Se connecter / S'enregistrer
Votre question

Hupigon13

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Septembre 2009 14:04:02

Bonjour,
Je suis infecté par Hupigon13 et j'aurais besoin d'un coup de main pour me débarrasser de cette saleté.
Si vous pouvez m'aider ; merci d'avance...
PS: je précise que j'utilise une version allégée d'XP. Je possède cependant une version originale avec licence.

Autres pages sur : hupigon13

a b 8 Sécurité
24 Septembre 2009 22:50:49

Bonjour,

Quel est l'emplacement de l'infection ?
24 Septembre 2009 23:01:15

Bonsoir et merci pour votre réponse.
Comment puis-je connaître l'emplacement de l'infection? Avec spybot?
Je refais un scan et je vous poste ça.
24 Septembre 2009 23:40:53

Voici le rapport de spybot. Apparemment je suis à nouveau gavé de logiciels indésirables. C'est sans doute hupigon13 qui les fait revenir car j'avais nettoyé mon PC. J'ai déjà passé spybot plusieurs fois (y compris en mode sans échec, malawarebytes aussi) mais bien qu'il indique que le problème est résolu... il ne l'est pas car hupigon est toujours présent.
Les autres ont je pense bien été supprimés mais ils réapparaîtront bientôt.
Un des symptômes (en fait le seul que j'aie pu observer) est l'apparition (et disparition) intenpestive de pop ups.
Si vous avez une idée de la marche à suivre, je suis preneur !
Merci d'avance.


--- Search result list ---
Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Réglages (Modification du registre, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Hupigon13: [SBI $D5A7DCB6] Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

DoubleClick: Cookie traceur (Internet Explorer: New user) (Cookie, fixed)


Right Media: Cookie traceur (Internet Explorer: New user) (Cookie, fixed)


DoubleClick: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


Tradedoubler: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


Tradedoubler: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


Tradedoubler: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


BlueStreak: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


MediaPlex: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


FastClick: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


FastClick: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


FastClick: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


AdRevolver: Cookie traceur (Chrome: Chrome) (Cookie, fixed)


Statcounter: Cookie traceur (Chrome: Chrome) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-09-15 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-08-10 Includes\Dialer.sbi (*)
2009-09-15 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-09-15 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-09-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-09-15 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-15 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-15 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-09-15 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-09-15 Includes\Trojans.sbi (*)
2009-09-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3, v.3300 (5.1.2600)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: FAE95D6D7651B5629C4E19ADBC9A3863

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8

Located: HK_LM:Run, Microsoft ALU manager
command: C:\WINDOWS\system32\lspvt32.exe
file: C:\WINDOWS\system32\lspvt32.exe
size: 323847872
MD5: BD5C6E29D6370DF5D451D41F3301475F

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC

Located: HK_CU:RunOnce, nltide_3
where: .DEFAULT...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 99840
MD5: 9938ACEB55563B8B39D7FEDE5D69262E

Located: HK_CU:RunOnce, nltide_3
where: S-1-5-19...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 99840
MD5: 9938ACEB55563B8B39D7FEDE5D69262E

Located: HK_CU:RunOnce, nltide_3
where: S-1-5-20...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 99840
MD5: 9938ACEB55563B8B39D7FEDE5D69262E

Located: HK_CU:Run,
where: S-1-5-21-776561741-1801674531-1417001333-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, AlcoholAutomount
where: S-1-5-21-776561741-1801674531-1417001333-1000...
command: "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
file: C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe
size: 203208
MD5: 29B07D6E3CEDD5F15907F108CA3B3DA9

Located: HK_CU:Run, Google Update
where: S-1-5-21-776561741-1801674531-1417001333-1000...
command: "C:\Documents and Settings\New user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
file: C:\Documents and Settings\New user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9

Located: HK_CU:Run, Pando
where: S-1-5-21-776561741-1801674531-1417001333-1000...
command: "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
file: C:\Program Files\Pando Networks\Pando\Pando.exe
size: 4045496
MD5: 16C2840AE742DD8A5B7ABC2EDE5D98E8

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-776561741-1801674531-1417001333-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, swg
where: S-1-5-21-776561741-1801674531-1417001333-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

Located: HK_CU:RunOnce, nltide_3
where: S-1-5-18...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 99840
MD5: 9938ACEB55563B8B39D7FEDE5D69262E

Located: Démarrage (utilisateur), Free Music Zilla.lnk
where: C:\Documents and Settings\New user\Start Menu\Programs\Startup...
command: C:\Program Files\Free Music Zilla\FMZilla.exe
file: C:\Program Files\Free Music Zilla\FMZilla.exe
size: 732352
MD5: D040930921FCDD7FBA3C1657A527A420

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27/02/2009 13:07:26
Date (last access): 18/03/2009 21:29:28
Date (last write): 27/02/2009 13:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 24/08/2009 01:02:40
Date (last access): 24/08/2009 01:02:40
Date (last write): 24/08/2009 01:02:40
Filesize: 329312
Attributes: archive
MD5: 98EA10E878D73C261E0C6316A3A48658
CRC32: 6CE96CBB
Version: 1.0.1.514

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\
Long name: swg.dll
Short name:
Date (created): 09/09/2009 23:00:24
Date (last access): 09/09/2009 23:00:24
Date (last write): 09/09/2009 23:00:24
Filesize: 761840
Attributes: archive
MD5: 32201F66E39D48070D61D002A0D729DB
CRC32: 4210C569
Version: 5.2.4204.1700

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 20/03/2009 21:37:28
Date (last access): 25/07/2073 05:23:58
Date (last write): 25/07/2009 05:23:04
Filesize: 41760
Attributes: archive
MD5: 1E57B1A44C7DFFA1C38534279C14B3CE
CRC32: BA79295C
Version: 6.0.150.3

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 20/03/2009 21:38:08
Date (last access): 25/07/2009 05:24:00
Date (last write): 25/07/2009 05:22:44
Filesize: 73728
Attributes: archive
MD5: 55E583817A2012FD75F1F8CF87EE760C
CRC32: 7051D2F4
Version: 6.0.150.3



--- ActiveX list ---
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind...
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 25/07/2009 03:00:36
Date (last access): 25/07/2073 05:24:12
Date (last write): 25/07/2009 05:23:04
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind...
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 25/07/2009 03:00:36
Date (last access): 25/07/2073 05:24:12
Date (last write): 25/07/2009 05:23:04
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind...
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 25/07/2009 03:00:36
Date (last access): 25/07/2073 05:24:12
Date (last write): 25/07/2009 05:23:04
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3



--- Process list ---
PID: 0 ( 0) [System]
PID: 288 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 336 ( 288) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 356 ( 288) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 400 ( 356) C:\WINDOWS\system32\services.exe
size: 108544
MD5: C66F8642B4368436E1C5B6ADD83F5899
PID: 412 ( 356) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: E4B556449B263674E741BD10108498C8
PID: 572 ( 400) C:\WINDOWS\system32\Ati2evxx.exe
size: 397312
MD5: 33A587BF3FA04DFCAAC2BD0EC2B0B5EF
PID: 588 ( 400) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: A9E050D11D430CDE3C217A230835142E
PID: 644 ( 400) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: A9E050D11D430CDE3C217A230835142E
PID: 680 ( 400) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: A9E050D11D430CDE3C217A230835142E
PID: 736 ( 400) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: A9E050D11D430CDE3C217A230835142E
PID: 820 ( 400) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 6D461954FE3BB34D3386B31D0F4DC803
PID: 856 ( 400) C:\Program Files\Avira\AntiVir Desktop\sched.exe
size: 108289
MD5: 9015BC03F62940527EC92D45EE89E46F
PID: 1108 ( 400) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
size: 185089
MD5: B8720A787C1223492E6F319465E996CE
PID: 1112 (1072) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: D4801BB68068C2979144D3DEFCEB4F6D
PID: 1260 (1180) C:\Program Files\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
PID: 1304 ( 400) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 112325F53AB720CA77825726D427FBDC
PID: 1460 ( 400) C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
size: 181312
MD5: 54196CDAC7E1D81D71C652E100B99E77
PID: 1480 ( 400) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
size: 275968
MD5: B1691AF4A072CB674D600DB16DD7308E
PID: 1752 (1112) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8
PID: 1780 (1112) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642
PID: 1812 (1112) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC
PID: 1820 (1112) C:\WINDOWS\system32\lspvt32.exe
size: 323847872
MD5: BD5C6E29D6370DF5D451D41F3301475F
PID: 1856 (1112) C:\Documents and Settings\New user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
PID: 1896 (1112) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 516 ( 400) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: A9E050D11D430CDE3C217A230835142E
PID: 2120 (1112) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3988 (1820) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: 9AE4A1AF1EF77AAA6955A89FD1FEE3A3
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 24/09/2009 23:31:30

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.fr/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(AddressBook)

Adobe Flash Player 10 ActiveX 10.0.32.18 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Flash Player 10 Plugin 10.0.22.87 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

ATI - Software Uninstall Utility 6.14.10.1007 (All ATI Software)
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver 7.98-040120a-013558C (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean

Audacity 1.2.6 (Audacity_is1)
install location: C:\Program Files\Audacity\
uninstall cmd: "C:\Program Files\Audacity\unins000.exe"
help link: http://audacity.sourceforge.net

Avira AntiVir Personal - Free Antivirus (Avira AntiVir Desktop)
uninstall cmd: C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
publisher: Avira GmbH
help link: http://www.free-av.com/fr/support/index.html

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
publisher: Piriform

(Connection Manager)

Core FTP LE 2.1 (Core FTP LE 2.1)
uninstall cmd: C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG

CutePDF Writer 2.7 (CutePDF Writer Installation)
uninstall cmd: C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe

(DirectAnimation)

(DirectDrawEx)

DivX Plus DirectShow Filters (DivX Plus DirectShow Filters)
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
uninstall cmd: C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
publisher: DivX, Inc.

DLDIrc (DLDIrc)
uninstall cmd: "C:\Program Files\DLDIrc\uninstall.exe"

(DXM_Runtime)

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

ePortfolio 1.11 (ePortfolio 1.11)
uninstall cmd: C:\Program Files\ePortfolio v1.11\uninstall.exe

(Fontcore)

Free FLV Converter V 6.3.0 (Free FLV Converter_is1)
install date: 20090419
install location: C:\Program Files\Free FLV Converter\
uninstall cmd: "C:\Program Files\Free FLV Converter\unins000.exe"
publisher: Koyote Soft
help link: http://www.koyotesoft.com/indexEn.html

Free Music Zilla (Free Music Zilla_is1)
install date: 20090519
install location: C:\Program Files\Free Music Zilla\
uninstall cmd: "C:\Program Files\Free Music Zilla\unins000.exe"
publisher: FreeMusicZilla.com
help link: http://www.freemusiczilla.com

(Google Chrome)

Google Updater 2.4.1698.5652 (Google Updater)
version (major): 2
version (minor): 4
install location: C:\Program Files\Google\Google Updater
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link: http://pack.google.com:80/pack-support?hl=en&gl=si

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\trend micro\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20090714
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: http://www.malwarebytes.org

MediaCoder 0.6.1 0.6.1 (MediaCoder)
uninstall cmd: C:\Program Files\MediaCoder\uninst.exe
publisher: Stanley Huang

MediaInfo 0.7.11 0.7.11 (MediaInfo)
uninstall cmd: C:\Program Files\MediaInfo\uninst.exe
publisher: MediaArea.net

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(MobileOptionPack)

Mozilla Firefox (3.0.11) 3.0.11 (fr) (Mozilla Firefox (3.0.11))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

(NetMeeting)

(OutlookExpress)

PandoraRecovery (Remove Only) (PandoraRecovery)
uninstall cmd: "C:\Program Files\Pandora Recovery\Uninstall.exe"

Photodex Presenter (Photodex Presenter)
uninstall cmd: C:\Program Files\Photodex Presenter\uninst.exe

Microsoft Office Professional 2007 12.0.4518.1014 (PROR)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
publisher: Microsoft Corporation

ProShow Gold (ProShow Gold)
uninstall cmd: C:\Program Files\Photodex\ProShowGold\proshow.exe . -u

RealPlayer (RealPlayer 12.0)
install location: C:\Program Files\Real\RealPlayer\realplay.exe
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
publisher: RealNetworks
comments: Diffusez, enregistrez et organisez votre musique et vos vidéos, gravez un CD ou emportez votre musique partout avec vous.
contact: RealNetworks

Replay Music 3.45 (Replay Music3.45)
uninstall cmd: "C:\WINDOWS\Replay Music\uninstall.exe" "/U:C:\Program Files\Replay Music 3\Uninstall\uninstall.xml"
publisher: Applian Technologies Inc.
contact: Applian Technologies Inc. Support Department
help link: http://www.applian.com

Réseau Antilles Bayo 0004-Q0 0004-Q0 (Réseau Antilles Bayo_is1)
install location: C:\Program Files\Bayo\Pays\Antilles\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Antilles Bayo 0004-Q0\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Antilles BdAlti 2003-Q1 2003-Q1 (Réseau Antilles BdAlti_is1)
install location: C:\Program Files\Bayo\Pays\Antilles\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Antilles BdAlti 2003-Q1\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Antilles BdNyme 2003-Q1 2003-Q1 (Réseau Antilles BdNyme_is1)
install location: C:\Program Files\Bayo\Pays\Antilles\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Antilles BdNyme 2003-Q1\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau France Bayo 0011-Q0 0011-Q0 (Réseau France Bayo_is1)
install location: C:\Program Files\Bayo\Pays\France\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau France Bayo 0011-Q0\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau France BdAlti 2005-Q3 2005-Q3 (Réseau France BdAlti_is1)
install location: C:\Program Files\Bayo\Pays\France\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau France BdAlti 2005-Q3\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau France BdNyme 2004-Q4 2004-Q4 (Réseau France BdNyme_is1)
install location: C:\Program Files\Bayo\Pays\France\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau France BdNyme 2004-Q4\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau France TopoNyme 2004-Q4 2004-Q4 (Réseau France TopoNyme_is1)
install location: C:\Program Files\Bayo\Pays\France\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau France TopoNyme 2004-Q4\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Guyane Bayo 0004-Q0 0004-Q0 (Réseau Guyane Bayo_is1)
install location: C:\Program Files\Bayo\Pays\Guyane\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Guyane Bayo 0004-Q0\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Guyane BdAlti 2003-Q1 2003-Q1 (Réseau Guyane BdAlti_is1)
install location: C:\Program Files\Bayo\Pays\Guyane\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Guyane BdAlti 2003-Q1\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Guyane BdNyme 2003-Q1 2003-Q1 (Réseau Guyane BdNyme_is1)
install location: C:\Program Files\Bayo\Pays\Guyane\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Guyane BdNyme 2003-Q1\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Reunion Bayo 0004-Q0 0004-Q0 (Réseau Reunion Bayo_is1)
install location: C:\Program Files\Bayo\Pays\Reunion\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Reunion Bayo 0004-Q0\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Reunion BdAlti 2003-Q1 2003-Q1 (Réseau Reunion BdAlti_is1)
install location: C:\Program Files\Bayo\Pays\Reunion\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Reunion BdAlti 2003-Q1\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

Réseau Reunion BdNyme 2003-Q1 2003-Q1 (Réseau Reunion BdNyme_is1)
install location: C:\Program Files\Bayo\Pays\Reunion\
uninstall cmd: "C:\Program Files\Bayo\Setup\Réseau Reunion BdNyme 2003-Q1\unins000.exe"
publisher: Bayo
comments: Hot-Line : +33.892.702.889 (0.34€ TTC/min)
contact: support@bayo.com
help link: http://www.bayo.com/support/

SiS Audio Driver (SiS7012)
uninstall cmd: C:\Program Files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012

SiS 900 PCI Fast Ethernet Adapter Driver (SiSLan)
uninstall cmd: C:\Progra~1\SiSLan\Uninst.exe

Spotify 0.3.14 (Spotify)
install location: C:\Program Files\Spotify
uninstall cmd: "C:\Program Files\Spotify\uninstall.exe"

SUPER © Version 2009.bld.35 (Jan 5, 2009) Version 2009.bld.35 (Jan 5, 2009) (SUPER ©)
install date: 2009-02-01 20:17:08
install location: C:\Program Files\eRightSoft\SUPER
install source: C:\Documents and Settings\New user\My Documents\Downloads
uninstall cmd: C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
publisher: eRightSoft
contact: support@eRightSoft.com
help link: http://www.eRightSoft.com

Torrent Episode Downloader 0.96 (Torrent Episode Downloader 0.96)
estimated size: 1651613
install location: C:\Program Files\Torrent Episode Downloader
uninstall cmd: C:\Program Files\Torrent Episode Downloader\uninstall.exe
publisher: Name of your company

VLC media player 0.9.8a 0.9.8a (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

PDFCreator 0.9.7 ({0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D})
install date: 20090325
uninstall cmd: C:\Program Files\PDFCreator\unins000.exe
publisher: Frank Heindörfer, Philip Chinery
comments: PDFCreator - Opensource
help link: http://www.sf.net/projects/pdfcreator
readme: http://www.pdfforge.org

ATI Control Panel 6.14.10.5079 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

PC Inspector File Recovery 4.0 ({0DD140D3-9563-481E-AA75-BA457CBDAEF2})
version: 67108864
install location: C:\Program Files\PC Inspector File Recovery
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c

DivX Converter 7.1.0 ({13F3917B56CD4C25848BDC69916971BB})
install location: C:\Program Files\DivX\DivX Converter
publisher: DivX, Inc.

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX\AutoUpdate

Java(TM) 6 Update 15 6.0.150 ({26A24AE4-039D-4CA4-87B4-2F83216012FF})
version: 100663416
version (major): 6
estimated size: 75700
install date: 20090320
install location: C:\Program Files\Java\jre6\
install source: C:\Documents and Settings\New user\Application Data\Sun\Java\jre1.6.0_12\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre6\README.txt

({26A24AE4-039D-4CA4-87B4-2F83216013FB})

({26A24AE4-039D-4CA4-87B4-2F83216015FB})

DeepBurner v1.9.0.228 ({2ADE2157-7A5E-122C-B51D-EB8A01B15943})
install date: 07/09/2009
install location: C:\Program Files\Astonsoft\DeepBurner
install source: C:\Documents and Settings\New user\My Documents\Downloads
uninstall cmd: "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" -u

Geonaute KeyMaze 300 ({35DFE767-D0DB-4228-A64E-7E6D50B6FEA4})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DFE767-D0DB-4228-A64E-7E6D50B6FEA4}\Setup.exe"

Google Earth 5.1.3509.4636 ({3A05B900-A3E7-11DE-A9B7-005056806466})
version: 83955125
version (major): 5
version (minor): 1
estimated size: 70895
install date: 20090923
install location: C:\Program Files\Google\Google Earth\
install source: C:\WINDOWS\TEMP\7ZipSfx.000\
uninstall cmd: MsiExec.exe /X{3A05B900-A3E7-11DE-A9B7-005056806466}
publisher: Google

DivX Version Checker 7.1.0.2 ({3FC7CBBC4C1E11DCA1A752EA55D89593})
install location: C:\Program Files\DivX\DivX Updater
publisher: DivX, Inc.

Microsoft (R) C Runtime Library 6.0.8797.0 ({51D569E0-8A28-11D2-B962-006097C4DE24})
version: 100672093
version (major): 6
estimated size: 156
install date: 20090919
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\is-QE4QI.tmp\
uninstall cmd: MsiExec.exe /I{51D569E0-8A28-11D2-B962-006097C4DE24}
publisher: Unknown

MFCDLL Shared Library - Retail Version 6.0.8665.0 ({51D569E2-8A28-11D2-B962-006097C4DE24})
version: 100671961
version (major): 6
estimated size: 476
install date: 20090919
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\is-QE4QI.tmp\
uninstall cmd: MsiExec.exe /I{51D569E2-8A28-11D2-B962-006097C4DE24}
publisher: Unknown

Microsoft (R) C++ Runtime Library 6.0.8168.0 ({51D569E3-8A28-11D2-B962-006097C4DE24})
version: 100671464
version (major): 6
estimated size: 128
install date: 20090919
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\is-QE4QI.tmp\
uninstall cmd: MsiExec.exe /I{51D569E3-8A28-11D2-B962-006097C4DE24}
publisher: Unknown

Garmin Training Center 3.4.5 ({53C239F5-7E23-493D-8FB6-F8EEEA5C2154})
version: 50593797
version (major): 3
version (minor): 4
estimated size: 44664
install date: 20090920
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\WZSE0.TMP\
uninstall cmd: MsiExec.exe /X{53C239F5-7E23-493D-8FB6-F8EEEA5C2154}
publisher: Garmin Ltd or its subsidiaries
comments: Please contact Garmin with comments and concerns.
contact: Customer Support Department
help link: http://www.garmin.com/support

({62369F2F77534556AEF4C58152E3BDE5})

Garmin Mobile PC 5.00.10.0 ({7078B4DE-B9C5-45D2-845C-F67F9BD8065D})
version: 83886090
version (major): 5
estimated size: 50180
install date: 20090208
install source: C:\Documents and Settings\New user\Desktop\GarminMobilePC_50010\
uninstall cmd: MsiExec.exe /X{7078B4DE-B9C5-45D2-845C-F67F9BD8065D}
publisher: Garmin Ltd or its subsidiaries
comments: Please contact Garmin with comments and concerns.
contact: Customer Support Department
help link: http://www.garmin.com/support

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 213932
install date: 20090201
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

7.1.0 ({7585478E9D9B42108671C12F8714CEFE})
install location: C:\Program Files\DivX\DivX Converter
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

VC80CRTRedist - 8.0.50727.762 1.0.0 ({767CC44C-9BBC-438D-BAD3-FD4595DD148B})
version: 16777216
version (major): 1
estimated size: 1641
install date: 20090630
install source: C:\Program Files\Common Files\DivX Shared\
uninstall cmd: MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
publisher: DivX, Inc
comments: Install VC80 C++ Runtimes
contact: DivX, Inc

DivX Codec 6.8.5 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX\DivX Codec
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

DivX Player 7.2.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX\DivX Player
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivX, Inc.

Microsoft Software Update for Web Folders (French) 12 12.0.4518.1014 ({90120000-0010-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 3279
install date: 20090201
install source: C:\MSOCache\All Users\{90120000-0010-040C-0000-0000000FF1CE}-C\
publisher: Microsoft Corporation

Microsoft Office Access MUI (French) 2007 12.0.4518.1014 ({90120000-0015-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 33456
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0015-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Excel MUI (French) 2007 12.0.4518.1014 ({90120000-0016-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 17791
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0016-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office PowerPoint MUI (French) 2007 12.0.4518.1014 ({90120000-0018-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 16969
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0018-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Publisher MUI (French) 2007 12.0.4518.1014 ({90120000-0019-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 26582
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-0019-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Outlook MUI (French) 2007 12.0.4518.1014 ({90120000-001A-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 24424
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001A-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Word MUI (French) 2007 12.0.4518.1014 ({90120000-001B-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 21201
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-001B-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (Arabic) 2007 12.0.4518.1014 ({90120000-001F-0401-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 13145
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-040C-0000-0000000FF1CE}-C\Proof.ar\
uninstall cmd: MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (German) 2007 12.0.4518.1014 ({90120000-001F-0407-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 47969
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-040C-0000-0000000FF1CE}-C\Proof.de\
uninstall cmd: MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (English) 2007 12.0.4518.1014 ({90120000-001F-0409-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 42279
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-040C-0000-0000000FF1CE}-C\Proof.en\
uninstall cmd: MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (French) 2007 12.0.4518.1014 ({90120000-001F-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 22868
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-040C-0000-0000000FF1CE}-C\Proof.fr\
uninstall cmd: MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (Dutch) 2007 12.0.4518.1014 ({90120000-001F-0413-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 10292
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-040C-0000-0000000FF1CE}-C\Proof.nl\
uninstall cmd: MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proof (Spanish) 2007 12.0.4518.1014 ({90120000-001F-0C0A-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 37837
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-040C-0000-0000000FF1CE}-C\Proof.es\
uninstall cmd: MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Proofing (French) 2007 12.0.4518.1014 ({90120000-002C-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 498
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-002C-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Shared MUI (French) 2007 12.0.4518.1014 ({90120000-006E-040C-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 38914
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{90120000-006E-040C-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
publisher: Microsoft Corporation

Microsoft Office Professional 2007 12.0.4518.1014 ({91120000-0014-0000-0000-0000000FF1CE})
version: 201331110
version (major): 12
estimated size: 521460
install date: 20090201
install location: C:\Program Files\Microsoft Office\
install source: C:\MSOCache\All Users\{91120000-0014-0000-0000-0000000FF1CE}-C\
uninstall cmd: MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
publisher: Microsoft Corporation

MSXML 3.0 8.20.8730.4 ({930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE})
version: 135537178
version (major): 8
version (minor): 20
estimated size: 568
install date: 20090919
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\is-QE4QI.tmp\
uninstall cmd: MsiExec.exe /I{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}
publisher: Microsoft Corporation

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 ({9A25302D-30C0-39D9-BD6F-21E6EC160475})
version: 151025673
version (major): 9
estimated size: 10524
install date: 20090522
install source: c:\830df89906635d6ffe5f04ae\
uninstall cmd: MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
publisher: Microsoft Corporation

Google Update Helper 1.2.183.7 ({A92DAB39-4E2C-4304-9AB6-BC44E68B55E2})
version: 16908471
version (major): 1
version (minor): 2
estimated size: 28
install date: 20090909
install source: C:\Program Files\Google\Update\1.2.183.7\
uninstall cmd: MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
publisher: Google Inc.

H.264 Decoder 1.1.0 ({A96E97134CA649888820BCDE5E300BBD})
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
publisher: DivX, Inc.

MKV Splitter 1.0.1 ({AAC389499AEF40428987B3D30CFC76C9})
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
publisher: DivX, Inc.

Pando 2.3.0102 ({AB480DA0-7EE9-465D-9C12-4CDE65BF18FB})
version: 33751142
version (major): 2
version (minor): 3
estimated size: 7681
install date: 20090824
install location: C:\Program Files\Pando Networks\Pando\
install source: C:\Documents and Settings\New user\Local Settings\Application Data\{569B15A8-5D8D-4DC1-AE59-A7A717292BDD}\
uninstall cmd: MsiExec.exe /I{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}
publisher: Pando Networks Inc.

Adobe Reader 9.1.3 - Français 9.1.3 ({AC76BA86-7AD7-1036-7B44-A91000000001})
version: 151060483
version (major): 9
version (minor): 1
estimated size: 163430
install date: 20090821
install source: C:\Documents and Settings\New user\Local Settings\Application Data\Adobe\Updater6\Install\reader9rdr-fr_FR\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Support clientèle
help link: http://www.adobe.fr/support/main.html
readme: C:\Program Files\Adobe\Reader 9.0\Lisezmoi.htm

AAC Decoder 7.1.0 ({AEF9DC35ADDF4825B049ACBFD1C6EB37})
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
publisher: DivX, Inc.

Garmin USB Drivers 1.0.0.0 ({B1102A25-3AA3-446B-AA0F-A699B07A02FD})
version: 16777216
version (major): 1
estimated size: 128
install date: 20090920
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\WZSE0.TMP\USB_Drivers\
uninstall cmd: MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
publisher: Garmin Ltd or its subsidiaries
comments: Please contact Garmin with comments and concerns.
contact: Customer Support Department
help link: http://www.garmin.com/support

DivX Converter 7.1.0 ({B13A7C41581B411290FBC0395694E2A9})
install location: C:\Program Files\DivX\DivX Converter
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

Spybot - Search & Destroy 1.6.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20090921
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support

DivX Web Player 1.5.0 ({B7050CBDB2504B34BC2A9CA0A692CC29})
install location: C:\Program Files\DivX\DivX Web Player
uninstall cmd: C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
publisher: DivX,Inc.

SiSoftware Sandra Lite 2009.SP4 15.124.2009.9 ({C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1)
install date: 20090826
install location: C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\
uninstall cmd: "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\unins000.exe"
publisher: SiSoftware
comments: SiSoftware Sandra Lite 2009.SP4
contact: sandra.soft@sisoftware.net
help link: http://www.sisoftware.net/?location=contact

Français - Custom 1.0.3.40 ({CF1E26D3-34E2-4535-8D8C-8C2ECEBB9BEC})
version: 16777219
version (major): 1
estimated size: 120
install date: 20090201
install source: \\SÉVERINE2\SharedDocs\layout01\
uninstall cmd: MsiExec.exe /I{CF1E26D3-34E2-4535-8D8C-8C2ECEBB9BEC}
publisher: Company
contact: Company

MostFun - Family Feud 3.2.17.2 ({DC8ECCC4-17C1-4F6F-AFBE-FEC41555604B})
version: 50462737
version (major): 3
version (minor): 2
estimated size: 18961
install date: 20090617
install source: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\NeoEdgeInstaller\
uninstall cmd: MsiExec.exe /X{DC8ECCC4-17C1-4F6F-AFBE-FEC41555604B}
publisher: iWin

Oxemis CD Ripper 2.00.0010 ({E3C38444-BDAC-40E2-9C48-F946B8D8E2AE})
version: 33554442
version (major): 2
estimated size: 2268
install date: 20090905
install location: C:\Program Files\Oxemis\CD Ripper\
install source: C:\WINDOWS\Downloaded Installations\{A48206F6-EE52-49B0-8F7A-61AF5463A878}\
uninstall cmd: MsiExec.exe /X{E3C38444-BDAC-40E2-9C48-F946B8D8E2AE}
publisher: Oxemis

({E9F81423-211E-46B6-9AE0-38568BC5CF6F})

PL-2303 USB-to-Serial ({ECC3713C-08A4-40E3-95F1-7D0704F1CE5E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed

Garmin City Navigator Europe NT 2008 10.0.0.0 ({EEC8205A-E3DE-4C00-B60C-48E3B9B58B13})
version: 167772160
version (major): 10
estimated size: 1787374
install date: 20090208
install source: E:\Garmin\garmin city\
uninstall cmd: MsiExec.exe /X{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}
publisher: Garmin Ltd or its subsidiaries
comments: Please contact Garmin with comments and concerns.
contact: Customer Support Department
help link: http://www.garmin.com/support

ABBYY PDF Transformer 2.0 2.0.1147.4932 ({FA200000-0001-0000-0000-074957833700})
version: 33555579
version (major): 2
estimated size: 112982
install date: 20090325
install location: C:\Program Files\ABBYY PDF Transformer 2.0\
install source: C:\temp\PDFT20\
uninstall cmd: MsiExec.exe /I{FA200000-0001-0000-0000-074957833700}
publisher: ABBYY Software Ltd.
contact: http://www.abbyy.com/company/?param=1638
help link: http://www.abbyy.com
help telephone: +7 (495) 783 37 00



--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: B3792D2B18127AFB482445A676A2B688
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Embedded Controller Driver
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 11648
Image MD5: 9859C0F6936E723E4892D7141B1327D5
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142592
Image MD5: 8BED39E3C35D6A489438B8141717A557
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): AntiVirSchedulerService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Planificateur
Description: Service de commande des tâches de contrôle et mises à jour Avira AntiVir Personal - Free Antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
Image size: 108289
Image MD5: 9015BC03F62940527EC92D45EE89E46F
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Guard
Description: Offre une protection permanente contre les virus et les logiciels malveillants grâce au moteur de recherche AntiVir.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
Image size: 185089
Image MD5: B8720A787C1223492E6F319465E996CE
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: A9E050D11D430CDE3C217A230835142E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 29896
Image MD5: D33C507942299753868204CC7642FA27
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 992571A55DB8249BD51C4055A4151629
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 96512
Image MD5: 6A4824B8EBC19B439BCDA3D2766A9E27
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 397312
Image MD5: 33A587BF3FA04DFCAAC2BD0EC2B0B5EF
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): ati2mtag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 669696
Image MD5: 06ADA8D1AE1CF24C2B9F7A3E6EBC899D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: A9E050D11D430CDE3C217A230835142E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): avgio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgio
Image path: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Image size: 11608
Image MD5: F1D43170FDD7399EE17EA32D4F868B0C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: FltMgr

Service (registry key): avgntflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntflt
Description: Avira files mini-filter driver
Image path: system32\DRIVERS\avgntflt.sys
Image size: 55656
Image MD5: 8966CF7805052FCBFBA7D4D94516AE9C
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira's Driver for RootKit Detection
Image path: system32\DRIVERS\avipbb.sys
Image size: 96104
Image MD5: AD9BD66A862116E79CB45BB6BE46055F
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: A9E050D11D430CDE3C217A230835142E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: A9E050D11D430CDE3C217A230835142E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 62976
Image MD5: 03BF57D9E8C3C18E5E54A61D60202F45
Control Set: CurrentControlSet
Start: 1
Type: 1
Error C
a b 8 Sécurité
25 Septembre 2009 21:15:01

Qu'est-ce qui te fait dire que tu as cette infection ?

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    25 Septembre 2009 21:54:22

    J'ai peut-être réussi à m'en débarrasser.
    Comme symptôme, j'ai (j'avais) un pop up tous les 5mn qui apparait, puis disparait un peu plus tard. C'est très pénible car en plus il y a des vidéos (des démos de jeux je crois..)
    Hupigon est détecté par Spybot. A la fin du scan, il le supprime mais à chaque nouveau scan il réapparait.

    J'ai utilisé Superantispyware qui a décelé plusieurs infections (je n'ai pas vu hupigon dans le lot). J'ai mutliplié les passages de Spybot, malewarebytes, Ccleaner et ... spybot ne détecte plus Hupigon13. Je n'ai plus les symptômes non plus.
    Je ne veux cependant pas crier victoire. Je vais faire HijackThis et je posterai le rapport.
    25 Septembre 2009 22:15:44

    Voici le HijackThis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:12:21, on 25/09/2009
    Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3300)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\New user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\New user\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8800
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\New user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 6339 bytes
    a b 8 Sécurité
    26 Septembre 2009 21:19:03

    D'autres soucis ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS