Se connecter / S'enregistrer
Votre question

Malware, virus, pages de pub, difficultés d'installation [RESOLU]

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Avril 2007 23:46:13

salut,
C'est Jazcasasoft,
Je suis vraiment très :??:  inquiets et bouleversé par ces virus insupprimables (Smitfraud-C.Toolbar888+WIN32), ce message d'erreur de chargement de SISPower.dll, ces pages pub intempestives inévitables, cette réinstallation impossible de mon imprimante CanoniP1200, et ce "electrinic-group" dans éditeurs approuvés!!! :fou:  et qui sait encore...Je suis déjà atteint d'une infection chronique et j'essaye de lire dans les pages web comment vivre avec...mais C impossible avec tous ça "j'avais cru que le monde est meilleur..." je lance un appel aux âmes charitables de me venir en aide, je suis nouveau dans ce domaine et je ne sais quoi faire.
A vrai dire , je me suis inscrit dans d'autres sites mais c'était très difficile d'envoyer un message. J'espère qu'ici ça marcherait.
Puisque c'est ma 1ère fois, ça ne me pose pas de prob -si vous voulez bien- de me répondre à mon adresse mail.
pour commencer et j'espère que je ne suis pas allé trop vite: voici un HijackThis tout frais :
--------
Logfile of HijackThis v1.99.1
Scan saved at 21:42:55, on 19-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\domino.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VMSnap1.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\hddbdcso.dll
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\levtkvjy.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nhhwoulo.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: ssqonon - C:\WINDOWS\SYSTEM32\ssqonon.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

-----

Autres pages sur : malware virus pages pub difficultes installation resolu

a b 8 Sécurité
19 Avril 2007 23:48:14

Bonjour,

Tu as un Windows piraté ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    20 Avril 2007 01:20:03

    :hello:  Bonjour Angeldark,
    Merci d'avoir répondu aussi vite à mon secours. En ce qui concerne Windows c'est une histoire que je vins d'apprendre et je souhaite la régler dès que possible.
    J'ai 2 RUNDLL : Erreur de chargement de: "C:\WINDOWS\system32\nhhwoulo.dll" et de "SISPower.dll":
    Voici les rapports:
    ----

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 22:26:08 19-04-2007

    Listing files found while scanning....

    C:\WINDOWS\system32\apxpepfo.dll
    C:\WINDOWS\system32\bkrfjmos.dll
    C:\WINDOWS\system32\bmdyxmjl.dll
    C:\WINDOWS\system32\bwghxqkx.dll
    C:\WINDOWS\system32\cghaqhjo.ini
    C:\WINDOWS\system32\eceyswwu.dll
    C:\WINDOWS\system32\edyalhgv.dll
    C:\WINDOWS\system32\fkyokyxb.dll
    C:\WINDOWS\system32\ggnybnqb.dll
    C:\WINDOWS\system32\gsdamfgl.dll
    C:\WINDOWS\system32\gsmucvoi.dll
    C:\WINDOWS\system32\hddbdcso.dll
    C:\WINDOWS\system32\hdyxertn.dll
    C:\WINDOWS\system32\herdsrdm.dll
    C:\WINDOWS\system32\kyhxwvbj.dll
    C:\WINDOWS\system32\lgfmadsg.ini
    C:\WINDOWS\system32\nhhwoulo.dll
    C:\WINDOWS\system32\ntrexydh.ini
    C:\WINDOWS\system32\nwhprtgu.dll
    C:\WINDOWS\system32\odokpuei.dll
    C:\WINDOWS\system32\ojhqahgc.dll
    C:\WINDOWS\system32\oluowhhn.ini
    C:\WINDOWS\system32\oluowhhn.ini2
    C:\WINDOWS\system32\oluowhhn.tmp
    C:\WINDOWS\system32\omravkmf.dll
    C:\WINDOWS\system32\onjshkje.dll
    C:\WINDOWS\system32\orawhnbk.dll
    C:\WINDOWS\system32\orvsatuc.dll
    C:\WINDOWS\system32\ratihsmk.dll
    C:\WINDOWS\system32\sqvdeswq.dll
    C:\WINDOWS\system32\srocdsjw.dll
    C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqro.dll
    C:\WINDOWS\system32\tbtmokpj.dll
    C:\WINDOWS\system32\tyethhfb.dll
    C:\WINDOWS\system32\ulyaidmx.dll
    C:\WINDOWS\system32\vmuhrnqc.dll
    C:\WINDOWS\system32\whejtblt.dll
    C:\WINDOWS\system32\wkdrmjmf.dll
    C:\WINDOWS\system32\wobnvlry.dll
    C:\WINDOWS\system32\xkqxhgwb.ini
    C:\WINDOWS\system32\ypomdylm.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\apxpepfo.dll
    C:\WINDOWS\system32\apxpepfo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bkrfjmos.dll
    C:\WINDOWS\system32\bkrfjmos.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bmdyxmjl.dll
    C:\WINDOWS\system32\bmdyxmjl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bwghxqkx.dll
    C:\WINDOWS\system32\bwghxqkx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cghaqhjo.ini
    C:\WINDOWS\system32\cghaqhjo.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eceyswwu.dll
    C:\WINDOWS\system32\eceyswwu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edyalhgv.dll
    C:\WINDOWS\system32\edyalhgv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fkyokyxb.dll
    C:\WINDOWS\system32\fkyokyxb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ggnybnqb.dll
    C:\WINDOWS\system32\ggnybnqb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gsdamfgl.dll
    C:\WINDOWS\system32\gsdamfgl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gsmucvoi.dll
    C:\WINDOWS\system32\gsmucvoi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hddbdcso.dll
    C:\WINDOWS\system32\hddbdcso.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hdyxertn.dll
    C:\WINDOWS\system32\hdyxertn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\herdsrdm.dll
    C:\WINDOWS\system32\herdsrdm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kyhxwvbj.dll
    C:\WINDOWS\system32\kyhxwvbj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lgfmadsg.ini
    C:\WINDOWS\system32\lgfmadsg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nhhwoulo.dll
    C:\WINDOWS\system32\nhhwoulo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ntrexydh.ini
    C:\WINDOWS\system32\ntrexydh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nwhprtgu.dll
    C:\WINDOWS\system32\nwhprtgu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\odokpuei.dll
    C:\WINDOWS\system32\odokpuei.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ojhqahgc.dll
    C:\WINDOWS\system32\ojhqahgc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oluowhhn.ini
    C:\WINDOWS\system32\oluowhhn.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oluowhhn.ini2
    C:\WINDOWS\system32\oluowhhn.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oluowhhn.tmp
    C:\WINDOWS\system32\oluowhhn.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\omravkmf.dll
    C:\WINDOWS\system32\omravkmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\onjshkje.dll
    C:\WINDOWS\system32\onjshkje.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\orawhnbk.dll
    C:\WINDOWS\system32\orawhnbk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\orvsatuc.dll
    C:\WINDOWS\system32\orvsatuc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ratihsmk.dll
    C:\WINDOWS\system32\ratihsmk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sqvdeswq.dll
    C:\WINDOWS\system32\sqvdeswq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\srocdsjw.dll
    C:\WINDOWS\system32\srocdsjw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ssqro.dll
    C:\WINDOWS\system32\ssqro.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tbtmokpj.dll
    C:\WINDOWS\system32\tbtmokpj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tyethhfb.dll
    C:\WINDOWS\system32\tyethhfb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ulyaidmx.dll
    C:\WINDOWS\system32\ulyaidmx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vmuhrnqc.dll
    C:\WINDOWS\system32\vmuhrnqc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\whejtblt.dll
    C:\WINDOWS\system32\whejtblt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wkdrmjmf.dll
    C:\WINDOWS\system32\wkdrmjmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wobnvlry.dll
    C:\WINDOWS\system32\wobnvlry.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xkqxhgwb.ini
    C:\WINDOWS\system32\xkqxhgwb.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ypomdylm.dll
    C:\WINDOWS\system32\ypomdylm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 22:37:15 19-04-2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ssqonon.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!
    ---------
    et,
    ----
    Logfile of HijackThis v1.99.1
    Scan saved at 23:05:06, on 19-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\domino.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\WINDOWS\VMSnap1.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Menara\dslmon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\hddbdcso.dll (file missing)
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\levtkvjy.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nhhwoulo.dll",setvm
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: CLKERN.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    --------------
    Bonne réception...
    Contenus similaires
    a b 8 Sécurité
    20 Avril 2007 12:00:26

    Tu pourrais répondre à ma question ?

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    20 Avril 2007 16:21:51

    Bonjour Monsieur,
    Merci de votre patience...car je dois reconnaitre que je ne comprend pas la langue anglaise :( 
    Après ouverture du combofixe.exe, il m'a donné un message, pour choisir entre le "1" ou le "2"-il n'avait ni y ni n j'ai opté pour le "1" et je crois que ça a marché...enfin j'espère
    ---------
    "Administrateur" - 07-04-20 13:47:04 Service Pack 2
    ComboFix 07-04-20V - Running from: C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\

    /wow section not completed

    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqo.dll
    C:\WINDOWS\system32\ajphbhtj.dll
    C:\WINDOWS\system32\bcnlpwpd.dll
    C:\WINDOWS\system32\afvyvxhu.dll
    C:\WINDOWS\system32\aotcxqed.dll
    C:\WINDOWS\system32\blpnrwmn.dll
    C:\WINDOWS\system32\dkfrwfqi.dll
    C:\WINDOWS\system32\frqkfruo.dll
    C:\WINDOWS\system32\hbiobpjm.dll
    C:\WINDOWS\system32\jbwoaqkt.dll
    C:\WINDOWS\system32\mgbfkhrf.dll
    C:\WINDOWS\system32\pxajgrry.dll
    C:\WINDOWS\system32\qagcagop.dll
    C:\WINDOWS\system32\quatfruc.dll
    C:\WINDOWS\system32\rvhjeevb.dll
    C:\WINDOWS\system32\twatjrxg.dll
    C:\WINDOWS\system32\uiditjit.dll
    C:\WINDOWS\system32\wfecliwv.dll
    C:\WINDOWS\system32\yuhtvfmd.dll
    C:\WINDOWS\system32\sstqr.dll
    C:\WINDOWS\system32\bxsvmerj.dll
    C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\oqtwa.ini2
    C:\WINDOWS\system32\oqtwa.tmp
    C:\WINDOWS\system32\klnmp.bak2
    C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\pmnlk.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\nvs2.inf
    C:\Program Files\vsadd-in
    C:\WINDOWS\system32\nwkxtvljz_navps.dat
    C:\WINDOWS\system32\nwkxtvljz.exe
    C:\WINDOWS\system32\nwkxtvljz.dat


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 ))))))))))))))))))))))))))))))))))


    2007-04-20 12:41 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\MailFrontier
    2007-04-20 01:07 75,512 --a------ C:\WINDOWS\zllsputility.exe
    2007-04-20 01:07 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-04-20 01:07 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2007-04-20 01:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-04-20 01:07 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-04-20 01:07 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-04-20 01:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-04-20 01:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
    2007-04-20 01:07 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-04-20 01:01 125,460 --a------ C:\WINDOWS\system32\vtliijgb.dll
    2007-04-19 22:26 <REP> d-------- C:\VundoFix Backups
    2007-04-18 13:53 2,658 --a------ C:\WINDOWS\system32\tmp.reg
    2007-04-17 23:13 125,460 --a------ C:\WINDOWS\system32\levtkvjy.dll
    2007-04-13 22:57 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-04-13 17:18 46,892 --a------ C:\WINDOWS\system32\adadix16.dll
    2007-04-13 17:18 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll
    2007-04-13 17:18 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin
    2007-04-13 17:18 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
    2007-04-13 17:18 152,308 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN
    2007-04-13 17:18 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN
    2007-04-13 17:18 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN
    2007-04-13 17:18 152,146 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN
    2007-04-13 17:18 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN
    2007-04-13 17:18 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN
    2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN
    2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN
    2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN
    2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN
    2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN
    2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN
    2007-04-13 17:18 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN
    2007-04-13 17:18 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN
    2007-04-13 17:18 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN
    2007-04-13 17:18 143,360 --a------ C:\WINDOWS\adiras.exe
    2007-04-13 17:18 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe
    2007-04-13 17:18 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe
    2007-04-13 17:18 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
    2007-04-13 17:18 126,489 --a------ C:\WINDOWS\system32\adiusbaw.sys
    2007-04-13 17:18 114,616 --a------ C:\WINDOWS\system32\e4usbaw.sys
    2007-04-13 17:10 <REP> d-------- C:\Program Files\Menara
    2007-04-13 15:23 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\SYSTRAN
    2007-04-13 15:19 <REP> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
    2007-04-13 00:07 <REP> d-------- C:\WINDOWS\Prefetch
    2007-04-13 00:01 0 --a------ C:\AUTOEXEC.BAT
    2007-04-12 23:45 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2007-04-12 23:45 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2007-04-12 23:33 <REP> d-------- C:\WINDOWS\setup.pss
    2007-04-12 19:02 <REP> d-------- C:\DOCUME~1\MONDEN~1\APPLIC~1\Adobe
    2007-04-12 17:37 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
    2007-04-12 17:37 24,576 --a------ C:\WINDOWS\system32\IdleTrac.dll
    2007-04-12 17:37 <REP> d-------- C:\Program Files\Mailinfo
    2007-04-12 17:34 <REP> d-------- C:\Program Files\SpeedOptimizer
    2007-04-12 17:33 <REP> d-------- C:\Program Files\SpeedBit Video Accelerator
    2007-04-12 17:33 <REP> d-------- C:\Program Files\AskPBar
    2007-04-12 17:20 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-04-12 17:19 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
    2007-04-12 17:19 <REP> d-------- C:\Program Files\DAP
    2007-04-12 15:33 76,082 --a------ C:\WINDOWS\system32\perfc040.dat
    2007-04-12 15:33 482,706 --a------ C:\WINDOWS\system32\perfh040.dat
    2007-04-12 11:49 492,373 ---hs---- C:\WINDOWS\system32\orqss.bak2
    2007-04-12 01:30 <REP> d-------- C:\Program Files\Lavalys
    2007-04-11 22:17 <REP> d-------- C:\Program Files\Shareaza
    2007-04-11 20:41 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2007-04-11 11:49 484,741 --ahs---- C:\WINDOWS\system32\orqss.bak1
    2007-04-10 17:50 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-04-10 09:23 <REP> d-------- C:\DOCUME~1\MONDEN~1\APPLIC~1\Google
    2007-04-10 09:19 1,048,576 --ah----- C:\DOCUME~1\MONDEN~1\NTUSER.DAT
    2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Mes documents
    2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Menu D‚marrer
    2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Favoris
    2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Voisinage r‚seau
    2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Voisinage d'impression
    2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Modٹles
    2007-04-10 09:19 <REP> d-------- C:\DOCUME~1\MONDEN~1\Bureau
    2007-04-09 14:25 <REP> d-------- C:\Program Files\SpywareBlaster
    2007-04-08 16:36 <REP> d---s---- C:\DOCUME~1\Anass\UserData
    2007-04-06 00:52 6,422,611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe
    2007-04-04 16:44 <REP> d-------- C:\WINDOWS\RegisteredPackages
    2007-04-02 00:16 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-03-31 15:43 229,467 --a------ C:\WINDOWS\RACHook36.dll
    2007-03-31 15:43 199,680 --a------ C:\WINDOWS\MediaR36.dll
    2007-03-31 15:43 1,770,496 --a------ C:\WINDOWS\MediaDico36Dll.dll
    2007-03-31 15:43 <REP> d-------- C:\Program Files\Micro Application
    2007-03-30 20:09 <REP> d-------- C:\Program Files\RegCleaner
    2007-03-29 21:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    2007-03-29 13:46 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\Talkback
    2007-03-28 18:13 <REP> d-------- C:\Program Files\WinZip Self-Extractor
    2007-03-28 15:30 947,472 --a------ C:\WINDOWS\system32\msjava.dll
    2007-03-28 15:30 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
    2007-03-28 15:30 6,550 --a------ C:\WINDOWS\jautoexp.dat
    2007-03-28 15:30 49,424 --a------ C:\WINDOWS\system32\clspack.exe
    2007-03-28 15:30 46,352 --a------ C:\WINDOWS\setdebug.exe
    2007-03-28 15:30 404,752 --a------ C:\WINDOWS\system32\javart.dll
    2007-03-28 15:30 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
    2007-03-28 15:30 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
    2007-03-28 15:30 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
    2007-03-28 15:30 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
    2007-03-28 15:30 172,304 --a------ C:\WINDOWS\system32\jview.exe
    2007-03-28 15:30 171,792 --a------ C:\WINDOWS\system32\wjview.exe
    2007-03-28 15:30 171,280 --a------ C:\WINDOWS\system32\jit.dll
    2007-03-28 15:30 154,384 --a------ C:\WINDOWS\system32\msawt.dll
    2007-03-28 15:30 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
    2007-03-28 15:30 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2007-03-28 15:30 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2007-03-28 13:05 <REP> d-------- C:\Program Files\ZIO Interactive
    2007-03-28 11:12 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-03-28 03:32 <REP> d-------- C:\Program Files\Disc2Phone
    2007-03-28 03:00 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2007-03-27 22:18 <REP> d-------- C:\Program Files\Recuva
    2007-03-27 17:43 774,144 --a------ C:\Program Files\RngInterstitial.dll
    2007-03-27 16:28 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2007-03-24 19:07 94,208 --a------ C:\WINDOWS\VMCap.exe
    2007-03-24 19:07 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
    2007-03-24 19:07 57,344 --a------ C:\WINDOWS\StillCap.exe
    2007-03-24 19:07 49,152 --a------ C:\WINDOWS\VMSnap1.exe
    2007-03-24 19:07 49,152 --a------ C:\WINDOWS\domino.exe
    2007-03-24 19:07 307,200 --a------ C:\WINDOWS\vidcap32.Exe
    2007-03-24 19:07 195,299 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
    2007-03-24 19:07 176,128 --a------ C:\WINDOWS\amcap.exe
    2007-03-24 19:07 <REP> d-------- C:\WINDOWS\CatRoot
    2007-03-24 19:07 <REP> d-------- C:\Program Files\Vimicro
    2007-03-23 21:06 6,029,312 --a------ C:\DOCUME~1\Anass\ntuser.dat
    2007-03-23 19:21 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-03-23 19:21 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-03-23 19:21 <REP> d-------- C:\WINDOWS\system32\IOSUBSYS
    2007-03-22 20:46 49,532 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2007-03-21 18:15 <REP> d-------- C:\Program Files\SuperUtility
    2007-03-21 17:08 <REP> d-------- C:\WINDOWS\speech
    2007-03-21 17:08 <REP> d-------- C:\WINDOWS\Lhsp
    2007-03-20 22:02 286,720 --a------ C:\WINDOWS\iun506.exe
    2007-03-20 17:40 <REP> d-------- C:\Program Files\CCleaner
    2007-03-20 13:52 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\Symantec


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-14 07:47 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-14 07:47 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-14 07:45 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-14 07:44 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-14 07:43 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-14 07:42 90112 --a------ C:\WINDOWS\system32\avastss.scr
    2007-04-13 17:21 -------- d--h----- C:\Program Files\installshield installation information
    2007-04-13 00:17 83892 --a------ C:\WINDOWS\system32\perfc00c.dat
    2007-04-13 00:17 507178 --a------ C:\WINDOWS\system32\perfh00c.dat
    2007-04-12 23:59 23660 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-04-11 23:25 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\skype
    2007-04-10 11:18 712832 --a------ C:\WINDOWS\system32\aswboot.exe
    2007-04-09 01:04 241066 --a------ C:\WINDOWS\system32\nwkxtvljz_nav.dat
    2007-04-08 20:35 -------- d-------- C:\Program Files\Fichiers communs\real
    2007-04-08 20:35 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\real
    2007-04-04 13:53 -------- d-------- C:\Program Files\windows media connect 2
    2007-04-02 02:23 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\dvdcss
    2007-04-02 00:16 -------- d-------- C:\Program Files\skype
    2007-03-28 23:50 11739 --a------ C:\WINDOWS\mozver.dat
    2007-03-28 07:54 -------- d-------- C:\Program Files\quicktime
    2007-03-19 21:21 5954520 --a------ C:\Program Files\windows-kb890830-v1.27.exe
    2007-03-19 16:03 509 --a------ C:\WINDOWS\system32\gdnqxvsm_navps.dat
    2007-03-19 16:02 6422 --a------ C:\WINDOWS\system32\gdnqxvsm.dat
    2007-03-17 20:57 218653 --a------ C:\WINDOWS\system32\gdnqxvsm_nav.dat
    2007-03-17 09:50 -------- d-------- C:\Program Files\internetgamebox
    2007-03-16 14:39 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\sun
    2007-03-16 12:25 315904 --a------ C:\WINDOWS\system32\gdnqxvsm.exe
    2007-03-16 12:25 314880 --a------ C:\WINDOWS\system32\gdtfnl.exe
    2007-03-13 21:51 -------- d-------- C:\Program Files\google
    2007-03-13 21:15 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\google
    2007-03-13 20:35 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\leadertech
    2007-03-12 13:57 -------- d-------- C:\Program Files\msn messenger
    2007-03-12 01:02 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\itslabel
    2007-03-11 14:50 -------- d-------- C:\Program Files\alwil software
    2007-03-11 13:40 -------- d-------- C:\Program Files\elaborate bytes
    2007-03-10 01:01 335 --a------ C:\WINDOWS\nsreg.dat
    2007-03-10 01:00 -------- d-------- C:\Program Files\viewpoint
    2007-03-10 00:59 -------- d-------- C:\Program Files\java
    2007-03-05 13:36 -------- d-------- C:\Program Files\msbuild
    2007-03-05 13:32 -------- d-------- C:\Program Files\reference assemblies
    2007-03-05 00:21 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\shareaza
    2007-03-04 23:37 247207 --a------ C:\WINDOWS\piolet_toolbar_uninstaller_4000.exe
    2007-03-03 20:18 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\cyberlink
    2007-03-03 16:11 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\nasa
    2007-03-03 16:09 -------- d-------- C:\Program Files\nasa
    2007-03-03 13:54 -------- d-------- C:\Program Files\Fichiers communs\wise installation wizard
    2007-03-03 13:54 -------- d-------- C:\Program Files\ageia technologies
    2007-03-02 21:22 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\media player classic
    2007-03-02 20:30 -------- d-------- C:\Program Files\Fichiers communs\java
    2007-03-02 20:03 -------- d-------- C:\Program Files\mpcstar
    2007-03-02 14:07 -------- d-------- C:\Program Files\yahoo!
    2007-03-02 12:41 -------- d-------- C:\Program Files\lavasoft
    2007-03-02 12:41 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\lavasoft
    2007-03-01 22:31 44 --a------ C:\WINDOWS\system32\msssc.dll
    2007-03-01 00:05 -------- d-------- C:\Program Files\windows live toolbar
    2007-02-28 20:46 -------- d-------- C:\Program Files\windows live safety center
    2007-02-27 16:22 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\vlc
    2007-02-27 16:11 -------- d-------- C:\Program Files\videolan
    2007-02-27 13:49 -------- d-------- C:\Program Files\smart projects
    2007-02-27 07:54 2560 --a------ C:\WINDOWS\_msrstrt.exe
    2007-02-27 07:51 -------- d-------- C:\Program Files\Fichiers communs\teleca shared
    2007-02-27 03:19 -------- d-------- C:\Program Files\messenger
    2007-02-27 03:05 -------- d-------- C:\Program Files\msxml 4.0
    2007-02-26 21:29 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\adobeum
    2007-02-25 22:06 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\ahead
    2007-02-24 09:20 -------- d-------- C:\Program Files\winamp3
    2007-02-24 09:05 -------- d-------- C:\Program Files\netscape
    2007-02-22 21:28 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\apple computer
    2007-02-22 20:57 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\teleca
    2007-02-22 20:53 -------- d-------- C:\Program Files\Fichiers communs\installshield
    2007-02-21 19:54 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\help
    2007-02-20 22:41 18432 --a------ C:\WINDOWS\ss3unstl.exe
    2007-02-20 19:17 -------- d-------- C:\Program Files\Fichiers communs\ms shared
    2007-02-20 18:48 -------- d-------- C:\Program Files\jargon informatique
    2007-02-17 17:54 544256 --a------ C:\WINDOWS\system32\autopartnt.exe
    2007-02-17 17:17 62 --ahs---- C:\DOCUME~1\Anass\APPLIC~1\desktop.ini
    2007-02-17 17:05 37888 --a------ C:\WINDOWS\system32\setupnt.dll
    2007-02-17 16:25 0 -rahs---- C:\MSDOS.SYS
    2007-02-17 16:25 0 -rahs---- C:\IO.SYS
    2007-02-17 16:25 0 --a------ C:\CONFIG.SYS
    2007-01-24 15:36 45305 --a------ C:\Program Files\dxdllreg_x86.cab
    2007-01-24 15:36 198275 --a------ C:\Program Files\feb2007_xact_x64.cab
    2007-01-24 15:36 151583 --a------ C:\Program Files\feb2007_xact_x86.cab
    2007-01-24 15:27 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
    2007-01-24 15:21 976020 --a------ C:\Program Files\bdaxp.cab
    2007-01-24 15:21 917318 --a------ C:\Program Files\apr2006_mdx1_x86.cab
    2007-01-24 15:21 91265 --a------ C:\Program Files\oct2006_xinput_x64.cab
    2007-01-24 15:21 88102 --a------ C:\Program Files\aug2006_xinput_x64.cab
    2007-01-24 15:21 87989 --a------ C:\Program Files\apr2006_xinput_x64.cab
    2007-01-24 15:21 86925 --a------ C:\Program Files\oct2005_xinput_x64.cab
    2007-01-24 15:21 85235 --a------ C:\Program Files\dxupdate.cab
    2007-01-24 15:21 77160 --a------ C:\WINDOWS\dsetup.dll
    2007-01-24 15:21 77160 --a------ C:\Program Files\dsetup.dll
    2007-01-24 15:21 503144 --a------ C:\WINDOWS\dxsetup.exe
    2007-01-24 15:21 49149 --a------ C:\Program Files\oct2006_xinput_x86.cab
    2007-01-24 15:21 47018 --a------ C:\Program Files\aug2006_xinput_x86.cab
    2007-01-24 15:21 46898 --a------ C:\Program Files\apr2006_xinput_x86.cab
    2007-01-24 15:21 46247 --a------ C:\Program Files\oct2005_xinput_x86.cab
    2007-01-24 15:21 4163518 --a------ C:\Program Files\apr2006_mdx1_x86_archive.cab
    2007-01-24 15:21 213767 --a------ C:\Program Files\dec2006_d3dx10_00_x64.cab
    2007-01-24 15:21 193435 --a------ C:\Program Files\dec2006_xact_x64.cab
    2007-01-24 15:21 192680 --a------ C:\Program Files\dec2006_d3dx10_00_x86.cab
    2007-01-24 15:21 183863 --a------ C:\Program Files\aug2006_xact_x64.cab
    2007-01-24 15:21 183321 --a------ C:\Program Files\oct2006_xact_x64.cab
    2007-01-24 15:21 181745 --a------ C:\Program Files\jun2006_xact_x64.cab
    2007-01-24 15:21 180021 --a------ C:\Program Files\apr2006_xact_x64.cab
    2007-01-24 15:21 179247 --a------ C:\Program Files\feb2006_xact_x64.cab
    2007-01-24 15:21 1673576 --a------ C:\WINDOWS\dsetup32.dll
    2007-01-24 15:21 1673576 --a------ C:\Program Files\dsetup32.dll
    2007-01-24 15:21 1575336 --a------ C:\Program Files\dec2006_d3dx9_32_x86.cab
    2007-01-24 15:21 1572114 --a------ C:\Program Files\dec2006_d3dx9_32_x64.cab
    2007-01-24 15:21 146559 --a------ C:\Program Files\dec2006_xact_x86.cab
    2007-01-24 15:21 1413862 --a------ C:\Program Files\oct2006_d3dx9_31_x64.cab
    2007-01-24 15:21 1398718 --a------ C:\Program Files\apr2006_d3dx9_30_x64.cab
    2007-01-24 15:21 138977 --a------ C:\Program Files\oct2006_xact_x86.cab
    2007-01-24 15:21 138195 --a------ C:\Program Files\aug2006_xact_x86.cab
    2007-01-24 15:21 1363684 --a------ C:\Program Files\feb2006_d3dx9_29_x64.cab
    2007-01-24 15:21 1358864 --a------ C:\Program Files\dec2005_d3dx9_28_x64.cab
    2007-01-24 15:21 1351430 --a------ C:\Program Files\aug2005_d3dx9_27_x64.cab
    2007-01-24 15:21 1348242 --a------ C:\Program Files\apr2005_d3dx9_25_x64.cab
    2007-01-24 15:21 134631 --a------ C:\Program Files\jun2006_xact_x86.cab
    2007-01-24 15:21 133991 --a------ C:\Program Files\apr2006_xact_x86.cab
    2007-01-24 15:21 1336890 --a------ C:\Program Files\jun2005_d3dx9_26_x64.cab
    2007-01-24 15:21 133297 --a------ C:\Program Files\feb2006_xact_x86.cab
    2007-01-24 15:21 13265040 --a------ C:\Program Files\dxnt.cab
    2007-01-24 15:21 1248387 --a------ C:\Program Files\feb2005_d3dx9_24_x64.cab
    2007-01-24 15:21 1156363 --a------ C:\Program Files\bdant.cab
    2007-01-24 15:21 1128177 --a------ C:\Program Files\oct2006_d3dx9_31_x86.cab
    2007-01-24 15:21 1116109 --a------ C:\Program Files\apr2006_d3dx9_30_x86.cab
    2007-01-24 15:21 1085608 --a------ C:\Program Files\feb2006_d3dx9_29_x86.cab
    2007-01-24 15:21 1080344 --a------ C:\Program Files\dec2005_d3dx9_28_x86.cab
    2007-01-24 15:21 1079850 --a------ C:\Program Files\apr2005_d3dx9_25_x86.cab
    2007-01-24 15:21 1078532 --a------ C:\Program Files\aug2005_d3dx9_27_x86.cab
    2007-01-24 15:21 1065813 --a------ C:\Program Files\jun2005_d3dx9_26_x86.cab
    2007-01-24 15:21 1014113 --a------ C:\Program Files\feb2005_d3dx9_24_x86.cab


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    {0A94B111-4504-4e26-AB05-E61E474AA38B} C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    {1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\bxsvmerj.dll [x]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    {733FD72F-103E-4B9E-BCB9-A76064AF3C72} C:\WINDOWS\system32\ssqonon.dll [x]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
    {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} C:\WINDOWS\system32\ssqro.dll [x]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
    {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} C:\WINDOWS\system32\vtliijgb.dll
    {F4D76F01-7896-458a-890F-E1F05C46069F} C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "domino"="C:\\WINDOWS\\domino.exe"
    "AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
    "VMSnap1"="C:\\WINDOWS\\VMSnap1.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
    "a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
    "DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
    "SpeedOptimizer"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
    "SoundMan"="SOUNDMAN.EXE"
    "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "E06FDXRC_8323390"="\"E:\\Program Files\\Collection Microsoft Encarta 2006\\EDICT.EXE\" -m"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ClearRecentDocsOnExit"=dword:00000001
    "NoRecentDocsMenu"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="CLKERN.DLL"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\DSLMON.lnk"
    "backup"="C:\\WINDOWS\\pss\\DSLMON.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Menara\\dslmon.exe "
    "item"="DSLMON"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk.disabled]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk.disabled"
    "backup"="C:\\WINDOWS\\pss\\Outil de mise à jour Google.lnk.disabledCommon Startup"
    "location"="Common Startup"
    "command"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk.disabled"
    "item"="Outil de mise à jour Google.lnk"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TrayIcon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\domino]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="domino"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\domino.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FDXRC_8323390]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EDICT"
    "hkey"="HKCU"
    "command"="\"E:\\Program Files\\Collection Microsoft Encarta 2006\\EDICT.EXE\" -m"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Shareaza"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sfaiwemc"
    "hkey"="HKLM"
    "command"="rundll32.exe \"C:\\WINDOWS\\system32\\sfaiwemc.dll\",setvm"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TeaTimer"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap1]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VMSnap1"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\VMSnap1.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2f6c7a-c10f-11db-95e6-4d6564696130}]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa981390-ddf9-11db-86ba-4d6564696130}]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a5d913-dca9-11db-86dd-4d6564696130}]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-20 13:57:56 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 07-04-20 13:57
    -------
    je vous signale que je viens d'installer ZoneAlarm: il me signale déjà un programme qui me parait bizarre et à qui j'ai prohibé sa manip. en guise de prudence ;)  en voici sa fiche technique pour toutes les fins jugées utiles :
    nwkxtvljz.exe tente de se connecter à Internet ou à votre réseau local
    ZoneAlarm demande si vous souhaitez autoriser la connexion. Aucune brèche n'a été ouverte dans votre système de sécurité. Votre ordinateur est sain.


    Dans l'alerte de programme

    Propriété de l'alerte Valeur de la propriété de l'alerte Explication technique
    Nom du programme nwkxtvljz.exe Un programme de votre ordinateur qui a tenté d'envoyer un paquet IP par Internet ou attend un paquet entrant.
    Nom du fichier nwkxtvljz.exe Le nom de fichier du programme que ZoneAlarm a trouvé sur votre ordinateur.
    Taille du programme 321536 La taille du fichier exécutable en octets.
    Programme MD5 267e1ded90851f42f3ac20242cd1fd38 Le hachage MD5 ou le numéro, identifiant uniquement l'exécutable.
    Smart Checksum 134265b5bd6bb6b6bd011a0f4e147694 Le hachage SKIMP ou le numéro, identifiant uniquement l'exécutable.
    Date de modification Mar-14-2007 08:23:58 PM Dernière date de modification de nwkxtvljz.exe.
    Type de connexion Accès Cette valeur peut représenter tout accès correspondant à une tentative de connexion à Internet de la part de nwkxtvljz.exe ou d'un serveur, ce qui indique que nwkxtvljz.exe attends des connexions provenant d'Internet.
    Port distant 1115 Le port que nwkxtvljz.exe utilise sur l'ordinateur distant.
    Adresse IP distante 127.0.0.1 L'adresse IP de l'ordinateur distant responsable de l'alerte.
    Date de l'alerte Apr-20-2007 06:10:58 AM PDT Heure à laquelle ZoneAlarm a détecté l'alerte sur votre ordinateur.

    ZoneAlarm application de la sécurité lors de l'alerte

    Propriété de l'alerte Valeur de la propriété de l'alerte Explication technique
    Etat du programme Programme connu nwkxtvljz.exe a sollicité l'accès à Internet ou réseau local auparavant et réitère actuellement sa demande.
    Zone zone sûre Cette zone ZoneAlarm contient tous les ordinateurs et réseaux que vous jugez fiables tels que les autres ordinateurs de votre réseau local professionnel ou privé.
    Cordialement,... :jap: 
    a b 8 Sécurité
    20 Avril 2007 17:03:33

    Tu peux reposter un rapport Hijackthis ?
    20 Avril 2007 18:59:09

    :hello: 
    Merci à vous infiniment d'être très patient avec moi. J'espère que je ne vous dérange pas. Je me sens déjà bien et en bonne main. :jap:  Voici le rapport en mode normal (je suis tjrs connecté à Internet):
    ---------
    Logfile of HijackThis v1.99.1
    Scan saved at 16:47:55, on 20-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\domino.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\WINDOWS\VMSnap1.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
    C:\Program Files\Menara\dslmon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\bxsvmerj.dll (file missing)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: CLKERN.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    -----------
    Bonne réception.
    P.S: Lorsque je déplace une page sur le bureau, je vois parfois que les icônes s'y effacent.
    a b 8 Sécurité
    20 Avril 2007 19:22:02

    Re,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
    20 Avril 2007 19:59:55

    Re,
    Fri 04/20/2007 a 17:54:58.79

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\mcrh.tmp FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\InternetGameBox\" FOUND
    "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" FOUND
    "C:\Program Files\Viewpoint\" FOUND
    *** Fin du rapport !
    ---
    Remerciements...
    a b 8 Sécurité
    20 Avril 2007 20:01:48

    Re,

    Avant de commencer, lis la licence de Blacklight (F-Secure)
    En lisant ce document, tu as pris connaissance et accepté les conditions d'utilisation de ce programme inclus dans Navilog1.zip.

    Télécharge maintenant Navilog1.zip (Il Mafioso)
    Enregistre-le sur ton Bureau.
    Dézippe le contenu de l'archive en faisant un Clique droit sur Navilog1.zip puis en choisissant Tout Extraire.

    Double clique sur Navilog1.bat.
    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    20 Avril 2007 20:48:32

    Re,
    Voici le rapport:
    --------
    Search Navipromo version 1.1.5 commencé le Fri 04/20/2007 à 18:36:33.25

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\Navilog1_Il Mafioso
    Mise a jour le 13.04.2007 a 20h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***




    *** Recherche dossiers dans C:\WINDOWS ***




    *** Recherche dossiers dans C:\Program Files ***


    C:\Program Files\InternetGameBox trouvé !


    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




    *** Recherche dossiers dans C:\Documents and Settings\Anass\Application Data ***



    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    http://www.f-secure.com/blacklight/blacklight_help.html


    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of April, 2007.
    Version information: 2.2.1061.

    [+] Started on 04/20/07 at 18:36:35.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items ............................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 04/20/07 at 18:43:15 (return code = 0).


    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !


    *** Recherche cles registre ***


    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



    Recherche Clé Magic Control



    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    C:\WINDOWS\system32\orqss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
    C:\WINDOWS\system32\orqss.bak2 trouvé ! infection Vundo possible non traité par cet outil !

    2)Recherche Heuristique :
    *
    C:\WINDOWS\system32\gdnqxvsm.dat trouvé !
    **
    C:\WINDOWS\system32\gdnqxvsm.dat trouvé !
    ***
    ****
    C:\WINDOWS\system32\gdnqxvsm_navps.dat trouvé !
    *****
    C:\WINDOWS\system32\gdnqxvsm_nav.dat trouvé !
    C:\WINDOWS\system32\nwkxtvljz_nav.dat trouvé !
    ******
    *******
    ********
    C:\WINDOWS\system32\gdnqxvsm.exe trouvé !
    C:\WINDOWS\system32\gdtfnl.exe trouvé !


    *** Analyse Terminé le Fri 04/20/2007 à 18:43:41.42 ***
    ----------
    Meilleurs salutations les plus parfaites.
    a b 8 Sécurité
    20 Avril 2007 20:50:33

    Re,

  • Double-clique VundoFix.exe afin de le lancer
  • NE clique PAS sur le bouton Scan for Vundo
  • Clique Droit dans la fenêtre blanche, choisis Add more files ?
  • Rajoute dans la première ligne :
    C:\WINDOWS\system32\orqss.bak1
    Dans la deuxième :
    C:\WINDOWS\system32\orqss.bak2
  • Clique successivement sur :
    - Add Files
    - Close Windows
    - Remove Vundo
  • Si l'outil te demande de redémarrer, accepte.
  • Copie/Colle ensuite le rapport C:\vundofix.txt

    Redémarre en mode sans échec

    Double clique sur Navilog1.bat.
    Suis les instructions. Choisis ensuite l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    [#ff0000]Ton bureau va disparaître, c'est normal ![/#f]

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver en mode normal.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
    Redémarre normalement puis poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
    Choisis l'onglet Contenu puis onglet Certificats.
    Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), supprime-les :

    electronic-group
    egroup
    Montorgueil
    VIP
    "Sunny Day Design Ltd"
    20 Avril 2007 22:20:22

    Re,
    j'espère que je n'ai pas fait une fausse manip. Vraiment, comme un débutant, j'essaye de faire de mon mieux pour ne pas envoyer en l'air un joli travail fait par un Chef. :jap: 

    --------
    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 22:26:08 19-04-2007

    Listing files found while scanning....

    C:\WINDOWS\system32\apxpepfo.dll
    C:\WINDOWS\system32\bkrfjmos.dll
    C:\WINDOWS\system32\bmdyxmjl.dll
    C:\WINDOWS\system32\bwghxqkx.dll
    C:\WINDOWS\system32\cghaqhjo.ini
    C:\WINDOWS\system32\eceyswwu.dll
    C:\WINDOWS\system32\edyalhgv.dll
    C:\WINDOWS\system32\fkyokyxb.dll
    C:\WINDOWS\system32\ggnybnqb.dll
    C:\WINDOWS\system32\gsdamfgl.dll
    C:\WINDOWS\system32\gsmucvoi.dll
    C:\WINDOWS\system32\hddbdcso.dll
    C:\WINDOWS\system32\hdyxertn.dll
    C:\WINDOWS\system32\herdsrdm.dll
    C:\WINDOWS\system32\kyhxwvbj.dll
    C:\WINDOWS\system32\lgfmadsg.ini
    C:\WINDOWS\system32\nhhwoulo.dll
    C:\WINDOWS\system32\ntrexydh.ini
    C:\WINDOWS\system32\nwhprtgu.dll
    C:\WINDOWS\system32\odokpuei.dll
    C:\WINDOWS\system32\ojhqahgc.dll
    C:\WINDOWS\system32\oluowhhn.ini
    C:\WINDOWS\system32\oluowhhn.ini2
    C:\WINDOWS\system32\oluowhhn.tmp
    C:\WINDOWS\system32\omravkmf.dll
    C:\WINDOWS\system32\onjshkje.dll
    C:\WINDOWS\system32\orawhnbk.dll
    C:\WINDOWS\system32\orvsatuc.dll
    C:\WINDOWS\system32\ratihsmk.dll
    C:\WINDOWS\system32\sqvdeswq.dll
    C:\WINDOWS\system32\srocdsjw.dll
    C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqro.dll
    C:\WINDOWS\system32\tbtmokpj.dll
    C:\WINDOWS\system32\tyethhfb.dll
    C:\WINDOWS\system32\ulyaidmx.dll
    C:\WINDOWS\system32\vmuhrnqc.dll
    C:\WINDOWS\system32\whejtblt.dll
    C:\WINDOWS\system32\wkdrmjmf.dll
    C:\WINDOWS\system32\wobnvlry.dll
    C:\WINDOWS\system32\xkqxhgwb.ini
    C:\WINDOWS\system32\ypomdylm.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\apxpepfo.dll
    C:\WINDOWS\system32\apxpepfo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bkrfjmos.dll
    C:\WINDOWS\system32\bkrfjmos.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bmdyxmjl.dll
    C:\WINDOWS\system32\bmdyxmjl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bwghxqkx.dll
    C:\WINDOWS\system32\bwghxqkx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cghaqhjo.ini
    C:\WINDOWS\system32\cghaqhjo.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eceyswwu.dll
    C:\WINDOWS\system32\eceyswwu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edyalhgv.dll
    C:\WINDOWS\system32\edyalhgv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fkyokyxb.dll
    C:\WINDOWS\system32\fkyokyxb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ggnybnqb.dll
    C:\WINDOWS\system32\ggnybnqb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gsdamfgl.dll
    C:\WINDOWS\system32\gsdamfgl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gsmucvoi.dll
    C:\WINDOWS\system32\gsmucvoi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hddbdcso.dll
    C:\WINDOWS\system32\hddbdcso.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hdyxertn.dll
    C:\WINDOWS\system32\hdyxertn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\herdsrdm.dll
    C:\WINDOWS\system32\herdsrdm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kyhxwvbj.dll
    C:\WINDOWS\system32\kyhxwvbj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lgfmadsg.ini
    C:\WINDOWS\system32\lgfmadsg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nhhwoulo.dll
    C:\WINDOWS\system32\nhhwoulo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ntrexydh.ini
    C:\WINDOWS\system32\ntrexydh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nwhprtgu.dll
    C:\WINDOWS\system32\nwhprtgu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\odokpuei.dll
    C:\WINDOWS\system32\odokpuei.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ojhqahgc.dll
    C:\WINDOWS\system32\ojhqahgc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oluowhhn.ini
    C:\WINDOWS\system32\oluowhhn.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oluowhhn.ini2
    C:\WINDOWS\system32\oluowhhn.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oluowhhn.tmp
    C:\WINDOWS\system32\oluowhhn.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\omravkmf.dll
    C:\WINDOWS\system32\omravkmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\onjshkje.dll
    C:\WINDOWS\system32\onjshkje.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\orawhnbk.dll
    C:\WINDOWS\system32\orawhnbk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\orvsatuc.dll
    C:\WINDOWS\system32\orvsatuc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ratihsmk.dll
    C:\WINDOWS\system32\ratihsmk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sqvdeswq.dll
    C:\WINDOWS\system32\sqvdeswq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\srocdsjw.dll
    C:\WINDOWS\system32\srocdsjw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ssqro.dll
    C:\WINDOWS\system32\ssqro.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tbtmokpj.dll
    C:\WINDOWS\system32\tbtmokpj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tyethhfb.dll
    C:\WINDOWS\system32\tyethhfb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ulyaidmx.dll
    C:\WINDOWS\system32\ulyaidmx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vmuhrnqc.dll
    C:\WINDOWS\system32\vmuhrnqc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\whejtblt.dll
    C:\WINDOWS\system32\whejtblt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wkdrmjmf.dll
    C:\WINDOWS\system32\wkdrmjmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wobnvlry.dll
    C:\WINDOWS\system32\wobnvlry.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xkqxhgwb.ini
    C:\WINDOWS\system32\xkqxhgwb.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ypomdylm.dll
    C:\WINDOWS\system32\ypomdylm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 22:37:15 19-04-2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ssqonon.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\orqss.bak1
    C:\WINDOWS\system32\orqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\orqss.bak2
    C:\WINDOWS\system32\orqss.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!
    --------
    Clean Navipromo version 1.1.5 commencé le Fri 04/20/2007 à 19:26:21.85

    Fix lancé depuis C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\Navilog1_Il Mafioso
    Mise a jour le 13.04.2007 a 20h00 by IL-MAFIOSO

    Executé en mode sans echec

    Mode suppression automatique avec prise en charge résultats Blacklight


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


    *** Suppression dossiers dans C:\WINDOWS ***


    *** Suppression dossiers dans C:\Program Files ***

    C:\Program Files\InternetGameBox ...suppression...
    C:\Program Files\InternetGameBox supprimé !


    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


    *** Suppression dossiers dans C:\Documents and Settings\Anass\Application Data ***



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Anass\Local Settings\Temp effectué !


    *** Sauvegarde du registre vers dossier Backupnavi***


    sauvegarde du registre realise avec succes !


    *** Nettoyage registre ***


    Nettoyage registre Ok

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:


    2)Recherche et Suppression Heuristique :

    *
    C:\WINDOWS\System32\gdnqxvsm.dat trouvé !
    Copie C:\WINDOWS\system32\gdnqxvsm.dat realise avec succes !
    C:\WINDOWS\system32\gdnqxvsm.dat supprimé !

    **
    ***
    ****
    C:\WINDOWS\System32\gdnqxvsm_navps.dat trouvé !
    Copie C:\WINDOWS\system32\gdnqxvsm_navps.dat realise avec succes !
    C:\WINDOWS\system32\gdnqxvsm_navps.dat supprimé !

    *****
    C:\WINDOWS\System32\gdnqxvsm_nav.dat trouvé !
    Copie C:\WINDOWS\system32\gdnqxvsm_nav.dat realise avec succes !
    C:\WINDOWS\system32\gdnqxvsm_nav.dat supprimé !

    C:\WINDOWS\System32\nwkxtvljz_nav.dat trouvé !
    Copie C:\WINDOWS\system32\nwkxtvljz_nav.dat realise avec succes !
    C:\WINDOWS\system32\nwkxtvljz_nav.dat supprimé !

    ******
    *******
    ********
    C:\WINDOWS\System32\gdnqxvsm.exe trouvé !
    Copie C:\WINDOWS\system32\gdnqxvsm.exe realise avec succes !
    C:\WINDOWS\system32\gdnqxvsm.exe supprimé !

    C:\WINDOWS\System32\gdtfnl.exe trouvé !
    Copie C:\WINDOWS\system32\gdtfnl.exe realise avec succes !
    C:\WINDOWS\system32\gdtfnl.exe supprimé !


    *** Nettoyage termine le Fri 04/20/2007 à 19:27:21.04 ***

    --------
    Logfile of HijackThis v1.99.1
    Scan saved at 19:34:45, on 20-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\domino.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\WINDOWS\VMSnap1.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Menara\dslmon.exe
    C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\bxsvmerj.dll (file missing)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: CLKERN.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    -------
    En ce qui concerne les programmes à supprimer dans Editeurs approuvés; j'aivais trouvé : electronic-group que j'ai suppr avant présente manip. et jusqu'à maintenant, ce prog n'a pas encore donné signe d'une quelconque présence :wahoo:  . En outre, jusqu'à présent pas de popup, pas de pages pub... :wahoo:  Cependant, je n'ai pas encore pu réinstallé mon imprimante Canon iP1200 et ce message d'erreur de chargement SISPower :heink:  .
    Bonne réception, et merci beaucoup
    a b 8 Sécurité
    20 Avril 2007 22:22:24

    Tu connais AskPBar ?
    20 Avril 2007 22:45:36

    Re,
    :(  Non je ne le connais pas. Il parait qu'il s'agit d'un moteur de recherche que je n'ai jamais utilisé...si je ne me trompe pas.
    Je crois qu'il a été téléchargé avec Download Accelerateur Plus (DAP) dont des fichiers que je n'utiliserai jamais car ils sont tous en anglais...C'était la manip d'un ami. Quoiqu'il télécharge aussi vite, je préfère le désinstaller. Il comprend (Malinfo for Outlook-speedBit Video Accelerator-Fle Shredder-DAP Games Center et My Completed Downloads).
    a b 8 Sécurité
    20 Avril 2007 22:48:55

    Re,

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\bxsvmerj.dll (file missing)
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll (file missing)
    O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
    O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll
    O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
    O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN

    Clique sur Fix checked (en bas à gauche)

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\domino.exe
    C:\WINDOWS\VMSnap1.exe
    C:\WINDOWS\system32\vtliijgb.dll


    ---> Clique-droit puis Copier

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport est la date de sa création.
    20 Avril 2007 23:29:37

    Re, :) 
    Si je ne me trompe pas est-ce bien celui-ci?
    ------------
    C:\WINDOWS\domino.exe moved successfully.
    C:\WINDOWS\VMSnap1.exe moved successfully.
    C:\WINDOWS\system32\vtliijgb.dll unregistered successfully.
    C:\WINDOWS\system32\vtliijgb.dll moved successfully.

    Created on 04-20-2007 21:21:42
    ------------
    a b 8 Sécurité
    20 Avril 2007 23:34:17

    Reposte un rapport Hijackthis.
    20 Avril 2007 23:43:24

    Re,
    j'ai oublié de vous annoncer qu'aucune invitation au démarrage m'a été demandée après la manip du OTMovIt.
    -------
    Logfile of HijackThis v1.99.1
    Scan saved at 21:38:56, on 20-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Menara\dslmon.exe
    C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: CLKERN.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    -----------
    21 Avril 2007 02:11:43

    Bonjour, Cher Angeldark,
    :pfff:  :??:  En ce qui concerne les popup et les pages de pub, je crois jusqu'ici que c'est résolus :D  . Cependant Spybot S&D détecte encore ce Diabolique Malware :fou:  : Smitfraud-C.Toolbar888 et autres choses. Sans entrer dans les détails, je me suis permis de vous adresser pour toutes fins utiles -j'espère-, le rapport de Spybot S&D (veuillez le recevoir avec bon gré) :
    -----

    --- Search result list ---
    Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\aldd

    Winsoftware: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    Avenue A, Inc.: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    DoubleClick: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    Smitfraud-C.Toolbar888: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    BlueStreak: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    MediaPlex: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done)
    C:\WINDOWS\ntbtlog.txt

    Log: Install: setupapi.log (Sauver le fichier, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Ahead Nero Burning Rom: Compilation directory (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    MS Management Console: Recent command list (3 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Media Player: Last search folder (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SearchPath!=

    MS Media Player: Last selected node (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=

    MS Media Player: Anonymous ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

    MS Direct3D: Most recent application (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS Direct3D: Most recent application (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS DirectDraw: Most recent application (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

    MS DirectInput: Most recent application (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

    MS DirectInput: Most recent application ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

    MS Office 11.0: Last typed search text (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Common\Search\Last Query\LastSearchText

    MS Office 11.0 (Word): Recent file list (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

    MS Regedit: Recent open key (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

    MS Search Assistant: Typed search terms history (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Search Assistant\ACMru

    Windows.OpenWith: Open with list - .AVI extension (2 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: Open with list - .BIN extension (2 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

    Windows.OpenWith: Open with list - .BMP extension (2 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: Open with list - .CSS extension (3 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

    Windows Explorer: Recent wallpaper list (57 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: Stream history (1 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history IE (15 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: User Assistant history files (48 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: Recent file global history (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Last Copy/MoveTo folder (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

    Windows Media SDK: Computer name (Modification du registre, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Unique ID (Modification du registre, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    WinZip: Number of times run (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Nico Mak Computing\WinZip\rrs\Opened!=

    Cookie: Cookie (19) (Cookie, nothing done)


    Cache: Cache (112) (Cache, nothing done)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-03-20 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-04-04 Includes\Cookies.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-04-04 Includes\DialerC.sbi (*)
    2007-04-04 Includes\Hijackers.sbi (*)
    2007-04-04 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-04-04 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-03-21 Includes\Malware.sbi (*)
    2007-04-04 Includes\MalwareC.sbi (*)
    2007-03-21 Includes\PUPS.sbi (*)
    2007-04-04 Includes\PUPSC.sbi (*)
    2007-04-04 Includes\Revision.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-04-04 Includes\SecurityC.sbi (*)
    2007-03-21 Includes\Spybots.sbi (*)
    2007-04-04 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2007-04-04 Includes\Trojans.sbi (*)
    2007-04-04 Includes\TrojansC.sbi (*)



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
    If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
    For more information, visit http://support.microsoft.com/kb/917283
    / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
    If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
    For more information, visit http://support.microsoft.com/kb/922770
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    / Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe Photo Downloader
    command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    size: 57344
    MD5: 57657b09d386137c7501367985b9741e

    Located: HK_LM:Run, AGEIA PhysX SysTray
    command: C:\Program Files\AGEIA Technologies\TrayIcon.exe
    file: C:\Program Files\AGEIA Technologies\TrayIcon.exe
    size: 339968
    MD5: 9541b0241e8819ecc3b3e8c36dfa2af3

    Located: HK_LM:Run, a-squared
    command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
    size: 1164896
    MD5: 996b405bf4a1c893836e13f4eec851d9

    Located: HK_LM:Run, DownloadAccelerator
    command: "C:\Program Files\DAP\DAP.EXE" /STARTUP
    file: C:\Program Files\DAP\DAP.EXE
    size: 3364616
    MD5: 0ff7d32fe53a06520d825bec72ba19ee

    Located: HK_LM:Run, SiSPower
    command: Rundll32.exe SiSPower.dll,ModeAgent
    file: C:\WINDOWS\system32\Rundll32.exe
    size: 33792
    MD5: f5402cd47b7389ddc21f92119a906eee

    Located: HK_LM:Run, SoundMan
    command: SOUNDMAN.EXE
    file: C:\WINDOWS\SOUNDMAN.EXE
    size: 77824
    MD5: fbef9f9c97b6b93e2041e65d3cd81c9c

    Located: HK_LM:Run, SpeedOptimizer
    command: C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
    file: C:\PROGRA~1\SPEEDO~1\SPO.EXE
    size: 607232
    MD5: 9e39286bd9af22d5991df64d58556f43

    Located: HK_LM:Run, ZoneAlarm Client
    command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919280
    MD5: 3e1731c55f77d150791d4c7e87ad4e5c

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5584247b568c2e53934873f4b655fe6a

    Located: HK_CU:Run, E06FDXRC_8323390
    command: "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    file: E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    size: 301776
    MD5: 7de00ec41f65b590753f0d15ec95b3f6

    Located: HK_CU:Run, MSMSGS
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

    Located: HK_CU:Run, swg
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: e616a6a6e91b0a86f2f6217cde835ffe

    Located: HK_CU:Run, Skype (DISABLED)
    command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    file: C:\Program Files\Skype\Phone\Skype.exe
    size: 25268776
    MD5: 009239d4ca9029478c5e5088629fe991

    Located: Démarrage (tous utilisateurs), DSLMON.lnk
    command: C:\Program Files\Menara\dslmon.exe
    file: C:\Program Files\Menara\dslmon.exe
    size: 839680
    MD5: 36a9acc51a3c72a3afc7a05959cf499e

    Located: Démarrage (désactivé), DSLMON (DISABLED)
    command: C:\PROGRA~1\Menara\dslmon.exe
    file: C:\PROGRA~1\Menara\dslmon.exe
    size: 839680
    MD5: 36a9acc51a3c72a3afc7a05959cf499e

    Located: Démarrage (désactivé), Outil de mise à jour Google.lnk (DISABLED)
    command: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk.disabled
    file:

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll



    --- Browser helper object list ---
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    BHO name:
    CLSID name: Yahoo! Toolbar Helper
    description: Yahoo Companion!
    classification: Legitimate
    known filename: Ycomp*_*_*_*.dll
    info link: http://companion.yahoo.com/
    info source: TonyKlein
    Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
    Long name: yt.dll
    Short name:
    Date (created): 02-03-2007 14:07:48
    Date (last access): 20-04-2007 23:28:28
    Date (last write): 26-10-2006 10:28:40
    Filesize: 440384
    Attributes: archive
    MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
    CRC32: 9ED93A02
    Version: 2006.10.26.1

    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
    BHO name: Skype add-on (mastermind)
    CLSID name: Skype add-on (mastermind)
    Path: C:\PROGRA~1\Skype\Phone\IEPlugin\
    Long name: SkypeIEPlugin.dll
    Short name: SKYPEI~1.DLL
    Date (created): 02-03-2007 23:54:04
    Date (last access): 20-04-2007 23:28:22
    Date (last write): 23-03-2007 13:49:34
    Filesize: 722472
    Attributes: archive
    MD5: 248E81013040C3821B349E753C50D505
    CRC32: C11603E2
    Version: 2.2.0.78

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 20-03-2007 9:32:02
    Date (last access): 20-04-2007 23:19:30
    Date (last write): 31-05-2005 1:04:00
    Filesize: 853672
    Attributes: archive
    MD5: 250D787A5712D7768DDC133B3E477759
    CRC32: D4589A41
    Version: 1.4.0.0

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 07-07-2006 12:29:52
    Date (last access): 20-04-2007 23:28:16
    Date (last write): 07-07-2006 12:29:52
    Filesize: 324416
    Attributes: archive
    MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
    CRC32: B1456034
    Version: 4.0.249.1

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar3.dll
    Short name: GOOGLE~3.DLL
    Date (created): 05-03-2007 17:22:52
    Date (last access): 20-04-2007 23:28:14
    Date (last write): 05-03-2007 17:22:52
    Filesize: 2436160
    Attributes: readonly archive
    MD5: 6D44E0C3B43D27484FBB355E470C4188
    CRC32: 2DE875CD
    Version: 4.0.1601.4978

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    BHO name:
    CLSID name: Windows Live Toolbar Helper
    Path: C:\Program Files\Windows Live Toolbar\
    Long name: msntb.dll
    Short name:
    Date (created): 10-10-2006 23:26:40
    Date (last access): 20-04-2007 23:27:40
    Date (last write): 10-10-2006 23:26:40
    Filesize: 544032
    Attributes: archive
    MD5: D638AFC241FCC42D15886CD26A3F1461
    CRC32: EC0AD183
    Version: 3.1.0.72

    {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} ()
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: vtliijgb.dll

    {F4D76F01-7896-458a-890F-E1F05C46069F} (Ask Toolbar BHO)
    BHO name: Ask Toolbar BHO
    CLSID name: Ask Toolbar BHO
    Path: C:\Program Files\AskPBar\bar\1.bin\
    Long name: ASKPBAR.DLL__BHODemonDisabled



    --- ActiveX list ---
    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    Installer:
    Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
    DPF name:
    CLSID name: Shockwave ActiveX Control
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/dir...
    description: Macromedia ShockWave Flash Player 7
    classification: Legitimate
    known filename: SWDIR.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\macromed\Director\
    Long name: SwDir.dll
    Short name:
    Date (created): 24-02-2007 20:57:36
    Date (last access): 19-04-2007 22:29:38
    Date (last write): 03-09-2006 23:10:30
    Filesize: 54960
    Attributes: archive
    MD5: EB271B21EA6104B7C6946EF32D558C91
    CRC32: CEC4E0C2
    Version: 10.1.4.20

    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://go.microsoft.com/fwlink/?linkid=39204
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: LegitCheckControl.dll
    Short name: LEGITC~1.DLL
    Date (created): 17-05-2006 11:23:38
    Date (last access): 20-04-2007 19:33:14
    Date (last write): 15-03-2007 18:19:28
    Filesize: 1476992
    Attributes: archive
    MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
    CRC32: ED982FE3
    Version: 1.7.18.5

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01)
    DPF name: Java Runtime Environment 1.4.0_01
    CLSID name: Java Plug-in 1.4.0_01
    Installer:
    Codebase: http://java.sun.com/products/plugin/autodl/jinstall-1_4...
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\j2re1.4.0\bin\
    Long name: NPJPI140_01.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10-03-2007 0:59:20
    Date (last access): 20-04-2007 0:56:06
    Date (last write): 06-06-2002 9:14:00
    Filesize: 86122
    Attributes: archive
    MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
    CRC32: F63AEFBB
    Version: 1.4.0.10

    {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01)
    DPF name: Java Runtime Environment 1.4.0_01
    CLSID name: Java Plug-in 1.4.0_01
    Installer:
    Codebase: http://java.sun.com/products/plugin/autodl/jinstall-1_4...
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\j2re1.4.0\bin\
    Long name: NPJPI140_01.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10-03-2007 0:59:20
    Date (last access): 20-04-2007 23:30:02
    Date (last write): 06-06-2002 9:14:00
    Filesize: 86122
    Attributes: archive
    MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
    CRC32: F63AEFBB
    Version: 1.4.0.10

    {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-wind...
    description:
    classification: Legitimate
    known filename: NPJPI150_03.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_03\bin\
    Long name: NPJPI150_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 13-04-2005 3:48:56
    Date (last access): 20-04-2007 0:56:06
    Date (last write): 13-04-2005 4:06:32
    Filesize: 69746
    Attributes: archive
    MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
    CRC32: 868C298F
    Version: 5.0.30.7



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 612 ( 4) \SystemRoot\System32\smss.exe
    PID: 676 ( 612) \??\C:\WINDOWS\system32\csrss.exe
    PID: 708 ( 612) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 752 ( 708) C:\WINDOWS\system32\services.exe
    size: 108544
    MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
    PID: 764 ( 708) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 9F3744A5C6F49291A7A685040A013399
    PID: 944 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1000 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1040 ( 752) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1096 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1124 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1136 ( 752) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    size: 75568
    MD5: DE71661665A86A2305918E8B91ACEDB9
    PID: 1420 ( 752) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    size: 16512
    MD5: A33FFB17AD6F652F0D9E871E1BB6CACF
    PID: 1472 ( 752) C:\Program Files\Alwil Software\Avast4\ashServ.exe
    size: 132736
    MD5: F1B7C5708C107FF3A1403F0A2BB6A9B6
    PID: 1704 ( 752) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: B4EF928E4FAD79364A80ACBA6D999934
    PID: 1772 ( 752) C:\Program Files\a-squared Anti-Malware\a2service.exe
    size: 425544
    MD5: B0FCB32E0828C50227D61E8C605DCC62
    PID: 1800 ( 752) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    size: 204800
    MD5: E8FBDCC8D618D1BB84B828F247A6244B
    PID: 1812 ( 752) C:\WINDOWS\system32\dllhost.exe
    size: 5120
    MD5: D66259C3BCEFC9CAEB481ED52A4EAC74
    PID: 1868 ( 752) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    size: 136952
    MD5: 481AC8EFA93C95AB1FD7A18F23C1CB1A
    PID: 2040 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 172 ( 752) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    size: 132992
    MD5: CC37FF4CFDF5654EEA2740B4CE3153A5
    PID: 640 ( 752) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    size: 243328
    MD5: 475400AF658115C38736689A9A1D54CD
    PID: 916 ( 752) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    size: 345728
    MD5: 1D6A09A19C18C2713E649C223B5AD76A
    PID: 1948 ( 752) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
    PID: 2428 (1040) C:\WINDOWS\system32\wscntfy.exe
    size: 13824
    MD5: 54CDDAD404557ED98433D6ECBFC92691
    PID: 2756 ( 708) C:\WINDOWS\system32\WgaTray.exe
    size: 337280
    MD5: 688DC41BE9A6196491469365549C7DD1
    PID: 2856 (2720) C:\WINDOWS\Explorer.EXE
    size: 1036288
    MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
    PID: 3140 (2856) C:\Program Files\AGEIA Technologies\TrayIcon.exe
    size: 339968
    MD5: 9541B0241E8819ECC3B3E8C36DFA2AF3
    PID: 3172 (2856) C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    size: 57344
    MD5: 57657B09D386137C7501367985B9741E
    PID: 3212 (2856) C:\Program Files\a-squared Anti-Malware\a2guard.exe
    size: 1164896
    MD5: 996B405BF4A1C893836E13F4EEC851D9
    PID: 3424 (2856) C:\Program Files\DAP\DAP.EXE
    size: 3364616
    MD5: 0FF7D32FE53A06520D825BEC72BA19EE
    PID: 3528 (2856) C:\WINDOWS\SOUNDMAN.EXE
    size: 77824
    MD5: FBEF9F9C97B6B93E2041E65D3CD81C9C
    PID: 3576 (2856) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919280
    MD5: 3E1731C55F77D150791D4C7E87AD4E5C
    PID: 3684 (2856) C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
    PID: 3708 (2856) E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    size: 301776
    MD5: 7DE00EC41F65B590753F0D15EC95B3F6
    PID: 3724 (2856) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A
    PID: 3752 (2856) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE
    PID: 3956 (2856) C:\Program Files\Menara\dslmon.exe
    size: 839680
    MD5: 36A9ACC51A3C72A3AFC7A05959CF499E
    PID: 4056 ( 172) C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
    size: 1378168
    MD5: 841E48B4087FBDD47F70EA077E86ABE7
    PID: 3076 (2856) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 20-04-2007 23:30:02

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://www.google.com/search?q=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\windows\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip


  • Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip


  • Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip


  • Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: TCP/IP
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace



    --- Uninstall list ---
    a-squared Anti-Malware 2.1 2.1 (a-squared Anti-Malware_is1)
    install date: 20070411
    install location: C:\Program Files\a-squared Anti-Malware\
    uninstall cmd: "C:\Program Files\a-squared Anti-Malware\unins000.exe"
    publisher: Emsi Software GmbH
    comments: a-squared
    help link: http://forum.emsisoft.com

    (AddressBook)

    Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    publisher: Adobe Systems, Inc.
    help link: http://www.adobe.com/fr/support/shockwave

    Ask Toolbar (AskPBar Uninstall)
    uninstall cmd: rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
    publisher: Ask.com
    help link: http://help.mysearch.com/searchbar.html

    avast! Antivirus 4.7 (avast!)
    version (major): 4
    version (minor): 7
    install location: C:\PROGRA~1\ALWILS~1\Avast4
    install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
    uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    publisher: Alwil Software
    help link: http://www.avast.com

    AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
    install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
    uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    publisher: Grisoft Ltd.
    help link: http://www.grisoft.com

    (bfgtoolbar)

    (Branding)

    CCleaner (remove only) (CCleaner)
    uninstall cmd: "E:\Program Files\CCleaner\uninst.exe"

    CleanUp! (CleanUp!)
    uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

    (Connection Manager)

    MicroBest Cracklock 3.8.4 3.8.4 (Cracklock_is1)
    uninstall cmd: E:\Cracklock\unins000.exe
    publisher: William BLUM
    help link: http://www.cracklock.net/

    (DirectAnimation)

    (DirectDrawEx)

    Download Accelerator Plus (DAP) 8156 (Build 228) (Download Accelerator Plus (DAP))
    uninstall cmd: C:\PROGRA~1\DAP\DAPREMOVE.EXE
    publisher: Speedbit Ltd.
    contact: support@downloadaccelerator.com
    help link: http://redir.speedbit.com/redir.asp?ID=7066

    (DXM_Runtime)

    Easy-WebPrint (easy-webprint)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

    EVEREST Ultimate Edition v4.00 4.00 (EVEREST Ultimate Edition_is1)
    install location: C:\Program Files\Lavalys\EVEREST Ultimate Edition\
    uninstall cmd: "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    publisher: Lavalys, Inc.
    help link: http://www.lavalys.com

    (Fontcore)

    Outil de mise à jour Google 2.1.810.31257 (Google Updater)
    uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    publisher: Google Inc.
    help link: http://pack.google.com:80/pack-support?hl=fr&gl=fr

    HijackThis 1.99.1 1.99.1 (HijackThis)
    uninstall cmd: C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe /uninstall
    publisher: Soeperman Enterprises Ltd.

    Hijackthis Version Française (Hijackthis Version Française_is1)
    install location: C:\Program Files\Hijackthis Version Française\
    uninstall cmd: "C:\Program Files\Hijackthis Version Française\unins000.exe"
    publisher: Pc-Help-Bordeaux
    help link: http://pchelpbordeaux.free.fr

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    (InstallShield Uninstall Information)

    IsoBuster 2.0 2.0 (IsoBuster_is1)
    install date: 20070227
    install location: C:\Program Files\Smart Projects\IsoBuster\
    uninstall cmd: "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    publisher: Smart Projects
    help link: http://www.isobuster.com/

    Jargon Informatique (Jargon Informatique)
    uninstall cmd: C:\Program Files\Jargon Informatique\uninstall.exe

    (KB884016)

    (KB884267)

    (KB885353)

    (KB886612)

    (KB887078)

    (KB887626)

    (KB888656)

    (KB891122)

    (KB893240)

    (KB893241)

    (KB893803)

    (KB895181)

    (KB895316)

    (KB897586)

    (KB898549)

    (KB900399)

    (KB902344)

    (KB911854)

    Security Update pour Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
    uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/917283

    Security Update pour Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
    uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/922770

    Language pack for Ad-Aware SE (Language pack for Ad-Aware SE)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
    publisher: Lavasoft
    help link: http://www.lavasoft.de

    Lavasoft VX2 Cleaner (Lavasoft VX2 Cleaner)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG

    L&H TTS3000 Français (LHTTSFRF)
    uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall

    Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
    uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

    Macromedia Shockwave Player (Macromedia Shockwave Player)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

    4.9.1.8211 (MailFrontier Desktop)
    publisher: MailFrontier

    Mailinfo for Outlook (Mailinfo for Outlook)
    uninstall cmd: C:\PROGRA~1\Mailinfo\MAILIN~1\UNWISE.EXE C:\PROGRA~1\Mailinfo\MAILIN~1\INSTALL.LOG
    publisher: Mailinfo
    help link: http://www.mailinfo.com/

    Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
    uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

    Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
    install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
    uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=45396

    Microsoft .NET Framework 3.0 (Microsoft .NET Framework 3.0)
    install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
    uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=51019

    (MobileOptionPack)

    Mozilla Firefox (2.0.0.3) 2.0.0.3 (fr) (Mozilla Firefox (2.0.0.3))
    install location: C:\Program Files\Mozilla Firefox
    uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    publisher: Mozilla
    comments: Mozilla Firefox

    MpcStar 1.6 1.6 (MpcStar)
    uninstall cmd: C:\Program Files\MpcStar\uninst.exe
    publisher: www.mpcstar.com

    (MPlayer2)

    (MSI30-Beta1)

    (MSI30-Beta2)

    (MSI30-KB884016)

    (MSI30-RC1)

    (MSI30-RC2)

    (MSI30a-KB884016)

    (MSI31-Beta)

    (MSI31-RC1)

    (MsJavaVM)

    MSN (MSNINST)
    uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

    NASA World Wind 1.3 (NASA World Wind 1.3)
    uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.3.exe"

    NASA World Wind 1.4 (NASA World Wind 1.4)
    uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"

    Nero 6 Ultra Edition (Nero - Burning Rom!UninstallKey)
    uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

    (NetMeeting)

    (OutlookExpress)

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Recuva (remove only) (Recuva)
    uninstall cmd: "C:\Program Files\Recuva\uninst.exe"

    (SchedulingAgent)

    Shareaza version 2.2.5.0 2.2.5.0 (Shareaza_is1)
    install date: 20070411
    install location: C:\Program Files\Shareaza\
    uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
    publisher: Shareaza Development Team
    comments: Shareaza Ultimate File Sharing
    help link: http://www.shareaza.com/?id=support

    (Shockwave)

    Adobe Flash Player 9 9 (ShockwaveFlash)
    uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    publisher: Adobe Systems Inc.
    help link: http://www.adobe.com/go/flashplayer_support/

    SiS Mirage Graphics (SiS VGA Driver)
    uninstall cmd: Rundll32 SiSInst.dll,Uninstall VGA,R,oem0.inf

    Skype 3.1 3.1 (Skype_is1)
    install location: C:\Program Files\Skype\Phone\
    uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
    publisher: Skype Technologies S.A.
    help link: http://ui.skype.com/ui/0/3.1.0.150/en/help

    SpeedBit Video Accelerator 1187(build_232) (SpeedBit Video Accelerator)
    install location: C:\Program Files\SpeedBit Video Accelerator
    uninstall cmd: C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
    publisher: SpeedBit Ltd.
    contact: support@videoaccelerator.com
    help link: http://www.speedbit.com/Video_Accelerator/about/

    SpeedOptimizer (SpeedOptimizer)
    uninstall cmd: C:\PROGRA~1\SPEEDO~1\UNWISE.EXE C:\PROGRA~1\SPEEDO~1\INSTALL.LOG

    Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited

    SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
    install location: C:\Program Files\SpywareBlaster\
    uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
    publisher: Javacool Software LLC

    Skype add-on for IE (ToolBand.SkypeIEToolbarToolbar)
    install location: C:\Program Files\Skype\Phone\IEPlugin
    uninstall cmd: rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0

    Viewpoint Media Player (Remove Only) (ViewpointMediaPlayer)
    uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

    VideoLAN VLC media player 0.8.6a 0.8.6a (VLC media player)
    uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
    publisher: VideoLAN Team

    Winamp3 (remove only) (Winamp3)
    uninstall cmd: C:\Program Files\Winamp3\uninst-wa3.EXE

    Windows Live Toolbar 03.01.0072 (Windows Live Toolbar)
    uninstall cmd: "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45BB90BA-A939-489F-B13F-F97E760A7895}
    publisher: Microsoft Corporation

    Windows Media Format 11 runtime (Windows Media Format Runtime)
    uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    help link: http://go.microsoft.com/fwlink/?LinkId=62768

    Archiveur WinRAR (WinRAR archiver)
    uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

    WinZip 9.0 BETA (5480) (WinZip)
    version (major): 9
    install location: C:\WINZIP\
    uninstall cmd: "C:\WinZip\WINZIP32.EXE" /uninstall
    publisher: WinZip Computing, Inc.
    help link: http://www.winzip.com/xsupport.htm

    WinZip Self-Extractor (WinZip Self-Extractor)
    uninstall cmd: "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall

    (wmfdist11)

    XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
    install date: 20070305
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=test

    Yahoo! Toolbar (Yahoo! Companion)
    uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

    ZoneAlarm 7.0.337.000 (ZoneAlarm)
    uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
    publisher: Check Point, Inc
    help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

    Collection Microsoft Encarta 2006 2006 ({06180000-3E21-46D6-9A91-D927BA08F41D})
    version (major): 2006
    estimated size: 2517136
    install date: 20070321
    install location: E:\Program Files\Collection Microsoft Encarta 2006\ENCARTA.EXE
    install source: D:\
    uninstall cmd: MsiExec.exe /I{06180000-3E21-46D6-9A91-D927BA08F41D}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com

    HP USB Disk Storage Format Tool ({0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9

    SuperUtility 2.69 ({10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30})
    version: 38076416
    install location: C:\Program Files\SuperUtility
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30}\setup.exe" -l0x9

    Microsoft .NET Framework 3.0 3.0.04506.30 ({15095BF3-A3D7-4DDF-B193-3A496881E003})
    version: 50336154
    version (major): 3
    estimated size: 16102
    install date: 20070305
    install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
    install source: e:\a48d502f9b3018b3bb820f2f9b\
    uninstall cmd: MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    publisher: Microsoft Corporation

    Windows Live Sign-in Assistant 4.000.249.1 ({22B3CC30-77B8-419C-AA4B-F571FDF5D66D})
    version: 67109113
    version (major): 4
    estimated size: 1112
    install date: 20070227
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
    publisher: Microsoft Corporation

    Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
    uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

    2.1.20060719 ({2CCBABCB-6427-4A55-B091-49864623C43F})
    version: 20060719
    version (major): 2
    version (minor): 1

    J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 154337
    install date: 20070302
    install source: C:\Documents and Settings\Anass\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150030}\
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    publisher: Sun Microsystems, Inc.
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files\Java\jre1.5.0_03\README.txt

    WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154279267
    version (major): 9
    version (minor): 50
    estimated size: 2508
    install date: 20070217
    install source: C:\WINDOWS\system32\
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/windows

    Menus intelligents (Windows Live Toolbar) 03.01.0072 ({3585ED1C-74C5-43B0-A232-831B96A12A2B})
    version: 50397256
    version (major): 3
    version (minor): 1
    estimated size: 651
    install date: 20070301
    install source: C:\WINDOWS\TEMP\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
    publisher: Microsoft Corporation

    MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
    version: 68429425
    version (major): 4
    version (minor): 20
    estimated size: 2625
    install date: 20070227
    install source: e:\9afe1d844e7c86cdb0dd8e\
    uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/927978

    Skype Plugin Manager 1.1.241 ({3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03})
    version: 16842993
    version (major): 1
    version (minor): 1
    estimated size: 8542
    install date: 20070402
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\is-D8JRV.tmp\
    uninstall cmd: MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
    publisher: Skype Limited

    Google Earth 4.0.2740 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
    version: 67111604
    install date: 20070314
    install location: C:\Program Files\Google\Google Earth
    install source: C:\Documents and Settings\All Users\Application Data\Google Updater\cache\installers_ci_earth_fr_4.0.2740.0_setup_2007.02.21_14.46.09.exe
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
    publisher: Google

    USB PC Camera 1.00.000 ({41E496B5-47F4-11D6-9BBB-00E0987BB2CD})
    version: 16777216
    install location: C:\Program Files\HCDZ-C\USB PC Camera
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9

    Windows Live Toolbar 03.01.0072 ({45BB90BA-A939-489F-B13F-F97E760A7895})
    version: 50397256
    version (major): 3
    version (minor): 1
    estimated size: 5146
    install date: 20070301
    install source: C:\WINDOWS\TEMP\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{45BB90BA-A939-489F-B13F-F97E760A7895}
    publisher: Microsoft Corporation

    Windows Communication Foundation 3.0.04506.30 ({491DD792-AD81-429C-9EB4-86DD3D22E333})
    version: 50336154
    version (major): 3
    estimated size: 90556
    install date: 20070305
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP0392F.tmp\wcu\wcf\
    uninstall cmd: MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    publisher: Microsoft Corporation

    Adobe® Photoshop® Album Edition Découverte 3.0 3.00.000 ({4BDFD2CE-6329-42E4-9801-9B3D1F10D79B})
    version: 50331648
    version (major): 3
    estimated size: 18369
    install date: 20070226
    install location: C:\Program Files\Adobe\Photoshop Album Edition Découverte\
    install source: C:\WINDOWS\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\
    uninstall cmd: MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    publisher: Adobe Systems, Inc.
    readme: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\LisezMoi.txt

    O&O DiskRecovery 4.1.1334 ({53480880-18E0-4097-A460-F22DD3AC6D70})
    version: 67175734
    version (major): 4
    version (minor): 1
    estimated size: 15596
    install date: 20070331
    install location: E:\Program Files\
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\O&O DiskRecovery\
    uninstall cmd: MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
    publisher: O&O Software GmbH
    comments: It could still be there, even when it's gone
    contact: Support technique
    help link: www.oo-software.com/fr
    help telephone: +49 (30) 4303 4300
    readme: E:\Program Files\Readme.txt

    ({582876EC-A178-44D4-9823-C10D6C62EAFF})
    uninstall cmd: MsiExec /X{8E3395D1-104C-4625-8419-CA6D197179F2}

    MSXML 6.0 Parser (KB927977) 6.00.3890.0 ({5A710547-B58E-488B-828D-CA9A25A0533C})
    version: 100667186
    version (major): 6
    estimated size: 1332
    install date: 20070306
    install source: e:\07768b271fb383295ec2d489a7749af4\
    uninstall cmd: MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/927977

    ({5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB})
    install location: C:\Program Files\Disc2Phone\

    PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

    Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
    version: 33605159
    version (major): 2
    estimated size: 337360
    install date: 20070305
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
    publisher: Microsoft Corporation

    Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
    version: 16777222
    version (major): 1
    estimated size: 3045
    install date: 20070302
    install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
    uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
    publisher: Lavasoft AB
    help link: http://www.lavasoftsupport.com

    enhanced keyboard driver ({79C25975-740E-436E-9327-C164831ADCE7})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79C25975-740E-436E-9327-C164831ADCE7}\setup.exe"

    1.0.4.0 ({7B4AB13C-1A5C-4BC5-ABA6-762F8198444C})
    version: 16777220
    version (major): 1
    estimated size: 424
    install date: 20070303
    install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
    install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
    uninstall cmd: MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
    publisher: AGEIA Technologies, Inc.
    comments: PhysX Processor 32bit Driver v1.0.4.0
    help link: www.AGEIA.com

    Java 2 Runtime Environment, SE v1.4.0_01 ({7CF31609-270B-11D6-9445-000102308676})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext

    Windows Workflow Foundation 3.0.4203.2 ({7D1B85BD-AA07-48B8-808D-67A4067FC6BD})
    version: 50335851
    version (major): 3
    estimated size: 18672
    install date: 20070305
    install location: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
    install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wf\
    uninstall cmd: MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    publisher: Microsoft Corporation

    AGEIA PhysX v6.11.01 6.11.01 ({8E3395D1-104C-4625-8419-CA6D197179F2})
    version: 101384193
    version (major): 6
    version (minor): 11
    estimated size: 40448
    install date: 20070303
    install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
    install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
    uninstall cmd: MsiExec.exe /X{8E3395D1-104C-4625-8419-CA6D197179F2}
    publisher: AGEIA Technologies, Inc.
    comments: PhysX Driver & Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1; 2.6.0/1/2
    help link: www.AGEIA.com

    Microsoft Office Professional Edition 2003 11.0.7969.0 ({9011040C-6000-11D3-8CFE-0150048383C9})
    version: 184557345
    version (major): 11
    estimated size: 601579
    install date: 20070411
    install source: C:\MSOCache\All Users\9000040c-6000-11D3-8CFE-0150048383C9\
    uninstall cmd: MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/support
    readme: C:\Program Files\Microsoft Office\OFFICE11\1036\OFREADME.HTM

    Microsoft .NET Framework 1.1 French Language Pack 1.1.4322 ({9A394342-4A68-4EBA-85A6-55B559F4E700})
    version: 16847074
    version (major): 1
    version (minor): 1
    estimated size: 3138
    install date: 20070321
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    publisher: Microsoft
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1036\RepairRedist.htm

    Kit de Connexion MENARA ({AB25E068-C7A2-482F-A3BC-588A5869844D})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel

    Adobe Reader 8 - Français 8.0.0 ({AC76BA86-7AD7-1036-7B44-A80000000002})
    version: 134217728
    version (major): 8
    estimated size: 136274
    install date: 20070226
    install location: C:\Program Files\Adobe\Reader 8.0\Reader\
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\Adobe Reader 8.0\
    uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
    publisher: Adobe Systems Incorporated
    comments:
    contact: Support clientèle
    help link: http://www.adobe.fr/support/main.html
    readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

    Micro Application - 36 Dictionnaires et Recueils de Correspondance 1.0.0.0 ({B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0})
    version: 16777216
    install location: C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\setup.exe" -l0x40c -uninst

    DVD Solution ({B97CF5C3-0487-11D8-A36E-0050BAE317E1})
    uninstall cmd: "C:\Program Files\Uninstall_CDS.exe"

    Windows Presentation Foundation 3.0.6920.0 ({BAF78226-3200-4DB4-BE33-4D922A799840})
    version: 50338568
    version (major): 3
    estimated size: 117878
    install date: 20070305
    install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wpf\
    uninstall cmd: MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    publisher: Microsoft Corporation

    Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
    version: 16847074
    version (major): 1
    version (minor): 1
    estimated size: 60197
    install date: 20070227
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\7zS2E7.tmp\
    uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    publisher: Microsoft
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

    Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
    version: 67108864
    version (major): 4
    estimated size: 1096
    install date: 20070305
    install source: C:\Program Files\Google\Installers\
    uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    publisher: Google Inc.

    3.56 ({E06E4F4E-72D6-4497-BFFD-BCB43077C2F4})
    version: 54001664
    install location: C:\Program Files\SiS VGA Utilities V3.56
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe
    a b 8 Sécurité
    21 Avril 2007 11:05:33

    Que des cookies apparemment.

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

    21 Avril 2007 14:34:08

    Bonjour,
    Ce matin, j'ai fait un scan avec Avast et a détecté comme toujours un cheval de troie: Win32:VBStat-C[Trj]
  • C:\QooBox\Quaratine\C\Windows\...\bcnlpwpd.dll.vir
  • C:\SystemVolumeInformation\...\A0001364.dll
  • C:\SystemVolumeInformation\...\A0001840.dll

  • ---------Ra
    21 Avril 2007 14:36:32

    Bonjour,
    Message non achevé a été envoyé par erreur. Toute mes excuses. Voilà mon compte rendu de ce jour:
    Ce matin, j'ai fait un scan avec Avast et a détecté comme toujours un cheval de troie: Win32:VBStat-C[Trj]
  • C:\QooBox\Quaratine\C\Windows\...\bcnlpwpd.dll.vir
  • C:\SystemVolumeInformation\...\A0001364.dll
  • C:\SystemVolumeInformation\...\A0001840.dll

  • ---------Rapport de Malekal---------
    Sat 04/21/2007 a 12:08:45.78

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\mcrh.tmp FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" FOUND
    "C:\Program Files\Viewpoint\" FOUND
    *** Fin du rapport !
    ---------------
    a b 8 Sécurité
    21 Avril 2007 15:03:37

    Supprime ce dossier :
    C:\QooBox\

    Redémarre en mode sans échec

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement

    Poste le rapport clean : C:\rapport_clean.txt
    21 Avril 2007 15:32:43

    Voici mon C.R:
    "SISPower.dll...accès refusé" tjrs s'affiche au démarrage.
    ------
    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec Sat 04/21/2007 a 13:17:14.53

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\mcrh.tmp

    *** Suppression des fichiers dans C:\Program Files
    tentative de suppression de "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll"
    tentative de suppression de "C:\Program Files\Viewpoint\"

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    ---------
    a b 8 Sécurité
    21 Avril 2007 15:33:19

    Reposte un rapport Hijackthis.
    21 Avril 2007 15:42:01

    Logfile of HijackThis v1.99.1
    Scan saved at 13:39:35, on 21-04-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
    C:\Program Files\Menara\dslmon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\vtliijgb.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (disabled by BHODemon)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: CLKERN.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    -----------
    Bonne réception
    a b 8 Sécurité
    21 Avril 2007 15:43:11

    Ton pc se comporte mieux ?

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    21 Avril 2007 16:48:51


    Je crois que oui. Pas de pub. à part:
  • "Smitfraud-C.Tollbar888"
  • mon imprimante. Je ne peux plus la réinstaller.
  • Erreur de chargement: SIS Power.dll qui persiste encore.
    Cependant le scan avec Kaspersky n'a pas marché ni via Internet Explorer ni via MozillaFirefox.
    "iexplore.exe a rencontré un problème et doit fermer.Nous vous prions de nous excuser pour le désagrément encouru"
    Que dois-je faire? :ouch: 

    Veuillez m'excuser si j'ai trop demandé. Dites moi si ou quand je dois arrêter. Vraiment, votre soutien m' beaucoup réconforté. Mille merci.
    a b 8 Sécurité
    21 Avril 2007 16:51:17

    Quel est l'emplacement de Smitfraud ?
    21 Avril 2007 17:22:06

    N'avez-vous pas vu le rapport de Spybot Search & Destroy que je vous ai posté? Je le reposte:
    ----
    --- Search result list ---
    Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\aldd

    Winsoftware: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    Avenue A, Inc.: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    DoubleClick: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    Smitfraud-C.Toolbar888: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    BlueStreak: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    MediaPlex: Cookie traceur (Internet Explorer: Administrateur) (Cookie, nothing done)


    Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done)
    C:\WINDOWS\ntbtlog.txt

    Log: Install: setupapi.log (Sauver le fichier, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Ahead Nero Burning Rom: Compilation directory (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    MS Management Console: Recent command list (3 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Media Player: Last search folder (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SearchPath!=

    MS Media Player: Last selected node (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=

    MS Media Player: Anonymous ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

    MS Direct3D: Most recent application (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS Direct3D: Most recent application (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS DirectDraw: Most recent application (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

    MS DirectInput: Most recent application (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

    MS DirectInput: Most recent application ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

    MS Office 11.0: Last typed search text (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Common\Search\Last Query\LastSearchText

    MS Office 11.0 (Word): Recent file list (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

    MS Regedit: Recent open key (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

    MS Search Assistant: Typed search terms history (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Search Assistant\ACMru

    Windows.OpenWith: Open with list - .AVI extension (2 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: Open with list - .BIN extension (2 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

    Windows.OpenWith: Open with list - .BMP extension (2 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: Open with list - .CSS extension (3 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

    Windows Explorer: Recent wallpaper list (57 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: Stream history (1 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history IE (15 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: User Assistant history files (48 fichiers) (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: Recent file global history (Clé du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Last Copy/MoveTo folder (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

    Windows Media SDK: Computer name (Modification du registre, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Unique ID (Modification du registre, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    WinZip: Number of times run (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1177238915-790525478-682003330-1003\Software\Nico Mak Computing\WinZip\rrs\Opened!=

    Cookie: Cookie (19) (Cookie, nothing done)


    Cache: Cache (112) (Cache, nothing done)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-03-20 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-04-04 Includes\Cookies.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-04-04 Includes\DialerC.sbi (*)
    2007-04-04 Includes\Hijackers.sbi (*)
    2007-04-04 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-04-04 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-03-21 Includes\Malware.sbi (*)
    2007-04-04 Includes\MalwareC.sbi (*)
    2007-03-21 Includes\PUPS.sbi (*)
    2007-04-04 Includes\PUPSC.sbi (*)
    2007-04-04 Includes\Revision.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-04-04 Includes\SecurityC.sbi (*)
    2007-03-21 Includes\Spybots.sbi (*)
    2007-04-04 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2007-04-04 Includes\Trojans.sbi (*)
    2007-04-04 Includes\TrojansC.sbi (*)



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
    If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
    For more information, visit http://support.microsoft.com/kb/917283
    / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
    If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
    For more information, visit http://support.microsoft.com/kb/922770
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    / Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe Photo Downloader
    command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    size: 57344
    MD5: 57657b09d386137c7501367985b9741e

    Located: HK_LM:Run, AGEIA PhysX SysTray
    command: C:\Program Files\AGEIA Technologies\TrayIcon.exe
    file: C:\Program Files\AGEIA Technologies\TrayIcon.exe
    size: 339968
    MD5: 9541b0241e8819ecc3b3e8c36dfa2af3

    Located: HK_LM:Run, a-squared
    command: "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    file: C:\Program Files\a-squared Anti-Malware\a2guard.exe
    size: 1164896
    MD5: 996b405bf4a1c893836e13f4eec851d9

    Located: HK_LM:Run, DownloadAccelerator
    command: "C:\Program Files\DAP\DAP.EXE" /STARTUP
    file: C:\Program Files\DAP\DAP.EXE
    size: 3364616
    MD5: 0ff7d32fe53a06520d825bec72ba19ee

    Located: HK_LM:Run, SiSPower
    command: Rundll32.exe SiSPower.dll,ModeAgent
    file: C:\WINDOWS\system32\Rundll32.exe
    size: 33792
    MD5: f5402cd47b7389ddc21f92119a906eee

    Located: HK_LM:Run, SoundMan
    command: SOUNDMAN.EXE
    file: C:\WINDOWS\SOUNDMAN.EXE
    size: 77824
    MD5: fbef9f9c97b6b93e2041e65d3cd81c9c

    Located: HK_LM:Run, SpeedOptimizer
    command: C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
    file: C:\PROGRA~1\SPEEDO~1\SPO.EXE
    size: 607232
    MD5: 9e39286bd9af22d5991df64d58556f43

    Located: HK_LM:Run, ZoneAlarm Client
    command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919280
    MD5: 3e1731c55f77d150791d4c7e87ad4e5c

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5584247b568c2e53934873f4b655fe6a

    Located: HK_CU:Run, E06FDXRC_8323390
    command: "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    file: E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    size: 301776
    MD5: 7de00ec41f65b590753f0d15ec95b3f6

    Located: HK_CU:Run, MSMSGS
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

    Located: HK_CU:Run, swg
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: e616a6a6e91b0a86f2f6217cde835ffe

    Located: HK_CU:Run, Skype (DISABLED)
    command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    file: C:\Program Files\Skype\Phone\Skype.exe
    size: 25268776
    MD5: 009239d4ca9029478c5e5088629fe991

    Located: Démarrage (tous utilisateurs), DSLMON.lnk
    command: C:\Program Files\Menara\dslmon.exe
    file: C:\Program Files\Menara\dslmon.exe
    size: 839680
    MD5: 36a9acc51a3c72a3afc7a05959cf499e

    Located: Démarrage (désactivé), DSLMON (DISABLED)
    command: C:\PROGRA~1\Menara\dslmon.exe
    file: C:\PROGRA~1\Menara\dslmon.exe
    size: 839680
    MD5: 36a9acc51a3c72a3afc7a05959cf499e

    Located: Démarrage (désactivé), Outil de mise à jour Google.lnk (DISABLED)
    command: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk.disabled
    file:

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll



    --- Browser helper object list ---
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    BHO name:
    CLSID name: Yahoo! Toolbar Helper
    description: Yahoo Companion!
    classification: Legitimate
    known filename: Ycomp*_*_*_*.dll
    info link: http://companion.yahoo.com/
    info source: TonyKlein
    Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
    Long name: yt.dll
    Short name:
    Date (created): 02-03-2007 14:07:48
    Date (last access): 20-04-2007 23:28:28
    Date (last write): 26-10-2006 10:28:40
    Filesize: 440384
    Attributes: archive
    MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
    CRC32: 9ED93A02
    Version: 2006.10.26.1

    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
    BHO name: Skype add-on (mastermind)
    CLSID name: Skype add-on (mastermind)
    Path: C:\PROGRA~1\Skype\Phone\IEPlugin\
    Long name: SkypeIEPlugin.dll
    Short name: SKYPEI~1.DLL
    Date (created): 02-03-2007 23:54:04
    Date (last access): 20-04-2007 23:28:22
    Date (last write): 23-03-2007 13:49:34
    Filesize: 722472
    Attributes: archive
    MD5: 248E81013040C3821B349E753C50D505
    CRC32: C11603E2
    Version: 2.2.0.78

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 20-03-2007 9:32:02
    Date (last access): 20-04-2007 23:19:30
    Date (last write): 31-05-2005 1:04:00
    Filesize: 853672
    Attributes: archive
    MD5: 250D787A5712D7768DDC133B3E477759
    CRC32: D4589A41
    Version: 1.4.0.0

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 07-07-2006 12:29:52
    Date (last access): 20-04-2007 23:28:16
    Date (last write): 07-07-2006 12:29:52
    Filesize: 324416
    Attributes: archive
    MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
    CRC32: B1456034
    Version: 4.0.249.1

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar3.dll
    Short name: GOOGLE~3.DLL
    Date (created): 05-03-2007 17:22:52
    Date (last access): 20-04-2007 23:28:14
    Date (last write): 05-03-2007 17:22:52
    Filesize: 2436160
    Attributes: readonly archive
    MD5: 6D44E0C3B43D27484FBB355E470C4188
    CRC32: 2DE875CD
    Version: 4.0.1601.4978

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    BHO name:
    CLSID name: Windows Live Toolbar Helper
    Path: C:\Program Files\Windows Live Toolbar\
    Long name: msntb.dll
    Short name:
    Date (created): 10-10-2006 23:26:40
    Date (last access): 20-04-2007 23:27:40
    Date (last write): 10-10-2006 23:26:40
    Filesize: 544032
    Attributes: archive
    MD5: D638AFC241FCC42D15886CD26A3F1461
    CRC32: EC0AD183
    Version: 3.1.0.72

    {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} ()
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: vtliijgb.dll

    {F4D76F01-7896-458a-890F-E1F05C46069F} (Ask Toolbar BHO)
    BHO name: Ask Toolbar BHO
    CLSID name: Ask Toolbar BHO
    Path: C:\Program Files\AskPBar\bar\1.bin\
    Long name: ASKPBAR.DLL__BHODemonDisabled



    --- ActiveX list ---
    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    Installer:
    Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
    DPF name:
    CLSID name: Shockwave ActiveX Control
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/p [...] tor/sw.cab
    description: Macromedia ShockWave Flash Player 7
    classification: Legitimate
    known filename: SWDIR.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\macromed\Director\
    Long name: SwDir.dll
    Short name:
    Date (created): 24-02-2007 20:57:36
    Date (last access): 19-04-2007 22:29:38
    Date (last write): 03-09-2006 23:10:30
    Filesize: 54960
    Attributes: archive
    MD5: EB271B21EA6104B7C6946EF32D558C91
    CRC32: CEC4E0C2
    Version: 10.1.4.20

    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://go.microsoft.com/fwlink/?linkid=39204
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: LegitCheckControl.dll
    Short name: LEGITC~1.DLL
    Date (created): 17-05-2006 11:23:38
    Date (last access): 20-04-2007 19:33:14
    Date (last write): 15-03-2007 18:19:28
    Filesize: 1476992
    Attributes: archive
    MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
    CRC32: ED982FE3
    Version: 1.7.18.5

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01)
    DPF name: Java Runtime Environment 1.4.0_01
    CLSID name: Java Plug-in 1.4.0_01
    Installer:
    Codebase: http://java.sun.com/products/plugi [...] 01-win.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\j2re1.4.0\bin\
    Long name: NPJPI140_01.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10-03-2007 0:59:20
    Date (last access): 20-04-2007 0:56:06
    Date (last write): 06-06-2002 9:14:00
    Filesize: 86122
    Attributes: archive
    MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
    CRC32: F63AEFBB
    Version: 1.4.0.10

    {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01)
    DPF name: Java Runtime Environment 1.4.0_01
    CLSID name: Java Plug-in 1.4.0_01
    Installer:
    Codebase: http://java.sun.com/products/plugi [...] 01-win.cab
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\j2re1.4.0\bin\
    Long name: NPJPI140_01.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10-03-2007 0:59:20
    Date (last access): 20-04-2007 23:30:02
    Date (last write): 06-06-2002 9:14:00
    Filesize: 86122
    Attributes: archive
    MD5: 30F7D11AC9E7BBE2FBBEE918B3502D8A
    CRC32: F63AEFBB
    Version: 1.4.0.10

    {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/j [...] s-i586.cab
    description:
    classification: Legitimate
    known filename: NPJPI150_03.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_03\bin\
    Long name: NPJPI150_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 13-04-2005 3:48:56
    Date (last access): 20-04-2007 0:56:06
    Date (last write): 13-04-2005 4:06:32
    Filesize: 69746
    Attributes: archive
    MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
    CRC32: 868C298F
    Version: 5.0.30.7



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 612 ( 4) \SystemRoot\System32\smss.exe
    PID: 676 ( 612) \??\C:\WINDOWS\system32\csrss.exe
    PID: 708 ( 612) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 752 ( 708) C:\WINDOWS\system32\services.exe
    size: 108544
    MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
    PID: 764 ( 708) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 9F3744A5C6F49291A7A685040A013399
    PID: 944 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1000 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1040 ( 752) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1096 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1124 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 1136 ( 752) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    size: 75568
    MD5: DE71661665A86A2305918E8B91ACEDB9
    PID: 1420 ( 752) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    size: 16512
    MD5: A33FFB17AD6F652F0D9E871E1BB6CACF
    PID: 1472 ( 752) C:\Program Files\Alwil Software\Avast4\ashServ.exe
    size: 132736
    MD5: F1B7C5708C107FF3A1403F0A2BB6A9B6
    PID: 1704 ( 752) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: B4EF928E4FAD79364A80ACBA6D999934
    PID: 1772 ( 752) C:\Program Files\a-squared Anti-Malware\a2service.exe
    size: 425544
    MD5: B0FCB32E0828C50227D61E8C605DCC62
    PID: 1800 ( 752) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    size: 204800
    MD5: E8FBDCC8D618D1BB84B828F247A6244B
    PID: 1812 ( 752) C:\WINDOWS\system32\dllhost.exe
    size: 5120
    MD5: D66259C3BCEFC9CAEB481ED52A4EAC74
    PID: 1868 ( 752) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    size: 136952
    MD5: 481AC8EFA93C95AB1FD7A18F23C1CB1A
    PID: 2040 ( 752) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
    PID: 172 ( 752) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    size: 132992
    MD5: CC37FF4CFDF5654EEA2740B4CE3153A5
    PID: 640 ( 752) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    size: 243328
    MD5: 475400AF658115C38736689A9A1D54CD
    PID: 916 ( 752) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    size: 345728
    MD5: 1D6A09A19C18C2713E649C223B5AD76A
    PID: 1948 ( 752) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
    PID: 2428 (1040) C:\WINDOWS\system32\wscntfy.exe
    size: 13824
    MD5: 54CDDAD404557ED98433D6ECBFC92691
    PID: 2756 ( 708) C:\WINDOWS\system32\WgaTray.exe
    size: 337280
    MD5: 688DC41BE9A6196491469365549C7DD1
    PID: 2856 (2720) C:\WINDOWS\Explorer.EXE
    size: 1036288
    MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
    PID: 3140 (2856) C:\Program Files\AGEIA Technologies\TrayIcon.exe
    size: 339968
    MD5: 9541B0241E8819ECC3B3E8C36DFA2AF3
    PID: 3172 (2856) C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    size: 57344
    MD5: 57657B09D386137C7501367985B9741E
    PID: 3212 (2856) C:\Program Files\a-squared Anti-Malware\a2guard.exe
    size: 1164896
    MD5: 996B405BF4A1C893836E13F4EEC851D9
    PID: 3424 (2856) C:\Program Files\DAP\DAP.EXE
    size: 3364616
    MD5: 0FF7D32FE53A06520D825BEC72BA19EE
    PID: 3528 (2856) C:\WINDOWS\SOUNDMAN.EXE
    size: 77824
    MD5: FBEF9F9C97B6B93E2041E65D3CD81C9C
    PID: 3576 (2856) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919280
    MD5: 3E1731C55F77D150791D4C7E87AD4E5C
    PID: 3684 (2856) C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
    PID: 3708 (2856) E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
    size: 301776
    MD5: 7DE00EC41F65B590753F0D15EC95B3F6
    PID: 3724 (2856) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5584247B568C2E53934873F4B655FE6A
    PID: 3752 (2856) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE
    PID: 3956 (2856) C:\Program Files\Menara\dslmon.exe
    size: 839680
    MD5: 36A9ACC51A3C72A3AFC7A05959CF499E
    PID: 4056 ( 172) C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
    size: 1378168
    MD5: 841E48B4087FBDD47F70EA077E86ABE7
    PID: 3076 (2856) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 20-04-2007 23:30:02

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/red [...] ar=msnhome
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/red [...] r=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://www.google.com/search?q=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\windows\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/red [...] r=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/red [...] ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip

    *


    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip

    *


    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip

    *


    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{438F6FCF-1DD6-4DFC-A955-A8E57C74E0D7}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF42321C-479A-42A5-B438-2B8CDD1829CC}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F50A1E7-53A1-490B-ADF4-882B2C0E9575}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC84EAEA-6AED-49A9-95D8-562D4E946DA7}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AAD1199A-ACFE-4366-85B7-0EABC0FE846D}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6C26C7F-294F-4716-AAA5-5735FB054178}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: TCP/IP
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace



    --- Uninstall list ---
    a-squared Anti-Malware 2.1 2.1 (a-squared Anti-Malware_is1)
    install date: 20070411
    install location: C:\Program Files\a-squared Anti-Malware\
    uninstall cmd: "C:\Program Files\a-squared Anti-Malware\unins000.exe"
    publisher: Emsi Software GmbH
    comments: a-squared
    help link: http://forum.emsisoft.com

    (AddressBook)

    Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    publisher: Adobe Systems, Inc.
    help link: http://www.adobe.com/fr/support/shockwave

    Ask Toolbar (AskPBar Uninstall)
    uninstall cmd: rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
    publisher: Ask.com
    help link: http://help.mysearch.com/searchbar.html

    avast! Antivirus 4.7 (avast!)
    version (major): 4
    version (minor): 7
    install location: C:\PROGRA~1\ALWILS~1\Avast4
    install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
    uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    publisher: Alwil Software
    help link: http://www.avast.com

    AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
    install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
    uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    publisher: Grisoft Ltd.
    help link: http://www.grisoft.com

    (bfgtoolbar)

    (Branding)

    CCleaner (remove only) (CCleaner)
    uninstall cmd: "E:\Program Files\CCleaner\uninst.exe"

    CleanUp! (CleanUp!)
    uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

    (Connection Manager)

    MicroBest Cracklock 3.8.4 3.8.4 (Cracklock_is1)
    uninstall cmd: E:\Cracklock\unins000.exe
    publisher: William BLUM
    help link: http://www.cracklock.net/

    (DirectAnimation)

    (DirectDrawEx)

    Download Accelerator Plus (DAP) 8156 (Build 228) (Download Accelerator Plus (DAP))
    uninstall cmd: C:\PROGRA~1\DAP\DAPREMOVE.EXE
    publisher: Speedbit Ltd.
    contact: support@downloadaccelerator.com
    help link: http://redir.speedbit.com/redir.asp?ID=7066

    (DXM_Runtime)

    Easy-WebPrint (easy-webprint)
    uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

    EVEREST Ultimate Edition v4.00 4.00 (EVEREST Ultimate Edition_is1)
    install location: C:\Program Files\Lavalys\EVEREST Ultimate Edition\
    uninstall cmd: "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    publisher: Lavalys, Inc.
    help link: http://www.lavalys.com

    (Fontcore)

    Outil de mise à jour Google 2.1.810.31257 (Google Updater)
    uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    publisher: Google Inc.
    help link: http://pack.google.com:80/pack-support?hl=fr&gl=fr

    HijackThis 1.99.1 1.99.1 (HijackThis)
    uninstall cmd: C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\HijackThis.exe /uninstall
    publisher: Soeperman Enterprises Ltd.

    Hijackthis Version Française (Hijackthis Version Française_is1)
    install location: C:\Program Files\Hijackthis Version Française\
    uninstall cmd: "C:\Program Files\Hijackthis Version Française\unins000.exe"
    publisher: Pc-Help-Bordeaux
    help link: http://pchelpbordeaux.free.fr

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    (InstallShield Uninstall Information)

    IsoBuster 2.0 2.0 (IsoBuster_is1)
    install date: 20070227
    install location: C:\Program Files\Smart Projects\IsoBuster\
    uninstall cmd: "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    publisher: Smart Projects
    help link: http://www.isobuster.com/

    Jargon Informatique (Jargon Informatique)
    uninstall cmd: C:\Program Files\Jargon Informatique\uninstall.exe

    (KB884016)

    (KB884267)

    (KB885353)

    (KB886612)

    (KB887078)

    (KB887626)

    (KB888656)

    (KB891122)

    (KB893240)

    (KB893241)

    (KB893803)

    (KB895181)

    (KB895316)

    (KB897586)

    (KB898549)

    (KB900399)

    (KB902344)

    (KB911854)

    Security Update pour Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
    uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/917283

    Security Update pour Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
    uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/922770

    Language pack for Ad-Aware SE (Language pack for Ad-Aware SE)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
    publisher: Lavasoft
    help link: http://www.lavasoft.de

    Lavasoft VX2 Cleaner (Lavasoft VX2 Cleaner)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG

    L&H TTS3000 Français (LHTTSFRF)
    uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall

    Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
    uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

    Macromedia Shockwave Player (Macromedia Shockwave Player)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

    4.9.1.8211 (MailFrontier Desktop)
    publisher: MailFrontier

    Mailinfo for Outlook (Mailinfo for Outlook)
    uninstall cmd: C:\PROGRA~1\Mailinfo\MAILIN~1\UNWISE.EXE C:\PROGRA~1\Mailinfo\MAILIN~1\INSTALL.LOG
    publisher: Mailinfo
    help link: http://www.mailinfo.com/

    Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
    uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

    Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
    install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
    uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=45396

    Microsoft .NET Framework 3.0 (Microsoft .NET Framework 3.0)
    install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
    uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=51019

    (MobileOptionPack)

    Mozilla Firefox (2.0.0.3) 2.0.0.3 (fr) (Mozilla Firefox (2.0.0.3))
    install location: C:\Program Files\Mozilla Firefox
    uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    publisher: Mozilla
    comments: Mozilla Firefox

    MpcStar 1.6 1.6 (MpcStar)
    uninstall cmd: C:\Program Files\MpcStar\uninst.exe
    publisher: www.mpcstar.com

    (MPlayer2)

    (MSI30-Beta1)

    (MSI30-Beta2)

    (MSI30-KB884016)

    (MSI30-RC1)

    (MSI30-RC2)

    (MSI30a-KB884016)

    (MSI31-Beta)

    (MSI31-RC1)

    (MsJavaVM)

    MSN (MSNINST)
    uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

    NASA World Wind 1.3 (NASA World Wind 1.3)
    uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.3.exe"

    NASA World Wind 1.4 (NASA World Wind 1.4)
    uninstall cmd: "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"

    Nero 6 Ultra Edition (Nero - Burning Rom!UninstallKey)
    uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

    (NetMeeting)

    (OutlookExpress)

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Recuva (remove only) (Recuva)
    uninstall cmd: "C:\Program Files\Recuva\uninst.exe"

    (SchedulingAgent)

    Shareaza version 2.2.5.0 2.2.5.0 (Shareaza_is1)
    install date: 20070411
    install location: C:\Program Files\Shareaza\
    uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
    publisher: Shareaza Development Team
    comments: Shareaza Ultimate File Sharing
    help link: http://www.shareaza.com/?id=support

    (Shockwave)

    Adobe Flash Player 9 9 (ShockwaveFlash)
    uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    publisher: Adobe Systems Inc.
    help link: http://www.adobe.com/go/flashplayer_support/

    SiS Mirage Graphics (SiS VGA Driver)
    uninstall cmd: Rundll32 SiSInst.dll,Uninstall VGA,R,oem0.inf

    Skype 3.1 3.1 (Skype_is1)
    install location: C:\Program Files\Skype\Phone\
    uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
    publisher: Skype Technologies S.A.
    help link: http://ui.skype.com/ui/0/3.1.0.150/en/help

    SpeedBit Video Accelerator 1187(build_232) (SpeedBit Video Accelerator)
    install location: C:\Program Files\SpeedBit Video Accelerator
    uninstall cmd: C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
    publisher: SpeedBit Ltd.
    contact: support@videoaccelerator.com
    help link: http://www.speedbit.com/Video_Accelerator/about/

    SpeedOptimizer (SpeedOptimizer)
    uninstall cmd: C:\PROGRA~1\SPEEDO~1\UNWISE.EXE C:\PROGRA~1\SPEEDO~1\INSTALL.LOG

    Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited

    SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
    install location: C:\Program Files\SpywareBlaster\
    uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
    publisher: Javacool Software LLC

    Skype add-on for IE (ToolBand.SkypeIEToolbarToolbar)
    install location: C:\Program Files\Skype\Phone\IEPlugin
    uninstall cmd: rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0

    Viewpoint Media Player (Remove Only) (ViewpointMediaPlayer)
    uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

    VideoLAN VLC media player 0.8.6a 0.8.6a (VLC media player)
    uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
    publisher: VideoLAN Team

    Winamp3 (remove only) (Winamp3)
    uninstall cmd: C:\Program Files\Winamp3\uninst-wa3.EXE

    Windows Live Toolbar 03.01.0072 (Windows Live Toolbar)
    uninstall cmd: "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45BB90BA-A939-489F-B13F-F97E760A7895}
    publisher: Microsoft Corporation

    Windows Media Format 11 runtime (Windows Media Format Runtime)
    uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    help link: http://go.microsoft.com/fwlink/?LinkId=62768

    Archiveur WinRAR (WinRAR archiver)
    uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

    WinZip 9.0 BETA (5480) (WinZip)
    version (major): 9
    install location: C:\WINZIP\
    uninstall cmd: "C:\WinZip\WINZIP32.EXE" /uninstall
    publisher: WinZip Computing, Inc.
    help link: http://www.winzip.com/xsupport.htm

    WinZip Self-Extractor (WinZip Self-Extractor)
    uninstall cmd: "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall

    (wmfdist11)

    XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
    install date: 20070305
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=test

    Yahoo! Toolbar (Yahoo! Companion)
    uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

    ZoneAlarm 7.0.337.000 (ZoneAlarm)
    uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
    publisher: Check Point, Inc
    help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

    Collection Microsoft Encarta 2006 2006 ({06180000-3E21-46D6-9A91-D927BA08F41D})
    version (major): 2006
    estimated size: 2517136
    install date: 20070321
    install location: E:\Program Files\Collection Microsoft Encarta 2006\ENCARTA.EXE
    install source: D:\
    uninstall cmd: MsiExec.exe /I{06180000-3E21-46D6-9A91-D927BA08F41D}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com

    HP USB Disk Storage Format Tool ({0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9

    SuperUtility 2.69 ({10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30})
    version: 38076416
    install location: C:\Program Files\SuperUtility
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30}\setup.exe" -l0x9

    Microsoft .NET Framework 3.0 3.0.04506.30 ({15095BF3-A3D7-4DDF-B193-3A496881E003})
    version: 50336154
    version (major): 3
    estimated size: 16102
    install date: 20070305
    install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
    install source: e:\a48d502f9b3018b3bb820f2f9b\
    uninstall cmd: MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    publisher: Microsoft Corporation

    Windows Live Sign-in Assistant 4.000.249.1 ({22B3CC30-77B8-419C-AA4B-F571FDF5D66D})
    version: 67109113
    version (major): 4
    estimated size: 1112
    install date: 20070227
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
    publisher: Microsoft Corporation

    Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
    uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

    2.1.20060719 ({2CCBABCB-6427-4A55-B091-49864623C43F})
    version: 20060719
    version (major): 2
    version (minor): 1

    J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 154337
    install date: 20070302
    install source: C:\Documents and Settings\Anass\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150030}\
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    publisher: Sun Microsystems, Inc.
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files\Java\jre1.5.0_03\README.txt

    WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154279267
    version (major): 9
    version (minor): 50
    estimated size: 2508
    install date: 20070217
    install source: C:\WINDOWS\system32\
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/windows

    Menus intelligents (Windows Live Toolbar) 03.01.0072 ({3585ED1C-74C5-43B0-A232-831B96A12A2B})
    version: 50397256
    version (major): 3
    version (minor): 1
    estimated size: 651
    install date: 20070301
    install source: C:\WINDOWS\TEMP\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
    publisher: Microsoft Corporation

    MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
    version: 68429425
    version (major): 4
    version (minor): 20
    estimated size: 2625
    install date: 20070227
    install source: e:\9afe1d844e7c86cdb0dd8e\
    uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/927978

    Skype Plugin Manager 1.1.241 ({3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03})
    version: 16842993
    version (major): 1
    version (minor): 1
    estimated size: 8542
    install date: 20070402
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\is-D8JRV.tmp\
    uninstall cmd: MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
    publisher: Skype Limited

    Google Earth 4.0.2740 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
    version: 67111604
    install date: 20070314
    install location: C:\Program Files\Google\Google Earth
    install source: C:\Documents and Settings\All Users\Application Data\Google Updater\cache\installers_ci_earth_fr_4.0.2740.0_setup_2007.02.21_14.46.09.exe
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
    publisher: Google

    USB PC Camera 1.00.000 ({41E496B5-47F4-11D6-9BBB-00E0987BB2CD})
    version: 16777216
    install location: C:\Program Files\HCDZ-C\USB PC Camera
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9

    Windows Live Toolbar 03.01.0072 ({45BB90BA-A939-489F-B13F-F97E760A7895})
    version: 50397256
    version (major): 3
    version (minor): 1
    estimated size: 5146
    install date: 20070301
    install source: C:\WINDOWS\TEMP\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{45BB90BA-A939-489F-B13F-F97E760A7895}
    publisher: Microsoft Corporation

    Windows Communication Foundation 3.0.04506.30 ({491DD792-AD81-429C-9EB4-86DD3D22E333})
    version: 50336154
    version (major): 3
    estimated size: 90556
    install date: 20070305
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP0392F.tmp\wcu\wcf\
    uninstall cmd: MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    publisher: Microsoft Corporation

    Adobe® Photoshop® Album Edition Découverte 3.0 3.00.000 ({4BDFD2CE-6329-42E4-9801-9B3D1F10D79B})
    version: 50331648
    version (major): 3
    estimated size: 18369
    install date: 20070226
    install location: C:\Program Files\Adobe\Photoshop Album Edition Découverte\
    install source: C:\WINDOWS\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\
    uninstall cmd: MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    publisher: Adobe Systems, Inc.
    readme: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\LisezMoi.txt

    O&O DiskRecovery 4.1.1334 ({53480880-18E0-4097-A460-F22DD3AC6D70})
    version: 67175734
    version (major): 4
    version (minor): 1
    estimated size: 15596
    install date: 20070331
    install location: E:\Program Files\
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\O&O DiskRecovery\
    uninstall cmd: MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
    publisher: O&O Software GmbH
    comments: It could still be there, even when it's gone
    contact: Support technique
    help link: www.oo-software.com/fr
    help telephone: +49 (30) 4303 4300
    readme: E:\Program Files\Readme.txt

    ({582876EC-A178-44D4-9823-C10D6C62EAFF})
    uninstall cmd: MsiExec /X{8E3395D1-104C-4625-8419-CA6D197179F2}

    MSXML 6.0 Parser (KB927977) 6.00.3890.0 ({5A710547-B58E-488B-828D-CA9A25A0533C})
    version: 100667186
    version (major): 6
    estimated size: 1332
    install date: 20070306
    install source: e:\07768b271fb383295ec2d489a7749af4\
    uninstall cmd: MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/kb/927977

    ({5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB})
    install location: C:\Program Files\Disc2Phone\

    PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

    Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
    version: 33605159
    version (major): 2
    estimated size: 337360
    install date: 20070305
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
    publisher: Microsoft Corporation

    Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
    version: 16777222
    version (major): 1
    estimated size: 3045
    install date: 20070302
    install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
    uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
    publisher: Lavasoft AB
    help link: http://www.lavasoftsupport.com

    enhanced keyboard driver ({79C25975-740E-436E-9327-C164831ADCE7})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79C25975-740E-436E-9327-C164831ADCE7}\setup.exe"

    1.0.4.0 ({7B4AB13C-1A5C-4BC5-ABA6-762F8198444C})
    version: 16777220
    version (major): 1
    estimated size: 424
    install date: 20070303
    install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
    install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
    uninstall cmd: MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
    publisher: AGEIA Technologies, Inc.
    comments: PhysX Processor 32bit Driver v1.0.4.0
    help link: www.AGEIA.com

    Java 2 Runtime Environment, SE v1.4.0_01 ({7CF31609-270B-11D6-9445-000102308676})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext

    Windows Workflow Foundation 3.0.4203.2 ({7D1B85BD-AA07-48B8-808D-67A4067FC6BD})
    version: 50335851
    version (major): 3
    estimated size: 18672
    install date: 20070305
    install location: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
    install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wf\
    uninstall cmd: MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    publisher: Microsoft Corporation

    AGEIA PhysX v6.11.01 6.11.01 ({8E3395D1-104C-4625-8419-CA6D197179F2})
    version: 101384193
    version (major): 6
    version (minor): 11
    estimated size: 40448
    install date: 20070303
    install location: C:\DOCUME~1\Anass\LOCALS~1\Temp\
    install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
    uninstall cmd: MsiExec.exe /X{8E3395D1-104C-4625-8419-CA6D197179F2}
    publisher: AGEIA Technologies, Inc.
    comments: PhysX Driver & Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1; 2.6.0/1/2
    help link: www.AGEIA.com

    Microsoft Office Professional Edition 2003 11.0.7969.0 ({9011040C-6000-11D3-8CFE-0150048383C9})
    version: 184557345
    version (major): 11
    estimated size: 601579
    install date: 20070411
    install source: C:\MSOCache\All Users\9000040c-6000-11D3-8CFE-0150048383C9\
    uninstall cmd: MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/support
    readme: C:\Program Files\Microsoft Office\OFFICE11\1036\OFREADME.HTM

    Microsoft .NET Framework 1.1 French Language Pack 1.1.4322 ({9A394342-4A68-4EBA-85A6-55B559F4E700})
    version: 16847074
    version (major): 1
    version (minor): 1
    estimated size: 3138
    install date: 20070321
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    publisher: Microsoft
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1036\RepairRedist.htm

    Kit de Connexion MENARA ({AB25E068-C7A2-482F-A3BC-588A5869844D})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel

    Adobe Reader 8 - Français 8.0.0 ({AC76BA86-7AD7-1036-7B44-A80000000002})
    version: 134217728
    version (major): 8
    estimated size: 136274
    install date: 20070226
    install location: C:\Program Files\Adobe\Reader 8.0\Reader\
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\Adobe Reader 8.0\
    uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
    publisher: Adobe Systems Incorporated
    comments:
    contact: Support clientèle
    help link: http://www.adobe.fr/support/main.html
    readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

    Micro Application - 36 Dictionnaires et Recueils de Correspondance 1.0.0.0 ({B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0})
    version: 16777216
    install location: C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\setup.exe" -l0x40c -uninst

    DVD Solution ({B97CF5C3-0487-11D8-A36E-0050BAE317E1})
    uninstall cmd: "C:\Program Files\Uninstall_CDS.exe"

    Windows Presentation Foundation 3.0.6920.0 ({BAF78226-3200-4DB4-BE33-4D922A799840})
    version: 50338568
    version (major): 3
    estimated size: 117878
    install date: 20070305
    install source: e:\a48d502f9b3018b3bb820f2f9b\wcu\wpf\
    uninstall cmd: MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    publisher: Microsoft Corporation

    Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
    version: 16847074
    version (major): 1
    version (minor): 1
    estimated size: 60197
    install date: 20070227
    install source: C:\DOCUME~1\Anass\LOCALS~1\Temp\7zS2E7.tmp\
    uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    publisher: Microsoft
    readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

    Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
    version: 67108864
    version (major): 4
    estimated size: 1096
    install date: 20070305
    install source: C:\Program Files\Google\Installers\
    uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    publisher: Google Inc.

    3.56 ({E06E4F4E-72D6-4497-BFFD-BCB43077C2F4})
    version: 54001664
    install location: C:\Program Files\SiS VGA Utilities V3.56
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x40c -uninst

    ({E9F81423-211E-46B6-9AE0-
    ------

    a b 8 Sécurité
    21 Avril 2007 17:37:06

    C'est des cookies, rien de méchant.
    21 Avril 2007 17:50:57

    Ah! Merci! J'avais cru que c'est grave puisque l'emplacement est de genre clé de registre et que Spybot S&D le décrit comme un MALWARE...
    et pour la réinstallation de l'imprimante y'a une solution?
    a b 8 Sécurité
    21 Avril 2007 17:55:09

    C'est du Hardware ça ;) 
    21 Avril 2007 18:56:12

    :jap:  Merci beaucoup de l'aide que vous m'avez apporté. Je ne sais comment vous remercier? Car "merci" est peu pour ce que vous m'avez apporté. Vous faites un excellent travail bien soigné. Je vous souhaite une vie heureuse, pleines de de réussites, prospérités et une parfaite santé, à vous et à ceux qui vous sont chers.
    PAS DE PAGES PUB INTEMPESTIVES VRAIMENT C'EST CHOUETTE MAINTENANT. COMME CA JE PEUX SURFER TRANQUILLEMENT. :bounce: 
    Merci encore pour tout et pour les TUTOS qui étaient très intéressants!
    En ce qui concerne le Wi... je vais procéder aux 1ère démarches pour essayer de régler ce problème avec mon fournisseur qui m'a peut-être dupé et m'a induit en erreur -si ce n'étaient pas ses techniciens.
    Pour mon imprimante qui n'a qu'un mois, elle marchait si bien. L'assistant d'installation m'informe que c'est une thread ou une application qui fait échouer la réinstallation à partir du CD! ceci est arrivé après exécution de ZebProtect
    Veuillez agréer, monsieur, ma parfaite considération. :jap: 
    Mais avant, j'ai un autre prob que je ne sais comment le résoudre: J'ai une image qui s'affiche au milieu de l'écran avant le Bios avec "Press...to show post screen dll to enter setup" comment puis-je supprimer cette image sachant qu'elle ne figure plus dans "mes images"
    a b 8 Sécurité
    22 Avril 2007 12:27:55

    De rien:jap: 

    Citation :
    Mais avant, j'ai un autre prob que je ne sais comment le résoudre: J'ai une image qui s'affiche au milieu de l'écran avant le Bios avec "Press...to show post screen dll to enter setup" comment puis-je supprimer cette image sachant qu'elle ne figure plus dans "mes images"

    Je ne sais pas :/ 
    22 Avril 2007 14:00:09

    Bon jour,
    Ok! Merci. Sincèrement, je suis très content :D  . Pas une seule page publicitaire depuis hier matin.A part ce "RUNDLL" [erreur de chargement de SISPOwer] qui frappe en plein milieu de l'écran...mais c'est pas grave... je m'habituerai à me familiariser avec ce fameux message ;) 
    :jap:  :jap:  :jap:  :jap:  :jap: 
    22 Avril 2007 14:03:17

    Je sais que j'ai des ports visibles, y a-t-il des tutos pour les cacher?
    22 Avril 2007 19:28:52

    :hello: 
    Enfin, le problème de "SISPOwer.dll" est résolu. C'était vraiment simple que je ne le pensais. Je ne sais pas comment ai-je négligé préalablement ma recherche dans l'Utilitaire de configuration système?!!
    Démarrer==>Exécuter et taper : msconfig
    puis dans Utilitaire de configuration système==>onglet démarrage j'ai décochéla radio de "Rundll32" correspondante à Rundll32.exe SISPower.dll,ModeAgent ; son emplacement est le suivant: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ;) 
    22 Avril 2007 23:35:44

    Salut, Angeldark
    Tout le problème est résolu. Smitfraud-C.Toolbar888 n'est plus dans mon PC. Oui. C'est confirmé par un ultime scan de Spybot Search & Destroy de ce jour. Aucune trace.
    Un grand merci à vous Angeldark. C'était grâce à vous et à votre immuable disponibilité en vue d'assister sincèrement une personne inconnue et lointain dans un autre point de la planète. C'était moi qui étais en détresse. Encore un grand et chaleureux merci à: http://www.infos-du-net.com/forum. ;) 
    Vraiment "Aux grands maux, les grands remèdes" :) 
    a b 8 Sécurité
    23 Avril 2007 18:21:28

    De rien :jap;
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS