yarby
-
Compteur de contenus
2 -
Inscription
-
Dernière visite
yarby's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Salut Merci pour le process et pour le temps que vous accorder pour aider des brebis égarés comme moi !! Déjà pour répondre à ta question sur Antivir, Je l'ai désinstallé car dans la procédure de pré-nettoyage, il est écrit : désinstallation d'AntiVire en Rouge. ça m'a surpris aussi, j'me suis dit que pour la procédure qui suivait ça posait un pb ... bref je l'ai pas encore remis mais je vais le faire. Avant de poster les rapports j'ai quelques questions A quoi sert le programme Tea-Timer présent avec SpyBot ? J'ai découvert un répertoire WINNT/Sytem32 avec 1 fichier dedans comdlg32.ocx, est ce que je dois l'effacer? Sinon pour revenir à mon infection, ta procédure m'a viré pas mal de trucs, ci-joint les rapports : Merci d'avance A+ Nyko --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 07:26:16, 21/04/2006 + Somme de contrôle: 956D7799 + Résultats du scan: HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : Nettoyer et sauvegarder [164] C:\WINNT\system32\winhdn32.dll -> Trojan.Agent.qt : Nettoyer et sauvegarder C:\WINNT\system32\winhdn32.dll -> Trojan.Agent.qt : Nettoyer et sauvegarder ::Fin du rapport _____________________________________________________________________________ RAPPORT SPYBOTSD --- Search result list --- Common Dialogs: History (111 files) (Clé du registre, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Log: Activity: COM+.log (Sauver le fichier, nothing done) C:\WINNT\COM+.log Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done) C:\WINNT\SchedLgU.Txt Log: Activity: imsins.log (Sauver le fichier, nothing done) C:\WINNT\imsins.log Log: Activity: mmdet.log (Sauver le fichier, nothing done) C:\WINNT\mmdet.log Log: Activity: ModemDet.txt (Sauver le fichier, nothing done) C:\WINNT\ModemDet.txt Log: Activity: OEWABLog.txt (Sauver le fichier, nothing done) C:\WINNT\OEWABLog.txt Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done) C:\WINNT\ntbtlog.txt Log: Install: Active Setup Log.txt (Sauver le fichier, nothing done) C:\WINNT\Active Setup Log.txt Log: Install: comsetup.log (Sauver le fichier, nothing done) C:\WINNT\comsetup.log Log: Install: Directx.log (Sauver le fichier, nothing done) C:\WINNT\Directx.log Log: Install: iis5.log (Sauver le fichier, nothing done) C:\WINNT\iis5.log Log: Install: ocgen.log (Sauver le fichier, nothing done) C:\WINNT\ocgen.log Log: Install: ockodak.log (Sauver le fichier, nothing done) C:\WINNT\ockodak.log Log: Install: setupact.log (Sauver le fichier, nothing done) C:\WINNT\setupact.log Log: Install: setupapi.log (Sauver le fichier, nothing done) C:\WINNT\setupapi.log Log: Install: setuplog.txt (Sauver le fichier, nothing done) C:\WINNT\setuplog.txt Log: Install: svcpack.log (Sauver le fichier, nothing done) C:\WINNT\svcpack.log Log: Install: wmsetup.log (Sauver le fichier, nothing done) C:\WINNT\wmsetup.log Log: Shutdown: System32\wbem\logs\mofcomp.log (Sauver le fichier, nothing done) C:\WINNT\System32\wbem\logs\mofcomp.log Log: Shutdown: System32\wbem\logs\wbemcore.log (Sauver le fichier, nothing done) C:\WINNT\System32\wbem\logs\wbemcore.log Log: Shutdown: System32\wbem\logs\winmgmt.log (Sauver le fichier, nothing done) C:\WINNT\System32\wbem\logs\winmgmt.log Log: Shutdown: System32\wbem\logs\wmiadap.log (Sauver le fichier, nothing done) C:\WINNT\System32\wbem\logs\wmiadap.log Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done) C:\WINNT\System32\wbem\logs\wmiprov.log ACDSee: Last opened folder (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\ACD Systems\ACDSee\OpenFolder!= ACDSee: Folders global history (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\ACD Systems\ACDSee\HistPaths ACDSee: Search folder history (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\ACD Systems\ACDSee\HistSearchPathBox Ahead Nero Burning Rom: Browser directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!= Ahead Nero Burning Rom: Working directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!= Ahead Nero Burning Rom: Last ISO directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\ahead\Nero - Burning Rom\General\OFDLastISODir!= DVD Shrink 3.1: Last output device type (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\DVD Shrink\DVD Shrink 3.1\Preferences\TargetDevice DVD Shrink 3.1: Last output folder (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\DVD Shrink\DVD Shrink 3.1\Preferences\TargetFolder DVD Shrink 3.1: Recent file list (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\DVD Shrink\DVD Shrink 3.1\Recent File List DVD Shrink 3.1: Recent targets list (8 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\DVD Shrink\DVD Shrink 3.1\Recent Targets Internet Explorer: Typed URL list (11 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: Download directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Internet Explorer\Download Directory!= Internet Explorer: User agent (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: AutoComplete data (12 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Internet Explorer\IntelliForms\SPW MS Management Console: Recent command list (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Microsoft Management Console\Recent File List MS Media Player: Last opened playlist (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist MS Media Player: Last selected track index (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex MS Media Player: Client ID (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!= MS Media Player: Client ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!= MS Media Player: Anonymous ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0 MS Direct3D: Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!= MS Direct3D: Most recent application (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Direct3D\MostRecentApplication\Name!= MS DirectDraw: Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!= MS Office 10.0: Access recent file (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Office\10.0\Access\Settings MS Office 10.0: Recently used symbol list (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Office\10.0\Common\General\SymbolMRU MS Office 10.0 (Word): Recently used documents list (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Office\10.0\Word\Data\Settings MS Office 10.0 (Excel): Recent file list (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Office\10.0\Excel\Recent Files MS Fax: Last country ID (Valeur du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Fax\UserInfo\LastCountryID MS Fax: Last country ID (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Fax\UserInfo\LastCountryID MS Regedit: Recent open key (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!= Poikosoft Easy CD-DA Extractor 5.x: Last used media drive (Extractor) (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Poikosoft\Easy CD-DA Extractor 5.0\b08!= Poikosoft Easy CD-DA Extractor 5.x: Last output directory (Extractor) (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Poikosoft\Easy CD-DA Extractor 5.0\b12!= Poikosoft Easy CD-DA Extractor 5.x: Last source directory (Convertor) (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Poikosoft\Easy CD-DA Extractor 5.0\b71!= Windows: Drivers installation paths (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!= Windows.OpenWith: Open with list - .ACE extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ACE\OpenWithList Windows.OpenWith: Open with list - .AVI extension (9 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: Open with list - .CSV extension (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList Windows Explorer: Run history (5 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: Stream history (201 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: User Assistant history IE (44 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history files (408 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: Last visited history (14 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: File search history (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU Windows Explorer: Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Media SDK: Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber WinRAR: Recent file list (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\WinRAR\ArcHistory WinRAR: Last used directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\WinRAR\General\LastFolder!= WinRAR: Extraction directory history (11 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1801674531-179605362-839522115-500\Software\WinRAR\DialogEditHistory\ExtrPath Félicitations!: Aucun mouchard n'a été trouvé. () --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-04-20 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2006-02-06 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2006-02-20 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-04-14 Includes\Cookies.sbi (*) 2006-04-14 Includes\Dialer.sbi (*) 2006-04-14 Includes\Hijackers.sbi (*) 2006-04-14 Includes\Keyloggers.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2006-04-14 Includes\Malware.sbi (*) 2006-04-14 Includes\PUPS.sbi (*) 2006-04-14 Includes\Revision.sbi (*) 2006-04-14 Includes\Security.sbi (*) 2006-04-14 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti (*) 2006-04-14 Includes\Trojans.sbi (*) --- System information --- Windows 2000 (Build: 2195) Service Pack 2 / Windows 2000 / SP2: Windows 2000 Service Pack 2 --- Startup entries list --- Located: HK_LM:Run, LoadQM command: loadqm.exe file: C:\WINNT\loadqm.exe size: 7536 MD5: 69d7217f9d7f49d6706baf90f52b472b Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup file: C:\WINNT\system32\RUNDLL32.EXE size: 10000 MD5: 61cf5b74a4b5fe430f87e9259b7e4f60 Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit file: C:\WINNT\system32\RUNDLL32.EXE size: 10000 MD5: 61cf5b74a4b5fe430f87e9259b7e4f60 Located: HK_LM:Run, PinnacleDriverCheck command: C:\WINNT\System32\PSDrvCheck.exe -CheckReg file: C:\WINNT\System32\PSDrvCheck.exe size: 406016 MD5: 39d31d333c39caa9a13b738804b43284 Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\qttask.exe" -atboottime file: C:\Program Files\QuickTime\qttask.exe size: 155648 MD5: 216b3acc656cda8a5a0c3071ec0a408b Located: HK_LM:Run, Synchronization Manager command: mobsync.exe /logon file: C:\WINNT\system32\mobsync.exe size: 111888 MD5: 3aef9b6a5452a11d9dbfc261740ef259 Located: HK_CU:Run, internat.exe command: internat.exe file: C:\WINNT\system32\internat.exe size: 20752 MD5: 406b12788886496bd299c3f9e5e310d0 Located: HK_CU:Run, MsnMsgr command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background file: C:\Program Files\MSN Messenger\MsnMsgr.Exe size: 6856704 MD5: 79ac63592f9b6750f2026a2520c11bee Located: HK_CU:Run, SpybotSD TeaTimer command: C:\Program Files\Sécurité\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Sécurité\Spybot - Search & Destroy\TeaTimer.exe size: 1415824 MD5: 70496eee0ddbe485f658693826f44d38 Located: Démarrage (tous utilisateurs), Microsoft Office.lnk command: C:\Program Files\Microsoft Office\Office10\OSA.EXE file: C:\Program Files\Microsoft Office\Office10\OSA.EXE size: 83360 MD5: 5bc65464354a9fd3beaa28e18839734a Located: Démarrage (tous utilisateurs), ZoneAlarm.lnk command: C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe file: C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe size: 623936 MD5: 9a54c57cdc9140dce58fe0e7f028f86b Located: System.ini, crypt32chain command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll command: cscdll.dll file: cscdll.dll Located: System.ini, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn command: WlNotify.dll file: WlNotify.dll --- Browser helper object list --- --- ActiveX list --- --- Process list --- PID: 0 ( 0) [system] PID: 116 ( \SystemRoot\System32\smss.exe PID: 144 ( 116) \??\C:\WINNT\system32\csrss.exe PID: 164 ( 116) \??\C:\WINNT\system32\winlogon.exe PID: 192 ( 164) C:\WINNT\system32\services.exe size: 88848 MD5: FF9F5B218DD1EE52554CDDC06097D70E PID: 204 ( 164) C:\WINNT\system32\lsass.exe size: 39184 MD5: C129D49D50BC8186686263DE5A80038C PID: 356 ( 192) C:\WINNT\system32\svchost.exe size: 7952 MD5: 1206706A25C5B32652B4F465EDE330E9 PID: 376 ( 192) C:\WINNT\System32\WBEM\WinMgmt.exe size: 196685 MD5: 786D704446FEAC666461745AE755CBF7 PID: 176 ( 492) C:\WINNT\Explorer.EXE size: 243984 MD5: 45617CF24DF29028214EE60ED7A2EAA6 PID: 396 ( 176) C:\WINNT\system32\NOTEPAD.EXE size: 51984 MD5: 1EFF486C50D2DF0D6544FEA6FE9DDCC1 PID: 312 ( 176) C:\Program Files\Sécurité\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 8 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 20/04/2006 23:53:59 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINNT\SYSTEM32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.yahoo.fr/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ http://home.microsoft.com/access/autosearch.asp?p=%s HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINNT\SYSTEM32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- --- Uninstall list --- Ad-aware 6 Personal 6.0. (Ad-aware 6 Personal) uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG publisher: Lavasoft Sweden comments: Ad-aware VI Personal help link: http://www.lavasoftusa.com (AddressBook) Adobe Photoshop 6.0 6.0 (Adobe Photoshop 6.0) version (major): 6 install location: C:\Program Files\Adobe\Photoshop 6.0 install source: F:\Adobe Photoshop 6\ uninstall cmd: C:\WINNT\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" publisher: Adobe Systems, Inc. Bink and Smacker (Bink and Smacker) uninstall cmd: C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG (Branding) (Connection Manager) (Creative Installer Setup) uninstall cmd: C:\WINNT\IsUn040c.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu" (Creative Mixer) uninstall cmd: C:\WINNT\IsUn040c.exe -f"C:\Program Files\Creative\Audio2K\CTMixer.isu" (Creative Recorder) uninstall cmd: C:\WINNT\IsUn040c.exe -f"C:\Program Files\Creative\Audio2K\Recorder\Recorder.isu" (DirectAnimation) (DirectDrawEx) (DXM_Runtime) Easy CD-DA Extractor 5.0 (Easy CD-DA Extractor 5.0) uninstall cmd: C:\WINNT\iun6002.exe "C:\Program Files\Easy CD-DA Extractor 5.0\irunin.ini" eMule (eMule) uninstall cmd: "C:\Program Files\eMule\Uninstall.exe" ewido anti-malware (ewidoantimalware) install location: C:\Program Files\Sécurité\ewido anti-malware uninstall cmd: C:\Program Files\Sécurité\ewido anti-malware\Uninstall.exe publisher: ewido networks help link: http://www.ewido.net (expinst) (Fontcore) Free - Kit de connexion 3,7,0,0 (Free.fr) uninstall cmd: C:\Program Files\Free.fr\uninstall.exe publisher: Free help link: http://support.free.fr HijackThis 1.99.1 1.99.1 (HijackThis) uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall publisher: Soeperman Enterprises Ltd. Hollywood FX 5.5 Additional Effects (Hollywood FX 5.5 Additional Effects) uninstall cmd: C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog Pinnacle Hollywood FX for Studio (Hollywood FX for Studio) uninstall cmd: C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log (ICW) Microsoft Internet Explorer 6 SP1 (IE40) uninstall cmd: rundll32 C:\WINNT\System32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u (IE4Data) (IE5BAKEX) (IEData) (IEREADME) (InstallShield Uninstall Information) QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}) version: 117440515 version (major): 7 estimated size: 63179 install date: 20060219 install location: C:\Program Files\QuickTime\ install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_isB\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1036 publisher: Apple Computer, Inc. contact: Assistance AppleCare help link: http://www.apple.com/fr/support/ help telephone: (33) 0825 888 024 SmartSound Quicktracks Plugin 3.0.2.3 (InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) version: 50331650 version (major): 3 estimated size: 18819 install date: 20060419 install location: C:\Program Files\SmartSound Software\Quicktracks\ install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is41\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} publisher: SmartSound Software Inc comments: Built by Chris Coble contact: Customer Support Department help link: http://www.smartsound.com/support help telephone: 1-818-920-9122 (InstallShield_{DA13B1E3-4362-4442-8345-CCA945A8F760}) Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player) uninstall cmd: C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log publisher: Macromedia, Inc. help link: http://www.macromedia.com/fr/support/shockwave (Microsoft NetShow Player 2.0) (MobileOptionPack) (MPlayer2) (MsJavaVM) Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey) uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL (NetMeeting) NVIDIA Drivers (NVIDIA Drivers) uninstall cmd: C:\WINNT\System32\nvudisp.exe UninstallGUI Pilotes NVIDIA nForce pour Windows 2000/XP (NVIDIAnForce) uninstall cmd: rundll32.exe C:\WINNT\System32\NVNFINST.DLL,NvUninstallCrush (OutlookExpress) proDAD Heroglyph 1.0 (proDAD-Heroglyph-1.0) uninstall cmd: "C:\Program Files\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp (SchedulingAgent) (Shockwave) Macromedia Flash Player 8 8 (ShockwaveFlash) uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\swflash.inf,DefaultUninstall,5 publisher: Macromedia help link: http://www.macromedia.com/go/flashplayer_support/ SLD CODEC PACK 1.5 PRO beta6 (SLD CODEC PACK 1.5 PRO beta6) uninstall cmd: "C:\Program Files\SLD CODEC PACK\setup\setup.exe" /u Sound Blaster AUDIOPCI128 (Sound Blaster AUDIOPCI128) uninstall cmd: C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1) install location: C:\Program Files\Sécurité\Spybot - Search & Destroy\ uninstall cmd: "C:\Program Files\Sécurité\Spybot - Search & Destroy\unins000.exe" publisher: Safer Networking Limited Winamp (remove only) (Winamp) uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe" (Windows 2000 Service Pack 2) uninstall cmd: c:\winnt\$NtServicePackUninstall$\spuninst\spuninst.exe Archiveur WinRAR (WinRAR archiver) uninstall cmd: C:\Program Files\WinRAR\uninstall.exe Mise à jour système du Lecteur Windows Media (Série 9) (WMP7) uninstall cmd: C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall ZoneAlarm 3.7.143 (ZoneAlarm) uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe publisher: Zone Labs, Inc help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\ZA.chm QuickTime 7.0.3 ({3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}) version: 117440515 version (major): 7 estimated size: 63179 install date: 20060219 install location: C:\Program Files\QuickTime\ install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_isB\ publisher: Apple Computer, Inc. contact: Assistance AppleCare help link: http://www.apple.com/fr/support/ help telephone: (33) 0825 888 024 SmartSound Quicktracks Plugin 3.0.2.3 ({4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) version: 50331650 version (major): 3 estimated size: 18819 install date: 20060419 install location: C:\Program Files\SmartSound Software\Quicktracks\ install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is41\ publisher: SmartSound Software Inc comments: Built by Chris Coble contact: Customer Support Department help link: http://www.smartsound.com/support help telephone: 1-818-920-9122 ({62369F2F77534556AEF4C58152E3BDE5}) WebFldrs 9.00.3501 ({6F716DA0-398F-11D3-85E1-005004838609}) version: 150998445 version (major): 9 estimated size: 2692 install date: 20060215 install source: C:\WINNT\System32\ publisher: Microsoft Corporation help link: http://www.microsoft.com/windows Luxor - Amun Rising ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}) install date: 02/16/2006 install location: C:\Program Files\Wanadoo Jeux\Luxor - Amun Rising install source: F:\LUXOR 2 AMUN uninstall cmd: "C:\Program Files\Wanadoo Jeux\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\Wanadoo Jeux\Luxor - Amun Rising\install.log" publisher: Oberon Media ({8ADFC4160D694100B5B8A22DE9DCABD9}) Microsoft Office XP Professional avec FrontPage 10.0.2627.5 ({9028040C-6000-11D3-8CFE-0050048383C9}) version: 167774787 version (major): 10 estimated size: 199696 install date: 20060215 install location: INSTALLLOCATION install source: F:\ uninstall cmd: MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM ACDSee 4.0 4.00.0000 ({92605735-AAFB-47F7-A67D-17ED129EFF9C}) version: 67108864 version (major): 4 estimated size: 19988 install date: 20060215 install source: C:\Program Files\ACD Systems\Setups\ uninstall cmd: MsiExec.exe /I{92605735-AAFB-47F7-A67D-17ED129EFF9C} publisher: ACD Systems Ltd comments: ACDSee 4.0 and other image management software contact: Technical Support help link: http://www.acdsystems.com help telephone: 250-544-6700 readme: 0 Studio 9 9.3 ({9E491AB7-4589-48CA-9CBB-874CB2788391}) version: 151191552 version (major): 9 version (minor): 3 install location: C:\Program Files\Pinnacle\Studio 9 uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL publisher: Pinnacle Systems MSN Messenger 7.0 7.0.0816 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600816}) version: 117441328 version (major): 7 estimated size: 12054 install date: 20060215 install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\ uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816} publisher: Microsoft Corporation Adobe Reader 7.0.7 - Français 7.0.7 ({AC76BA86-7AD7-1036-7B44-A70700000002}) version: 117440519 version (major): 7 estimated size: 78821 install date: 20060217 install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\ install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\FRA\ uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70700000002} publisher: Adobe Systems Incorporated comments: contact: help link: http://www.adobe.fr/support/main.html help telephone: readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm ({B13A7C41581B411290FBC0395694E2A9}) Studio 9 Content CD/DVD 9.30.000 ({B67624DE-75CE-4FAD-9F29-5C115773CE61}) version: 152961024 install location: C:\Program Files\Pinnacle\Studio 9 uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x40c UNINSTALL --- System Services --- Service (registry key): Abiosdsk Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Display name: Pilote ACPI Microsoft Image path: System32\DRIVERS\ACPI.sys Image size: 163120 Image MD5: B3ADBEBB7C8B8BD2AEF4C7B1601A0E94 Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Start: 4 Type: 1 Error Control: 1 Service (registry key): AFD Display name: Environnement de prise en charge de réseau AFD Image path: \SystemRoot\System32\drivers\afd.sys Start: 2 Type: 1 Error Control: 1 Service (registry key): Aha154x Start: 4 Type: 1 Error Control: 1 Service (registry key): aic116x Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Start: 4 Type: 1 Error Control: 1 Service (registry key): Alerter Display name: Avertissement Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ami0nt Start: 4 Type: 1 Error Control: 1 Service (registry key): amsint Start: 4 Type: 1 Error Control: 1 Service (registry key): AppMgmt Display name: Gestion d'applications Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 3 Type: 32 Error Control: 1 Service (registry key): ASAPIW2k Display name: ASAPIW2K Image path: system32\drivers\ASAPIW2k.sys Image size: 11264 Image MD5: 4F9CBBF95E8F7A0D4C0EDCFE3B78102E Start: 3 Type: 1 Error Control: 1 Service (registry key): asc Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Start: 4 Type: 1 Error Control: 1 Service (registry key): AsyncMac Display name: Pilote de média asynchrone RAS Description: Pilote de média asynchrone RAS Image path: System32\DRIVERS\asyncmac.sys Image size: 16752 Image MD5: 1B4DE1039FE6D4321003303870185B8E Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Display name: Contrôleur de disque dur IDE/ESDI standard Image path: System32\DRIVERS\atapi.sys Image size: 85264 Image MD5: 7E91972F4CF3EA0B0C804F005BF42C7A Start: 0 Type: 1 Error Control: 1 Service (registry key): Atdisk Start: 4 Type: 1 Error Control: 0 Service (registry key): Atmarpc Display name: Protocole client ATM ARP Description: Protocole client ATM ARP Image path: System32\DRIVERS\atmarpc.sys Image size: 57904 Image MD5: 3E348B3313EA633D45CAF59DA0D631BA Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): audstub Display name: Pilote audio Stub Image path: System32\DRIVERS\audstub.sys Image size: 2896 Image MD5: 39D57104A45270F0D376E9DDB484EBBD Start: 3 Type: 1 Error Control: 1 Service (registry key): Beep Start: 1 Type: 1 Error Control: 1 Service (registry key): Browser Display name: Explorateur d'ordinateur Description: Tient à jour une liste des ordinateurs présents sur votre réseau et fournit cette liste aux programmes qui en font la demande. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): BusLogic Start: 4 Type: 1 Error Control: 1 Service (registry key): CCDECODE Display name: Closed Caption Decoder Image path: System32\DRIVERS\CCDECODE.sys Image size: 16384 Image MD5: 1478E6A09512235B9E119D2920477021 Start: 3 Type: 1 Error Control: 1 Service (registry key): cd20xrnt Start: 4 Type: 1 Error Control: 1 Service (registry key): Cdaudio Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdfs Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): Cdr4_2K Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdralw2k Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdrom Display name: Pilote de CD-ROM Image path: System32\DRIVERS\cdrom.sys Image size: 27376 Image MD5: 43D40EE132E19C9101773D0EB4936B40 Start: 1 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Changer Start: 1 Type: 1 Error Control: 0 Service (registry key): cisvc Display name: Service d'indexation Object name: LocalSystem Image path: C:\WINNT\System32\cisvc.exe Image size: 5392 Image MD5: C40DF5DB319CD19FAAF95673FA7FEED8 Start: 3 Type: 288 Error Control: 1 Depends On services: RPCSS Service (registry key): ClipSrv Display name: Gestionnaire de l'Album Description: Prend en charge le Gestionnaire de l'Album, qui permet aux pages d'êtres affichées par des albums distants. Object name: LocalSystem Image path: %SystemRoot%\system32\clipsrv.exe Image size: 31504 Image MD5: B6508C1DF49D45B0D3B488080298187F Start: 3 Type: 16 Error Control: 1 Depends On services: NetDDE Service (registry key): ContentFilter Start: 0 Type: 0 Error Control: 0 Service (registry key): ContentIndex Start: 0 Type: 0 Error Control: 0 Service (registry key): Cpqarray Start: 4 Type: 1 Error Control: 1 Service (registry key): cpqarry2 Start: 4 Type: 1 Error Control: 1 Service (registry key): cpqfcalm Start: 4 Type: 1 Error Control: 1 Service (registry key): cpqfws2e Start: 4 Type: 1 Error Control: 1 Service (registry key): dac960nt Start: 4 Type: 1 Error Control: 1 Service (registry key): deckzpsx Start: 4 Type: 1 Error Control: 1 Service (registry key): Dhcp Display name: Client DHCP Description: Gère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd,NetBT Service (registry key): Disk Display name: Pilote de disque Image path: System32\DRIVERS\disk.sys Image size: 29072 Image MD5: 1D8E18DCEBB5650D5B6FCE48D93A7D0B Start: 0 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Diskperf Start: 0 Type: 1 Error Control: 1 Service (registry key): dmadmin Display name: Service d'administration du Gestionnaire de disque logique Description: Service d'administration des requêtes du Gestionnaire de disque Object name: LocalSystem Image path: %SystemRoot%\System32\dmadmin.exe /com Image size: 147728 Image MD5: 263E74AE11BC2BF628CAC08C384DB47B Start: 3 Type: 32 Error Control: 1 Service (registry key): dmboot Image path: System32\drivers\dmboot.sys Image size: 368976 Image MD5: 73FF24E12D5AF3B5B78F859C830F92E7 Start: 4 Type: 1 Error Control: 1 Service (registry key): dmio Display name: Pilote de Gestionnaire de disque logique Image path: System32\drivers\dmio.sys Image size: 137168 Image MD5: 652CA9C2CE018E3D495B2D45243F62F9 Start: 0 Type: 1 Error Control: 1 Service (registry key): dmload Image path: System32\drivers\dmload.sys Image size: 7312 Image MD5: 24C790F1E0292D0880F1FA3943E3B3E5 Start: 0 Type: 1 Error Control: 1 Service (registry key): dmserver Display name: Gestionnaire de disque logique Description: Service de surveillance du Gestionnaire de disque logique Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Service (registry key): DMusic Display name: Synthé logiciel Microsoft DirectMusic (WDM) Image path: system32\drivers\DMusic.sys Image size: 51152 Image MD5: 3431984234B5988D4C09F043CF4CD779 Start: 3 Type: 1 Error Control: 1 Service (registry key): Dnscache Display name: Client DNS Description: Résout et met en cache les noms DNS. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip Service (registry key): EFS Start: 4 Type: 2 Error Control: 1 Service (registry key): Eventlog Display name: Journal des événements Description: Enregistre les messages d'événements émis par les programmes et par Windows. Les rapports du journal d'événements contiennent des informations qui peuvent être utiles pour diagnostiquer les problèmes et sont affichés dans l'Observateur d'événements. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Service (registry key): EventSystem Display name: Système d'événements de COM+ Description: Fournit une distribution automatique des événements pour les composants COM qui font l'objet d'un abonnement. Object name: LocalSystem Image path: C:\WINNT\System32\svchost.exe -k netsvcs Image size: 7952 Image MD5: 1206706A25C5B32652B4F465EDE330E9 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): ewido security suite control Display name: ewido security suite control Object name: LocalSystem Image path: C:\Program Files\Sécurité\ewido anti-malware\ewidoctrl.exe Image size: 13888 Image MD5: 26830B750372AB1BF29C95DEEBEB802F Start: 2 Type: 272 Error Control: 0 Service (registry key): Fastfat Start: 4 Type: 2 Error Control: 1 Service (registry key): Fax Display name: Service de télécopie Description: Vous aide à envoyer et recevoir des télécopies Object name: LocalSystem Image path: %systemroot%\system32\faxsvc.exe Image size: 97552 Image MD5: A2BB850A03F283628C9968EF7C6843D7 Start: 3 Type: 272 Error Control: 1 Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler Service (registry key): fbxusb Display name: FreeBox USB Network Adapter Image path: System32\DRIVERS\fbxusb.sys Image size: 18848 Image MD5: 99B2F2D42631AFAF14269A92AB68390F Start: 3 Type: 1 Error Control: 1 Service (registry key): Fd16_700 Start: 4 Type: 1 Error Control: 1 Service (registry key): Fdc Display name: Pilote de contrôleur de lecteur de disquettes Image path: System32\DRIVERS\fdc.sys Image size: 26192 Image MD5: C08DF03F9D8786CAF4DAEF83E68E3639 Start: 3 Type: 1 Error Control: 1 Service (registry key): Fips Display name: Fips Start: 2 Type: 1 Error Control: 1 Service (registry key): fireport Start: 4 Type: 1 Error Control: 1 Service (registry key): flashpnt Start: 4 Type: 1 Error Control: 1 Service (registry key): Flpydisk Display name: Pilote de lecteur de disquettes Image path: System32\DRIVERS\flpydisk.sys Image size: 19344 Image MD5: D5B19480BAE13512CCD6F3F352F2AD3B Start: 3 Type: 1 Error Control: 1 Service (registry key): Fs_Rec Start: 1 Type: 8 Error Control: 0 Service (registry key): Ftdisk Display name: Pilote du Gestionnaire de volume Image path: System32\DRIVERS\ftdisk.sys Image size: 116112 Image MD5: 17078061FA13549D335E669FC097F227 Start: 0 Type: 1 Error Control: 1 Service (registry key): gameenum Display name: Game Port Enumerator Image path: System32\DRIVERS\gameenum.sys Image size: 9552 Image MD5: 8469D1242904FEFC1BE9C0DEBC83B059 Start: 3 Type: 1 Error Control: 0 Service (registry key): Gpc Display name: Classificateur de paquets générique Description: Classificateur de paquets générique Image path: System32\DRIVERS\msgpc.sys Image size: 34800 Image MD5: B5DAF7509C1B46A7E797E5B65FB9FB9D Start: 3 Type: 1 Error Control: 1 Service (registry key): hidusb Display name: Pilote de classe HID Microsoft Image path: System32\DRIVERS\hidusb.sys Image size: 13904 Image MD5: FF2CA3C8D0193800E4FA510FFDE0960E Start: 2 Type: 1 Error Control: 0 Service (registry key): i8042prt Display name: Pilote pour clavier i8042 et souris sur port PS/2 Image path: System32\DRIVERS\i8042prt.sys Image size: 48176 Image MD5: 72ED903058C4A8C541F57A60677BD1E7 Start: 1 Type: 1 Error Control: 1 Service (registry key): IAS Start: 0 Type: 0 Error Control: 0 Service (registry key): IDriverT Display name: InstallDriver Table Manager Description: Provides support for the Running Object Table for InstallShield Drivers Object name: LocalSystem Image path: C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe Image size: 69632 Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C Start: 3 Type: 16 Error Control: 0 Service (registry key): inetaccs Start: 0 Type: 0 Error Control: 0 Service (registry key): ini910u Start: 4 Type: 1 Error Control: 1 Service (registry key): Inport Start: 0 Type: 0 Error Control: 0 Service (registry key): IntelIde Start: 4 Type: 1 Error Control: 1 Service (registry key): IpFilterDriver Display name: Pilote de filtre de trafic IP Description: Pilote de filtre de trafic IP Image path: System32\DRIVERS\ipfltdrv.sys Image size: 34416 Image MD5: 09A604211E2B2334FC023A41337E3165 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpInIp Display name: Pilote de tunnelage IP dans IP Description: Pilote de tunnelage IP dans IP Image path: System32\DRIVERS\ipinip.sys Image size: 19984 Image MD5: DBC1437B56EEA1AF02CD39C011904491 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpNat Display name: Traducteur d'adresses réseau IP Description: Traducteur d'adresses réseau IP Image path: System32\DRIVERS\ipnat.sys Image size: 65680 Image MD5: 879DAAEC27F2593413E23E180C65AEE5 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IPSEC Display name: Pilote IPSEC Description: Pilote IPSEC Image path: System32\DRIVERS\ipsec.sys Image size: 62672 Image MD5: EB3822A4D8718293E86A4F5194B1B739 Start: 3 Type: 1 Error Control: 1 Service (registry key): ipsraidn Start: 4 Type: 1 Error Control: 1 Service (registry key): ISAPISearch Start: 0 Type: 0 Error Control: 0 Service (registry key): isapnp Display name: Pilote de bus Plug-and-Play ISA/EISA Image path: System32\DRIVERS\isapnp.sys Image size: 47376 Image MD5: 0C7B022FF95993F8347137D8BECC2F04 Start: 0 Type: 1 Error Control: 3 Service (registry key): Kbdclass Display name: Pilote de la classe Clavier Image path: System32\DRIVERS\kbdclass.sys Image size: 25072 Image MD5: 3947956E300A2B61D63B477D919DE019 Start: 1 Type: 1 Error Control: 1 Service (registry key): kmixer Display name: Mélangeur audio Wave de noyau Microsoft Image path: system32\drivers\kmixer.sys Image size: 147568 Image MD5: B9BB35FF2DA8EC6A5151CBAEFECD806C Start: 3 Type: 1 Error Control: 1 Service (registry key): KSecDD Start: 0 Type: 1 Error Control: 1 Service (registry key): lanmanserver Display name: Serveur Description: Assure la prise en charge des RPC et le partage des fichiers, d'impression et des canaux nommés. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Service (registry key): lanmanworkstation Display name: Station de travail Description: Assure les connexions réseau et les communications. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Service (registry key): lbrtfdc Start: 1 Type: 1 Error Control: 0 Service (registry key): LmHosts Display name: Service d'application d'assistance TCP/IP NetBIOS Description: Permet la prise en charge pour NetBIOS sur un service TCP/IP (NetBT) et la résolution des noms NetBIOS. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Depends On services: NetBT,Afd Service (registry key): lp6nds35 Start: 4 Type: 1 Error Control: 1 Service (registry key): Messenger Display name: Affichage des messages Description: Envoie et reçoit les messages transmis par les administrateurs ou par le service Alertes. Object name: LocalSystem Image path: %SystemRoot%\System32\services.exe Image size: 88848 Image MD5: FF9F5B218DD1EE52554CDDC06097D70E Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,NetBIOS,RpcSS Service (registry key): mnmdd Start: 1 Type: 1 Error Control: 0 Service (registry key): mnmsrvc Display name: Partage de Bureau à distance NetMeeting Description: Permet aux personnes autorisées d'accéder à votre Bureau Windows en utilisant NetMeeting. Object name: LocalSystem Image path: C:\WINNT\System32\mnmsrvc.exe Image size: 21776
-
Salut à tous J'ai fait la connaissance de spywarequake, un peu collant à mon gout !!! + quelques soucis du genre : raccoucis créés sur lmon bureau, j'ai beau les effacer ils reviennent et aussi ma page de démarrage de internet explorer qui change. J'ai fait tout comme vous avez dit, le pré nettoyage en 4 étapes, Antivir a pas trouver grand chose, faut dire pas moyen de faire d'update. Et surtout spywarequake toujours en place. J'ai cherché un peu plus dans votre forum et j'ai fini par installer et lancer SmitfraudFix. Il a trouvé des fichiers infectés et à fait le ménage. Depuis spywarequake semble ne plus se montrer et les raccourcis qui apparaissaient sur mon bureau ne sont plus réapparus et ma page de démartrage IE ne change plus. Mais je sens qu'il doit rester des merdes, jze vous joint le rapport HiJackThisfait après le nettoyage par SmitfraudFix. Logfile of HijackThis v1.99.1 Scan saved at 07:41:50, on 20/04/2006 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\RUNDLL32.EXE C:\WINNT\loadqm.exe C:\WINNT\System32\internat.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {4A8CA1BB-1A7A-3488-2C71-3CB60A1AA7BA} - C:\WINNT\System32\nxd.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {6318F1A1-1033-359A-60D4-33469593DFBC} - C:\WINNT\System32\ejbjyf.dll (file missing) R3 - URLSearchHook: (no name) - {5435B2EC-032B-26D8-7C80-2687E9F4B9BA} - C:\WINNT\System32\ylscfsl.dll (file missing) R3 - URLSearchHook: (no name) - {4D88ABED-112F-328C-2C71-3CB60A1AA7BB} - C:\WINNT\System32\ccidpik.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe -CheckReg O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O20 - Winlogon Notify: winhdn32 - C:\WINNT\SYSTEM32\winhdn32.dll O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe Merci d'avance pour votre aide