\Temporary Internet Files\Content.IE5\IZO7JS9C\
uninstall cmd: MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
publisher: WinZip Computing, S.L.
help link: https://www.winzip.com/win/fr/contact.html

GEAR 32bit Driver Installer 2.005.1 ({E89B484C-B913-49A0-959B-89E836001658})
version: 33882113
version (major): 2
version (minor): 5
estimated size: 124
install date: 20071006
install location: C:\Program Files\GEAR Software, Inc.\My Product Name\
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\_is5\
uninstall cmd: MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
publisher: GEAR Software, Inc.
contact: Technical Support
help link: http://gearsoftware.com/support/online-support.php
help telephone: +1 561-575-3247

Realtek High Definition Audio Driver 1.92 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 22806528
install date: 20070329
install location: C:\Program Files\Realtek\InstallShield\
install source: D:\audio\HD_Audio\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
publisher: Realtek Semiconductor Corp.

Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 32219
install date: 20070401
install source: C:\DOCUME~1\maison\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
publisher: Microsoft Corporation



--- System Services ---
Service (registry key): Aavmker4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Asynchronous Virus Monitor
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: System32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de la passerelle de la couche Application
Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de processeur AMD
Image path: System32\DRIVERS\AmdK8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ARP 1394
Description: Protocole client ARP 1394
Image path: System32\DRIVERS\arp1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aswMon2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Standard Shield Support
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aswRdr
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswTdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Network Shield Support
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswUpdSv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! iAVS4 Control Service
Description: Fournit la mise à jour automatique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Image size: 16248
Image MD5: 765E0E2BDB83C58FFC411DA401D8BA66
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: System32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: System32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\System32\Ati2evxx.exe
Image size: 376832
Image MD5: 06B67E6A0B679D037D2D9E27A64CE90C
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): ati2mtag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\ati2mtag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atierecord
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): atinrvxx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATI WDM Rage Theater Video
Image path: System32\DRIVERS\atinrvxx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: System32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Windows
Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote audio Stub
Image path: System32\DRIVERS\audstub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): avast! Antivirus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Antivirus
Description: Gère et implémente les services de l'antivirus avast! pour cet ordinateur. Ceci inclut la protection résidente, la zone de quarantaine et le planificateur.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Image size: 132472
Image MD5: 47DF7F40F77FCE0A134021C6BF0FF52A
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: aswMon2,RpcSS

Service (registry key): avast! Mail Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Mail Scanner
Description: Implémente l'analyse du courrier électronique pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Image size: 243064
Image MD5: 3F4A782FECFA42AB86CEA759EB929106
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): avast! Web Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Web Scanner
Description: Implémente l'analyse du contenu web (HTTP) pour l'antivirus avast!.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Image size: 345464
Image MD5: CDED5892E327CDCBB64E598AE6C4E3E3
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): AVG Anti-Spyware Driver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Driver
Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): AVG Anti-Spyware Guard
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Guard
Object name: LocalSystem
Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Image size: 312880
Image MD5: 5DCD235C061022BCDA9AA48670B64211
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AvgAsCln
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Clean Driver
Image path: System32\DRIVERS\AvgAsCln.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
0
Réponse 24 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 20:53
re, voici le rapport de hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:42, on 02/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
2 déc. 2007 à 21:00
FAIT demarrer puis EXECUTER et tape sur entrée pour ouvrir une session

tape:

del c:\windows\system32\aadcaad.dll


et appuye sur entrée puis taper EXIT puis appyuer sur entrée pour quitter la session

_______________

remplace avast par antivir et colle un rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
0
Réponse 26 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 21:03
re, es ce que je met del devant le nom du fichier car dans executer il me dit que del c'est pas bon ?
0
Réponse 27 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
2 déc. 2007 à 21:10
oui il faut mettre del pour qu'il le vire (essaye sans espace apres le del )

si ca marche pas passe a la suite
0
Réponse 28 / 74
mallaury27
2 déc. 2007 à 21:19
Bonjour,

Cela fait maintenant 3 jours que mon ordi est infecté par la dernière version de Trojan.Zlob-X.

J'ai Norton comme antivirus mais ça ne m'a pas protégé. J'ai installé avast et fait une analyse mais sans résultat. j'ai également utilisé Spyware Doctor et multi virus cleaner 2007, toujours sans résultat.

J'ai aussi utilisé SDFix et il me dit qu'il n'a pas trouvé de Trojan. voici le rapport :

SDFix: Version 1.116

Run by mallaury27 on 02/12/2007 at 20:37

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found


Et pourtant le problème lié à ce Trojan persiste.

Comment faire ?
0
Réponse 29 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
2 déc. 2007 à 21:24
slt mallaury27
cré ton propre post et on t'aidera

ou ecrit moi en pv et je te repondrai

a plus
0
Réponse 30 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 21:27
re, j'ai essayé sans l'espace avec le del et le nom du fichier dans executer mais il me dit que ce n'st pas possible.

Ensuite j'ai desintallé avast et j'ai installé antivir et j'ai redemarrer mon PC et maintenan antivir m'affiche des fenetre d'alerte comme quoi je suis infecté pas le meme fichier c:\windows\system32\aadcaad.dll.
Qu'est ce que je fais maintenant.?
0
Réponse 31 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
2 déc. 2007 à 21:30
essaye de virer ce fichier en mode sans echec

_____________
puis
scan avec antivir en mode sans echec et colle moi le rapport

puis un hijackthis
0
Réponse 32 / 74
Mallaury27 Messages postés 1 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 2 décembre 2007
2 déc. 2007 à 21:31
Bonjour,

Mon ordi est infecté depuis 3 jours par la dernière version de Trojan.Zlob-X.
J'ai pourtant Norton mais il ne m'a pas protédé de ce virus. j'ai téléchargé avast et après analyse il avait trouvé un fichier Trojan, je lui ai demandé de le supprimer mais ça n'a rien fait puisque je rencontre toujours le problème lié au Virus. j'ai utilisé Spyware Doctor, sans résultat. idem avec multi virus cleaner 2007.
En lisant le forum, j'ai vu qu'une personne avait utilisé SDFix pour se débarrasser de fichiers Trojan. j'ai fait de même mais sans résultat.

Comment faire pour me débarrasser du virus qui infecte mon ordi. D'autant que j'ai des fichiers dans Windows qui apparaissent avec des écritures bleues et je ne sais pas ce que cela signifie.

Merci de m'indiquer s'il existe un moyen de supprimer Trojan.Zlob-X, s'agissant (d'après ce que m'indique le message sur mon ordi) de la dernière version.
0
Réponse 33 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
2 déc. 2007 à 21:46
slt mallaury27
cré ton propre post et on t'aidera

ou ecrit moi en pv et je te repondrai

a plus
0
Réponse 34 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 21:56
re, voici le rapport de antivir



AntiVir PersonalEdition Classic
Report file date: dimanche 2 décembre 2007 21:31

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: maison
Computer name: MAISON-6ZNO7WTT

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 2 décembre 2007 21:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Shareaza.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!

Starting to scan the registry.
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\!KillBox\aadcaad.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b716a0.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071019-212726-817.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61882.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071019-212741-634.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61885.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071019-212811-488.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61887.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071021-125123-177.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6188a.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071021-125210-478.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6188c.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071021-125238-683.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6188d.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071021-125247-562.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6188f.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071021-125335-832.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61890.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071021-125607-271.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61891.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071026-064059-727.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61893.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071026-064115-939.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61894.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071027-223219-785.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b61899.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071103-100622-991.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4627ab62.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071103-100640-877.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6189a.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071129-171201-141.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4627ab63.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071202-001746-987.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6189c.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071202-183118-282.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4627ab65.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071202-192915-879.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6189b.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071202-193211-829.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4627ab64.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071202-193228-946.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b6189d.qua'!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\aadcaad.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\system.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c61a69.qua'!
C:\WINDOWS\Temp\_avast4_\unp59633463.tmp
[WARNING] 'Contains detection pattern of the Windows virus W95/Blumblebee.1738'. This detection is probably an error. Please send us this file immediately for further analysis.
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche 2 décembre 2007 21:48
Used time: 17:00 min

The scan has been done completely.

2748 Scanning directories
112702 Files were scanned
23 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
22 files were moved to quarantine
0 files were renamed
6 Files cannot be scanned
112679 Files not concerned
852 Archives were scanned
8 Warnings
1 Notes

et le rapport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:45, on 02/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 35 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 22:11
re, au fait je n'ai pas reussi a virer ce satané fichier meme en mode sans echec desolé.
Que faire ?
0
Réponse 36 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 22:36
re, desolé mais je commence a m'endormir devant le passer et je t'ai assez embeter ce soir lol alors je reviens demain dans la matinée en esperant ke tu pourra encore me conseiller. je te remerci. bonne soirée.
a Plus
0
Réponse 37 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
2 déc. 2007 à 22:38
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

lance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :



C:\WINDOWS\system32\aadcaad.dll


* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

__________________

rescan avec antivir EN MODE SANS ECHEC SURTOUT
0
Réponse 38 / 74
Julien06 Messages postés 129 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 3 avril 2012
2 déc. 2007 à 23:19
re, suis encore la.
J'ai fait ce que tu ma demandé avec vundofix mais il na pas trouvé le fichier C:\WINDOWS\system32\aadcaad.dll par contre pendant le scan de vundo antivir m'a alerté pour le fichier C:\WINDOWS\system32\aadcaad.dll avec un BIP insupportabble (pourrai tu me donner une astuce pour pouvoir desactivé ce BIP stp car il sonne a chaque fois ke j'ouvre une page web)

Conclusion vundo n'a rien trouvé.

Log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:56, on 02/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 39 / 74
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
3 déc. 2007 à 12:50
as tu scanné aavec antivir en mode ssans echec( demarrer l'ordi en appuyatn sur F8 ou F5 en général)


______________________
refais otmovit en mode sans echec aussi


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


c:\windows\system32\aadcaad.dll


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________

si ca persiste


AD AWARE:
Pour télécharger :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html


____________________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

 Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
 Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
 Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
0
Réponse 40 / 74
julien06
3 déc. 2007 à 17:25
re, sa va ?
Ecoute je ne serai pas chez moi mercredi soir ou jeudi matin a ce moment la je ferai ce que tu m'as demandé. Donc je te posterai tout sa des que je suis chez moi.
Desolé.
Aplus
0

Discussions similaires

Erreur la zone de données passée à un appel système est insu
Vincent -
Panth33ra -

5 réponses
Système d'exploitation 32 bits, processeur x64
Laurent1998480 -
gugu59 -

17 réponses
l'administrateur système a configuré la polit
lc33520 -
@ -

40 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Qu'es ce que le système d'exploitation FreeDOS
Nepra -
Nepra -

10 réponses