Votre question

popus intempestifs

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Juillet 2006 18:52:00

Salut,
Depuis quelques jours, j'ai des problèmes dès que je suis connecté à internet. J'ai des popus qui arrvent tout le temps, et mon pc essaie (sans y parvenir) de redémarrer régulièrement. POur commencer, je suis en Windows 2000 et je surfe bêtement avec internet explorer.
J'ai lancé plusieurs fois un scan avec spybot, mais après chaque redémarrage, il y a des nouvelles crasses... Voici le dernier résultat de spybot :


--- Search result list ---
Network Monitor: Service Système (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor

Command Service: Service Système (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

CoolWWWSearch: Page de recherche IE (Modification du registre, nothing done)
HKEY_USERSS-1-5-21-2108556877-744188834-99232102-1001\Software\Microsoft\Internet Explorer\Main\Search Page=about:blank

CoolWWWSearch: Page de recherche IE (Modification du registre, nothing done)
HKEY_USERSS-1-5-21-2108556877-744188834-99232102-1001\Software\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch: Page de démarrage IE (Modification du registre, nothing done)
HKEY_USERSS-1-5-21-2108556877-744188834-99232102-1001\Software\Microsoft\Internet Explorer\Main\Start Page=about:blank

CoolWWWSearch: Page de recherche IE (Modification du registre, nothing done)
HKEY_USERSS-1-5-21-2108556877-744188834-99232102-1001\Software\Microsoft\Internet Explorer\Main\Default_Search_URL=about:blank

CoolWWWSearch: Page de recherche IE (Modification du registre, nothing done)
HKEY_USERSS-1-5-21-2108556877-744188834-99232102-1001\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL=about:blank

CoolWWWSearch: Page de recherche IE (Modification du registre, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Main\Search Page=about:blank

CoolWWWSearch: Page de recherche IE (Modification du registre, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

Command Service: Donnée (Fichier, nothing done)
C:\windows\newname.dat

Command Service: Réglages Autorun (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newname

Command Service: Fichier de programme (Fichier, nothing done)
c:\\nwnmc_4.exe

Command Service: Réglages (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv

Command Service: Réglages (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv

Command Service: Bibliothèque (Fichier, nothing done)
C:\WINNT\system32\atmtd.dll

Command Service: Bibliothèque (Fichier, nothing done)
C:\WINNT\system32\atmtd.dll._

Command Service: Réglages (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Réglages désinstallation (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}

Smitfraud-C.: Exécutable (Fichier, nothing done)
c:\drsmartload1.exe

Smitfraud-C.: Exécutable (Fichier, nothing done)
c:\drsmartload45s.exe

Smitfraud-C.: Exécutable (Fichier, nothing done)
c:\drsmartload46s.exe

Smitfraud-C.: Exécutable (Fichier, nothing done)
c:\drsmartload849s.exe

Smitfraud-C.: Réglages (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Smitfraud-C.: Réglages (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}

Smitfraud-C.: Exécutable (Fichier, nothing done)
c:\windows\MTE3NDI6ODoxNg.exe

Smitfraud-C.: Exécutable (Fichier, nothing done)
c:\Installer.exe

Smitfraud-C.: Exécutable (Fichier, nothing done)
c:\MTE3NDI6ODoxNg.exe

Network Monitor: Réglages désinstallation (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}

Network Monitor: Service Système (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor

Network Monitor: Dossier Programme (Répertoire, nothing done)
C:\Documents and Settings\Default User\Application Data\NetMon\

Network Monitor: Dossier Programme (Répertoire, nothing done)
C:\Program Files\Network Monitor\

Network Monitor: Fichier texte (Fichier, nothing done)
C:\WINNT\uninstall_nmon.vbs

Windows Security Center.SP2Update: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2!=dword:0

Windows Security Center.AntiVirusOverride: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.FirewallOverride: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

Windows Security Center.FirewallDisableNotify: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.AntiVirusDisableNotify: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Windows Security Center.UpdateDisableNotify: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-06-22 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-06-16 Includes\Cookies.sbi (*)
2006-06-16 Includes\Dialer.sbi (*)
2006-06-16 Includes\Hijackers.sbi (*)
2006-06-16 Includes\Keyloggers.sbi (*)
2006-06-16 Includes\Malware.sbi (*)
2006-06-16 Includes\PUPS.sbi (*)
2006-06-16 Includes\Revision.sbi (*)
2006-06-16 Includes\Security.sbi (*)
2006-06-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-06-16 Includes\Trojans.sbi (*)



--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows 2000 / SP0: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB329115
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB820888
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB822831
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823182
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823559
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824105
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB825119
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB826232
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828035
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828749
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB833407
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839643
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839645
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840315
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841872
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842526
/ Windows 2000 / SP5: Windows 2000 Hotfix (SP5) Q818043
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]


--- Startup entries list ---
Located: HK_LM:Run, AClntUsr
command: C:\Program Files\Altiris\AClient\AClntUsr.EXE
file: C:\Program Files\Altiris\AClient\AClntUsr.EXE
size: 180224
MD5: 7da8b81bd11ad434a7772f87cf252baf

Located: HK_LM:Run, defender
command: c:\\dfndrc_4.exe
file: c:\\dfndrc_4.exe
size: 81920
MD5: 999196a582067e63ffdee694973d9267

Located: HK_LM:Run, keyboard
command: c:\\kybrdc_4.exe
file: c:\\kybrdc_4.exe
size: 28672
MD5: 54986441aa8300f210a3bc27000828a2

Located: HK_LM:Run, newname
command: c:\\nwnmc_4.exe
file: c:\\nwnmc_4.exe
size: 28672
MD5: e72e3a99c74b78e5a0624ca70f66137f

Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9b2f5b9e745deaaa57fb78329ed03061

Located: Démarrage (tous utilisateurs), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa

Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, Dynamic Directory
command: C:\WINNT\system32\jr0025dmg.dll
file: C:\WINNT\system32\jr0025dmg.dll
size: 0
MD5: d41d8cd98f00b204e9800998ecf8427e ???

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, PCANotify
command: PCANotify.dll
file: PCANotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll



--- Browser helper object list ---


--- ActiveX list ---
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player)
DPF name:
CLSID name: Zylom Games Player
Installer: C:\WINNT\Downloaded Program Files\ZylomGamesPlayer.inf
Codebase: http://game13.zylomgames.com/activex/zylomgamesplayer.c...
Path: C:\WINNT\Downloaded Program Files\
Long name: zylomgamesplayer.dll
Short name: ZYLOMG~1.DLL
Date (created): 29/04/2005 17:24:18
Date (last access): 3/07/2006 17:41:54
Date (last write): 29/04/2005 17:24:18
Filesize: 155648
Attributes: archive
MD5: 1F83C3D3DD24F6A4509B7866133E89FD
CRC32: 22DAD6EA
Version: 2.0.0.0

{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_05
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-wind...
Path: C:\Program Files\Java\jre1.5.0_05\bin\
Long name: NPJPI150_05.dll
Short name: NPJPI1~1.DLL
Date (created): 26/08/2005 19:14:48
Date (last access): 27/06/2006 20:10:00
Date (last write): 26/08/2005 19:33:54
Filesize: 69746
Attributes: archive
MD5: 52A85771BE18C9C00732F475A2C192AE
CRC32: 525AE3AD
Version: 5.0.50.5



--- Process list ---
PID: 0 ( 0) [System]
PID: 140 ( 8) \SystemRoot\System32\smss.exe
PID: 188 ( 140) \??\C:\WINNT\system32\winlogon.exe
PID: 220 ( 188) C:\WINNT\system32\services.exe
size: 89360
MD5: CFED2D28F5B8A24127E9E06043070643
PID: 232 ( 188) C:\WINNT\system32\lsass.exe
size: 33552
MD5: 0C13D582EDAF90CBEA454A1AC535B913
PID: 440 ( 220) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 472 ( 220) C:\WINNT\system32\spoolsv.exe
size: 45328
MD5: 987DAF317B917CFC973DE8364D62A76C
PID: 272 ( 220) C:\Program Files\Altiris\AClient\AClient.exe
size: 4026444
MD5: 854D459D0D338087AE84D7F02AC18E54
PID: 556 ( 220) C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
size: 137016
MD5: 26F216B6FD7D2C31572BE702032D7EA3
PID: 576 ( 220) C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
size: 186168
MD5: E41DBC6CD6C56F69633314B27E29467F
PID: 592 ( 220) C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
size: 218936
MD5: C3826A86CD77716FE061D96B41B36D53
PID: 692 ( 220) C:\WINNT\LogWatNT.exe
size: 50176
MD5: 495CB30967059F48F75F56AF85137BD2
PID: 704 ( 220) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 764 ( 220) C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
size: 49152
MD5: 54F77D4E298B76664DCC3B72C6D3CCD3
PID: 864 ( 220) C:\WINNT\system32\MSTask.exe
size: 119568
MD5: 37D7411389A10D7F3ABFE12B247B1AC5
PID: 896 ( 220) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
size: 45056
MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 912 ( 220) C:\WINNT\system32\stisvc.exe
size: 61712
MD5: B75235626B950FF821146555C612F814
PID: 968 ( 220) C:\WINNT\winavguard.exe
size: 118272
MD5: EF455EC791905F12EBA4A73A8637A76D
PID: 1000 ( 220) C:\WINNT\services.exe
size: 87552
MD5: F2CCC732C1E1C71B5991F099FB844E98
PID: 1028 ( 220) C:\WINNT\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 05B2001E1BC653FD6091E741B46F71B4
PID: 1044 ( 220) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 1200 ( 188) C:\WINNT\system32\rundll32.exe
size: 10000
MD5: 1ED5274825CD1EEBBE102B9FF7C9EC31
PID: 1496 (1376) C:\Program Files\Altiris\AClient\AClntUsr.EXE
size: 180224
MD5: 7DA8B81BD11AD434A7772F87CF252BAF
PID: 1540 (1376) C:\dfndrb_2.exe
size: 90112
MD5: 5A06A8835C3EFA4DB3DAB6548FFAC8A8
PID: 1532 (1376) C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2FE253973433442C2CB234FB2BC4BF29
PID: 2160 (1552) c:\dfndrc_4.exe
size: 81920
MD5: 999196A582067E63FFDEE694973D9267
PID: 312 ( 220) C:\Program Files\Network Monitor\netmon.exe
size: 94208
MD5: 32760839E42CC4E151A82BC4D89B02DE
PID: 1072 ( 220) C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
size: 293888
MD5: 3E2C234DDE711C6754F2DF994FB3CC94
PID: 2756 ( 188) C:\WINNT\explorer.exe
size: 243472
MD5: 59CF2B7DCED9111F48F51B4B570E672D
PID: 1584 (2756) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 8 ( 0) System
PID: 168 ( 140) CSRSS.EXE


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/07/2006 18:42:10

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://searchbar.findthewebsiteyouneed.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://searchbar.findthewebsiteyouneed.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.findthewebsiteyouneed.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://searchbar.findthewebsiteyouneed.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL
http://searchbar.findthewebsiteyouneed.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://searchbar.findthewebsiteyouneed.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://searchbar.findthewebsiteyouneed.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
ACDSee (ACDSee)
uninstall cmd: C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG

1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Photoshop 7.0.1 7.0.1 (Adobe Photoshop 7.0.1)
version (major): 7
install location: C:\Program Files\Adobe\Photoshop 7.0
install source: C:\Documents and Settings\GARDE\Local Settings\Temp\pft1B~tmp\
uninstall cmd: C:\WINNT\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
publisher: Adobe Systems, Inc.

ArcSoft PhotoImpression (ArcSoft PhotoImpression)
uninstall cmd: C:\WINNT\IsUn040c.exe -f"C:\Program Files\ArcSoft\ArcSoft Software\PhotoImpression\Uninst.isu"

Atlas Préparation (Atlas Préparation)
uninstall cmd: C:\WINNT\unin040c.exe -f"C:\Program Files\Selor\Atlas Préparation\DeIsL1.isu" -c"C:\Program Files\Selor\Atlas Préparation\_ISREG32.DLL"

(Branding)

CDex extraction audio (CDex)
uninstall cmd: "C:\Program Files\CDex_150\uninstall.exe"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(eDonkey2000)

EnterNet 300 (EnterNet 300)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Alcatel\EnterNet 300\Uninst.isu" -c"C:\Program Files\Alcatel\EnterNet 300\NTSUninstall.dll"

eTrust InoculateIT (eTrust InoculateIT)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\CA\eTrust\InoculateIT\Uninst.isu" -c"C:\Program Files\CA\eTrust\InoculateIT\InoSetup.dll"

(expinst)

(Fontcore)

HP DeskJet 710C Series (Remove only) (HP DeskJet 710C Series)
uninstall cmd: C:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall

(ICW)

Microsoft Internet Explorer 6 SP1 (IE40)
uninstall cmd: rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u

(IE4Data)

(IE5BAKEX)

(IEData)

(IEREADME)

Internet Explorer Q867801 (ieupdate)
uninstall cmd: C:\WINNT\ieuninst.exe C:\WINNT\INF\Q867801.inf

(InstallShield Uninstall Information)

Broadcom NetXtreme Ethernet Controller 5.08.01 (InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9})
version: 84410369
version (major): 5
version (minor): 8
estimated size: 364
install date: 20040712
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is47\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
publisher: Broadcom
comments: ...
contact: hp Customer Support
help link: http://www.hp.com/support
help telephone: ...
readme: C:\Program Files\Broadcom\DrvInst\Readme.txt

Windows 2000 Hotfix - KB329115 20031024.155236 (KB329115)
uninstall cmd: C:\WINNT\$NtUninstallKB329115$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=329115

Windows 2000 Hotfix - KB820888 20030604.152521 (KB820888)
uninstall cmd: C:\WINNT\$NtUninstallKB820888$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=820888

Windows 2000 Hotfix - KB822831 20030611.114034 (KB822831)
uninstall cmd: C:\WINNT\$NtUninstallKB822831$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=822831

Windows 2000 Hotfix - KB823182 20030618.121409 (KB823182)
uninstall cmd: C:\WINNT\$NtUninstallKB823182$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823182

Windows 2000 Hotfix - KB823559 20030627.135515 (KB823559)
uninstall cmd: C:\WINNT\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823559

Windows 2000 Hotfix - KB824105 20030716.151320 (KB824105)
uninstall cmd: C:\WINNT\$NtUninstallKB824105$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824105

Windows 2000 Hotfix - KB825119 20030827.151123 (KB825119)
uninstall cmd: C:\WINNT\$NtUninstallKB825119$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=825119

Windows 2000 Hotfix - KB826232 20031007.160553 (KB826232)
uninstall cmd: C:\WINNT\$NtUninstallKB826232$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=826232

Windows 2000 Hotfix - KB828035 20031023.142138 (KB828035)
uninstall cmd: C:\WINNT\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

Windows 2000 Hotfix - KB828741 20040311.130332 (KB828741)
uninstall cmd: C:\WINNT\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows 2000 Hotfix - KB828749 20031023.124056 (KB828749)
uninstall cmd: C:\WINNT\$NtUninstallKB828749$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828749

Windows 2000 Hotfix - KB833407 20040119.115651 (KB833407)
uninstall cmd: C:\WINNT\$NtUninstallKB833407$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833407

Windows 2000 Hotfix - KB835732 20040323.171849 (KB835732)
uninstall cmd: C:\WINNT\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows 2000 Hotfix - KB837001 (KB837001)
uninstall cmd: C:\WINNT\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation

Windows Media Player Hotfix [See KB837272 for more information] (KB837272)
uninstall cmd: C:\WINNT\$NtUninstallKB837272$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837272

Windows 2000 Hotfix - KB839643 20040506.120130 (KB839643)
uninstall cmd: C:\WINNT\$NtUninstallKB839643$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839643

DirectX 9 Hotfix - KB839643 (KB839643-DirectX9)
uninstall cmd: C:\WINNT\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839643

Windows 2000 Hotfix - KB839645 20040519.160457 (KB839645)
uninstall cmd: C:\WINNT\$NtUninstallKB839645$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839645

Windows 2000 Hotfix - KB840315 20040622.153749 (KB840315)
uninstall cmd: C:\WINNT\$NtUninstallKB840315$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840315

Windows 2000 Hotfix - KB841872 20040520.90850 (KB841872)
uninstall cmd: C:\WINNT\$NtUninstallKB841872$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841872

Windows 2000 Hotfix - KB841873 20040610.95344 (KB841873)
uninstall cmd: C:\WINNT\$NtUninstallKB841873$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841873

Windows 2000 Hotfix - KB842526 20040521.202909 (KB842526)
uninstall cmd: C:\WINNT\$NtUninstallKB842526$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=842526

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

LiveReg (Symantec Corporation) 2.0.6.1314 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 1.6 (Symantec Corporation) (LiveUpdate1.6)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Logiciel d'impression photo HP (Logiciel d'impression photo HP)
uninstall cmd: C:\WINNT\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

(MsJavaVM)

NeroMediaPlayer (NeroMediaPlayer)
uninstall cmd: C:\WINNT\uninNMP.exe C:\PROGRA~1\ahead\NEROME~1\NEROME~1.EXE|C:\WINNT\UNINST.EXE|-fC:\PROGRA~1\ahead\NEROME~1\DeIsL1.isu

(NetMeeting)

Outlook Express Q823353 (oeupdate)
uninstall cmd: C:\WINNT\oeuninst.exe C:\WINNT\INF\Q823353.inf

(OutlookExpress)

Windows 2000 Hotfix (SP5) Q818043 20030501.174006 (Q818043)
uninstall cmd: C:\WINNT\$NtUninstallQ818043$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=818043

Windows Media Player Hotfix [See Q828026 for more information] (Q828026)
uninstall cmd: C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828026

QuickTime (QuickTime)
uninstall cmd: C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

(ShockwaveFlash)

Skype 1.4 1.4 (Skype_is1)
install location: C:\Program Files\Skype\Phone\
uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/1.4.0.84/en/help

Snowball Wars by OIN (Snowball Wars)
uninstall cmd: C:\Program Files\Snowball Wars\uninstaller.exe

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

My Portal (ST6UNST #1)
uninstall cmd: C:\WINNT\st6unst.exe -n "C:\Portal\ST6UNST.LOG"

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip 8.1 SR-1 (5266) (WinZip)
version (major): 8
version (minor): 1
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

Windows Media Player system update (9 Series) (WMP7)
uninstall cmd: C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall

XnView 1.74 1.74 (XnView_is1)
install location: C:\Program Files\XnView\
uninstall cmd: "C:\Program Files\XnView\unins000.exe"
publisher: Gougelet Pierre-e

PDFCreator 0.8.0 ({0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D})
uninstall cmd: C:\Program Files\PDFCreator\unins000.exe
publisher: Frank Heindörfer, Philip Chinery
help link: http://www.pdfcreator.de.vu

Microsoft Office 2000 SR-1 Disc 2 9.00.3821 ({00040409-78E1-11D2-B60F-006097C998E7})
version: 150998765
version (major): 9
estimated size: 62745
install date: 20050511
install source: D:\
uninstall cmd: MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

J2SE Runtime Environment 5.0 Update 5 1.5.0.50 ({3248F0A8-6813-11D6-A77B-00B0D0150050})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 121581
install date: 20051031
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_05-b0...
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_05\README.txt

Command 1.0.1 ({3877C2CD-F137-4144-BDB2-0A811492F920})
uninstall cmd: wscript "C:\WINNT\QWRtaW5pc3RyYXRvcg\kqlQuqcDwalVsrlSw0.vbs"
contact: Customer Support Department

Microsoft Windows Journal Viewer 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
version: 17107211
version (major): 1
version (minor): 5
estimated size: 5766
install date: 20040712
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
publisher: Microsoft
comments: A viewer for Windows Journal documents.
contact: Microsoft

({5B239A98-4222-4D8C-AF38-1A8EC07F956B})

({5D0930A0-1033-433A-8BB9-602665550DD0})

({62369F2F77534556AEF4C58152E3BDE5})

ArcSoft VideoImpression 2 ({6762AB61-2BE9-45D8-B9F2-24014324CD35})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6762AB61-2BE9-45D8-B9F2-24014324CD35}\setup.exe" -l0x40c

HP Precisionscan Pro 3.1 3.1.2.0000 ({6B36DEBF-27D0-4B1E-858D-D397091C6C7D})
version: 50397186
version (major): 3
version (minor): 1
estimated size: 69321
install date: 20050227
install source: D:\hppspro\
uninstall cmd: MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
publisher: Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551

WebFldrs 9.00.3907 ({6F716D8C-398F-11D3-85E1-005004838609})
version: 150998851
version (major): 9
estimated size: 2524
install date: 20040712
install source: C:\WINNT\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

HP Share-to-Web ({748F4870-8350-11D3-B0BF-080009FB4A19})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l1036

DivX 6.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

Worms 3D 0.00.001 ({8874FD36-7C9D-4573-8956-E368D6753D90})
version: 1
install location: C:\Team17\Worms 3D
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8874FD36-7C9D-4573-8956-E368D6753D90}\setup.exe" -l0x40c

Intel(R) Extreme Graphics 2 Driver ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

Microsoft Office Professional Edition 2003 11.0.6361.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184555737
version (major): 11
estimated size: 293458
install date: 20040831
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

DiMAGE Viewer ({976EA7B1-7562-483D-88DA-4323D263B7CD})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe" -l0x9 anything

Network Monitor 6.0.1 ({A394E835-C8D6-4B4B-884B-D2709059F3BE})
uninstall cmd: wscript "C:\WINNT\uninstall_nmon.vbs"
contact: Customer Support Department

Nero - Burning Rom 5.5.3.0 ({A4D7B764-4140-11D4-88EB-0050DA3579C0})
version: 84213763
version (major): 5
version (minor): 5
estimated size: 31435
install date: 20041204
install source: D:\Nero\Nero55\
uninstall cmd: MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
publisher: ahead software gmbh
contact: Hotline
help link: http://www.nero.com
help telephone: +49 (07248) 911-231

MSN Messenger 6.2 6.2.0205 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600205})
version: 100794573
version (major): 6
version (minor): 2
estimated size: 9039
install date: 20050226
install source: C:\DOCUME~1\GARDE\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}
publisher: Microsoft Corporation

Adobe Reader 6.0 6.0 ({AC76BA86-7AD7-1033-7B44-000000000001})
version: 100663296
version (major): 6
estimated size: 44565
install date: 20040712
install location: C:\Program Files\Adobe\Acrobat 6.0\Reader\
install source: C:\WINNT\Cache\Adobe Reader 6\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm

({B13A7C41581B411290FBC0395694E2A9})

Broadcom NetXtreme Ethernet Controller 5.08.01 ({BE6890C7-31EF-478C-812E-1E2899ABFCA9})
version: 84410369
version (major): 5
version (minor): 8
estimated size: 364
install date: 20040712
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is47\
publisher: Broadcom
comments: ...
contact: hp Customer Support
help link: http://www.hp.com/support
help telephone: ...
readme: C:\Program Files\Broadcom\DrvInst\Readme.txt

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 39992
install date: 20040712
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Symantec pcAnywhere 10.5 ({D05E8183-866A-11D3-97DF-0000F8D8F2E9})
version: 168099840
version (major): 10
version (minor): 5
estimated size: 19081
install date: 20040831
install source: \\winnt48\express\Store\Sources\PCAnywhere\
uninstall cmd: MsiExec.exe /I{D05E8183-866A-11D3-97DF-0000F8D8F2E9}
publisher: Symantec Corporation
help link: http://www.symantec.com/techsupp

Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files\Adobe\Photoshop CS
install source: C:\college\exécutables\photoshop\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
publisher: Adobe Systems, Inc.

SoundMAX 5.12.01.3620 ({F0A37341-D692-11D4-A984-009027EC0A9C})
install location: C:\Program Files\Analog Devices\SoundMAX
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
publisher: Analog Devices



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): AClient
Display name: Altiris Client Service
Object name: LocalSystem
Image path: C:\Program Files\Altiris\AClient\AClient.exe -service
Start: 2
Type: 272
Error Control: 1

Service (registry key): ACPI
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aeaudio
Image path: system32\drivers\aeaudio.sys
Image size: 100224
Image MD5: E696E749BEDCDA8B23757B8B5EA93780
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic116x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): AlKernel
Display name: Altiris Kernel Driver
Image path: System32\Drivers\AlKernel.sys
Image size: 2401
Image MD5: 06112696A1B06692939CF087D1F1C84E
Start: 3
Type: 1
Error Control: 1

Service (registry key): ami0nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: .\ASPNET
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: A986FCFDAC587E68478DB51547B90800
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 17840
Image MD5: 5D3D77C9EB3A8E6A14CC8E1252B6CC5C
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86672
Image MD5: 8C718AA8C77041B3285D55A0CE980867
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57904
Image MD5: 3E348B3313EA633D45CAF59DA0D631BA
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 2896
Image MD5: 39D57104A45270F0D376E9DDB484EBBD
Start: 3
Type: 1
Error Control: 1

Service (registry key): awhost32
Display name: pcAnywhere Host Service
Description: "Allows Remote pcAnywhere users to connnect to this machine."
Object name: LocalSystem
Image path: C:\Program Files\Symantec\pcAnywhere\awhost32.exe
Image size: 114749
Image MD5: 9C2CE606E4E7E572799F33AEE5A59C3C
Start: 3
Type: 272
Error Control: 1

Service (registry key): awlegacy
Image path: \SystemRoot\System32\Drivers\awlegacy.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): AW_HOST
Image path: system32\drivers\aw_host5.sys
Image size: 33496
Image MD5: 7AB1047FCC742BD4ABF1016C031969CE
Start: 1
Type: 1
Error Control: 1

Service (registry key): b57w2k
Display name: Broadcom NetXtreme Gigabit Ethernet for hp
Image path: System32\DRIVERS\b57w2k.sys
Image size: 113956
Image MD5: 51B2FD35C27321B89FA47BA2DFA39A0F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k BITSgroup
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,Rpcss,SENS,Wmi

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an up-to-date list of computers on your network and supplies the list to programs that request it.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): BusLogic
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 16384
Image MD5: 1478E6A09512235B9E119D2920477021
Start: 3
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdr4_2K
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdralw2k
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 27984
Image MD5: 4B86A90A7F0095D514D22A9083826488
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): cisvc
Display name: Indexing Service
Object name: LocalSystem
Image path: C:\WINNT\System32\cisvc.exe
Image size: 5392
Image MD5: 2830A2C82270F387265DFA658656EB99
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): Class
Start: 0
Type: 0
Error Control: 0

Service (registry key): ClipSrv
Display name: ClipBook
Description: Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 31504
Image MD5: 804212B6B82354CF4F0C2D567575688A
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): cmdService
Display name: Command Service
Object name: LocalSystem
Image path: C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
Image size: 293888
Image MD5: 3E2C234DDE711C6754F2DF994FB3CC94
Start: 2
Type: 272
Error Control: 0

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): cpqarry2
Start: 4
Type: 1
Error Control: 1

Service (registry key): cpqfcalm
Start: 4
Type: 1
Error Control: 1

Service (registry key): cpqfws2e
Start: 4
Type: 1
Error Control: 1

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): deckzpsx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 30768
Image MD5: 322B9A3774DBF119F6635A476B0EB058
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Diskperf
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Administrative service for disk management requests
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 147728
Image MD5: 7B080C0AC30884E981221342DA197C1E
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 369104
Image MD5: 0B91C63540682BC3C826FC6D8B3ECB7B
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 137936
Image MD5: 6B35BFDBDBC247113852F18BF0F10E3C
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 7312
Image MD5: 3F1701FFA97AB012685ABC8A2D6FCE22
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Logical Disk Manager Watchdog Service
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft DirectMusic SW Synth (WDM)
Image path: system32\drivers\DMusic.sys
Image size: 51152
Image MD5: 3431984234B5988D4C09F043CF4CD779
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): EFS
Start: 4
Type: 2
Error Control: 1

Service (registry key): ENIMSR
Display name: ENIMSR
Image path: \??\C:\PROGRA~1\Alcatel\ENTERN~1\app\ENIMSR.SYS
Image size: 9624
Image MD5: 6D1F705764A37123A2D3BFCB70AD38DB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Eventlog
Display name: Event Log
Description: Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Provides automatic distribution of events to subscribing COM components.
Object name: LocalSystem
Image path: C:\WINNT\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): Fax
Display name: Fax Service
Description: Helps you send and receive faxes
Object name: LocalSystem
Image path: %systemroot%\system32\faxsvc.exe
Image size: 94992
Image MD5: C63946C8124A58A6C86EFB0EBEC7CCF9
Start: 3
Type: 272
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler

Service (registry key): Fd16_700
Start: 4
Type: 1
Error Control: 1

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 26256
Image MD5: 233E2C4DAE9C84CEF241F0EA30619629
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Display name: Fips
Start: 2
Type: 1
Error Control: 1

Service (registry key): fireport
Start: 4
Type: 1
Error Control: 1

Service (registry key): flashpnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 19312
Image MD5: 6CA845333DA54F27A8657BE7EE0B600D
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 115504
Image MD5: 9B73C6887C9E7AECAACA2A71363548E9
Start: 0
Type: 1
Error Control: 1

Service (registry key): Gernuwa
Start: 0
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 34704
Image MD5: 6667D07854A3AE7715D22B82761CF0E7
Start: 3
Type: 1
Error Control: 1

Service (registry key): HPFECP13
Image path: \SystemRoot\System32\drivers\HPFECP13.SYS
Start: 2



je mets la suite dans le post suivant...

Si vous savez m'aider, merci beaucoup de me consacrer un peu de temps...

Autres pages sur : popus intempestifs

3 Juillet 2006 18:53:22

et voici la suite...

Service (registry key): HPFECP13
Image path: \SystemRoot\System32\drivers\HPFECP13.SYS
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 46992
Image MD5: 3B538E8A6B5E078406159EDFE09A5E53
Start: 1
Type: 1
Error Control: 1

Service (registry key): ialm
Image path: System32\DRIVERS\ialmnt5.sys
Image size: 95579
Image MD5: 3DB0A9C35A5CF76386AADCEDA014E5E6
Start: 3
Type: 1
Error Control: 0

Service (registry key): IAS
Start: 0
Type: 32
Error Control: 0

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): InoRPC
Display name: eTrust InoculateIT RPC Server
Object name: LocalSystem
Image path: "C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe"
Image size: 137016
Image MD5: 26F216B6FD7D2C31572BE702032D7EA3
Start: 2
Type: 16
Error Control: 1

Service (registry key): InoRT
Display name: eTrust InoculateIT Realtime Server
Object name: LocalSystem
Image path: "C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe"
Image size: 186168
Image MD5: E41DBC6CD6C56F69633314B27E29467F
Start: 2
Type: 16
Error Control: 1

Service (registry key): InoTask
Display name: eTrust InoculateIT Job Server
Object name: LocalSystem
Image path: "C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe"
Image size: 218936
Image MD5: C3826A86CD77716FE061D96B41B36D53
Start: 2
Type: 16
Error Control: 1

Service (registry key): INO_FLPY
Display name: INO_FLPY
Image path: system32\Drivers\ino_flpy.sys
Image size: 20688
Image MD5: 5641A1346D6CE9D19DAD77A9CF078E69
Start: 0
Type: 2
Error Control: 1

Service (registry key): INO_FLTR
Display name: INO_FLTR
Image path: \??\C:\WINNT\system32\Drivers\ino_fltr.sys
Image size: 105312
Image MD5: EB433A4A9AFB82953B29A91F36CEA992
Start: 2
Type: 2
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 34416
Image MD5: 09A604211E2B2334FC023A41337E3165
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 19984
Image MD5: DBC1437B56EEA1AF02CD39C011904491
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 67120
Image MD5: 3509E9C33281F4343D2DA5650039F59D
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSEC
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 80848
Image MD5: 9D61C8E8044BDAAC6D922EB27552F93A
Start: 3
Type: 1
Error Control: 1

Service (registry key): ipsraidn
Start: 4
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 10288
Image MD5: 7F5315E32BE0632F680B30E03A2CA809
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 46992
Image MD5: B630369CA276FD208C1B5146920B5F2E
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 24528
Image MD5: 399055F5C4A98F39B47D26888A72145D
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 148304
Image MD5: 8E198EC9E823AA42EDF45B07EFE395AC
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Provides RPC support and file, print, and named pipe sharing.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Provides network connections and communications.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper Service
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): LogWatch
Display name: Event Log Watch
Object name: LocalSystem
Image path: C:\WINNT\LogWatNT.exe
Image size: 50176
Image MD5: 495CB30967059F48F75F56AF85137BD2
Start: 2
Type: 272
Error Control: 0

Service (registry key): lp6nds35
Start: 4
Type: 1
Error Control: 1

Service (registry key): mchInjDrv
Image path: \??\C:\WINNT\TEMP\mc21.tmp
Start: 4
Type: 1
Error Control: 0

Service (registry key): Messenger
Display name: Messenger
Description: Sends and receives messages transmitted by administrators or by the Alerter service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Allows authorized people to remotely access your Windows desktop using NetMeeting.
Object name: LocalSystem
Image path: C:\WINNT\System32\mnmsrvc.exe
Image size: 21776
Image MD5: EEEE63B92CA888AC9FB3D13581751EC2
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 21776
Image MD5: 8D038DDE3F19B88427968E99A6216766
Start: 1
Type: 1
Error Control: 1

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): MPE
Display name: BDA MPE Filter
Image path: system32\DRIVERS\MPE.sys
Image size: 15104
Image MD5: 83EFF7B976AE24F1A496CA94A8A19919
Start: 3
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 418640
Image MD5: E0836182D738EBE0E958EE641FDFA597
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.
Object name: LocalSystem
Image path: C:\WINNT\System32\msdtc.exe
Image size: 6928
Image MD5: EDC54E17CDF1811A472D518A82182449
Start: 3
Type: 272
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Installs, repairs and removes software according to instructions contained in .MSI files.
Object name: LocalSystem
Image path: C:\WINNT\system32\msiexec.exe /V
Image size: 64512
Image MD5: CA1900F0BA173B76EF752B467075154B
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7424
Image MD5: 85736F804191CB420A31ACA2A7F0674F
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5248
Image MD5: E943ADB93D83C5CBC0CA3F53F53B48CC
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4816
Image MD5: BB041315C9930063E5EAB0BEE90ACFF6
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 5504
Image MD5: D5059366B361F0E1124753447AF08AA2
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): NABTSFEC
Display name: NABTS/FEC VBI Codec
Image path: system32\DRIVERS\NABTSFEC.sys
Image size: 83968
Image MD5: BB1C45D114B6DAB0BABF6B2FB0336DB2
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ncrc710
Start: 4
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9200
Image MD5: E6F675C75C53887C58B98D6DB356B153
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 11984
Image MD5: 69ECAE880BDAC3C288F0508DF9CDEEF0
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 93360
Image MD5: B86A37AA73868343A9EEE148FDFCE1E0
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NeroCd2k
Image path: system32\drivers\NeroCd2k.sys
Image size: 44227
Image MD5: 58B29812B8D23501D15D85DD72EACB34
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 33456
Image MD5: 5151E6020A26BF7BC21C18FD612506BD
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 163600
Image MD5: 54AE15BCB205DEA14FD76F5B2848CFE6
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for dynamic data exchange (DDE).
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 108816
Image MD5: C237423A8FCB4FD24523FEECA620717C
Start: 3
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages shared dynamic data exchange and is used by Network DDE
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 108816
Image MD5: C237423A8FCB4FD24523FEECA620717C
Start: 3
Type: 32
Error Control: 1

Service (registry key): NetDetect
Display name: NetDetect
Image path: \SystemRoot\system32\drivers\netdtect.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 33552
Image MD5: 0C13D582EDAF90CBEA454A1AC535B913
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Network Monitor
Display name: Network Monitor
Object name: LocalSystem
Image path: C:\Program Files\Network Monitor\netmon.exe service
Start: 4
Type: 16
Error Control: 0

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 33552
Image MD5: 0C13D582EDAF90CBEA454A1AC535B913
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Description: Manages removable media, drives, and libraries.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): NTSPPPOE
Display name: Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver
Image path: system32\DRIVERS\ntspppoe.sys
Image size: 159552
Image MD5: 349620529D7B0EA820FE3815297A1AE3
Start: 3
Type: 1
Error Control: 1

Service (registry key): NTSTAP1
Display name: NTSTAP1
Image path: \??\C:\PROGRA~1\Alcatel\ENTERN~1\app\NTSTAP1.SYS
Image size: 171296
Image MD5: 633A92B05C0E2E2555E52D2AAF74B67B
Start: 3
Type: 1
Error Control: 1

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12560
Image MD5: 9B0D6FB5C5D6A7571AEDB0C1A7A9C1B6
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 35344
Image MD5: 09FA39E4812FDD042834650DF09675A0
Start: 3
Type: 1
Error Control: 1

Service (registry key): ose
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
Image size: 89136
Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A
Start: 3
Type: 16
Error Control: 1

Service (registry key): Outlook
Start: 0
Type: 0
Error Control: 0

Service (registry key): Parallel
Display name: Parallel class driver
Image path: System32\DRIVERS\parallel.sys
Image size: 60208
Image MD5: EA27799907EABDB66D2D56AF68CD4F06
Start: 3
Type: 1
Error Control: 1
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): Parport
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 25104
Image MD5: 69B713583D6E063AC487E2DA30C04289
Start: 1
Type: 1
Error Control: 0

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 59312
Image MD5: F0791B1F424F8D84A81D9AE6CFADF089
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: System32\DRIVERS\pciide.sys
Image size: 3088
Image MD5: 7D0BCB325D29D15024D6A572044E410B
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): pfc
Display name: Padus ASPI Shell
Image path: system32\drivers\pfc.sys
Image size: 9856
Image MD5: ED2E7F396B4098608C95BC3806BDF6FC
Start: 3
Type: 1
Error Control: 1

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Manages device installation and configuration and notifies programs of device changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Policy Agent
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 33552
Image MD5: 0C13D582EDAF90CBEA454A1AC535B913
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PPPoEService
Display name: PPPoE Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
Image size: 49152
Image MD5: 54F77D4E298B76664DCC3B72C6D3CCD3
Start: 2
Type: 272
Error Control: 1

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 48464
Image MD5: 0E0212BBBF15800F1536CBFA157DDDD6
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17680
Image MD5: B78775F217255F786C2E8DBE4334E413
Start: 3
Type: 1
Error Control: 1

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql2100
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8016
Image MD5: 63051B814E005DC62C7A0971668C52B4
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 288
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 52112
Image MD5: EC6037C594F20ADEDEA65F0D809493D2
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 288
Error Control: 1
Depends On services: Tapisrv

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16880
Image MD5: CB09A98E97E52C389AB17B1E003C9566
Start: 3
Type: 1
Error Control: 1

Service (registry key): RAWESR
Display name: RAWESR
Image path: \??\C:\PROGRA~1\Alcatel\ENTERN~1\app\RAWESR.SYS
Image size: 9988
Image MD5: 0B2C7CF1FFD237A3A15FC970C7A52687
Start: 3
Type: 1
Error Control: 1

Service (registry key): RCA
Display name: Microsoft Streaming Network Raw Channel Access
Image path: system32\drivers\RCA.sys
Image size: 21712
Image MD5: AFCE1F733A6AA3A90AC60794DFB26104
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 174800
Image MD5: D3CB7A695A43A287979C03DB94227D05
Start: 1
Type: 2
Error Control: 1

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 35344
Image MD5: B5120CB5081865B0C7D93C305C7DA939
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Display name: Remote Registry Service
Description: Allows remote registry manipulation.
Object name: LocalSystem
Image path: %SystemRoot%\system32\regsvc.exe
Image size: 68368
Image MD5: 250C4CE389783FA2398E3AFA4317008C
Start: 4
Type: 16
Error Control: 1

Service (registry key): ROOTMODEM
Display name: Microsoft Legacy Modem Driver
Image path: System32\Drivers\RootMdm.sys
Image size: 6032
Image MD5: B6756550C2F1AA4BE923D0CEF5A9E0A4
Start: 3
Type: 1
Error Control: 0

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: LocalSystem
Image path: %SystemRoot%\System32\locator.exe
Image size: 72464
Image MD5: AD57E33F4F7F404D9ABA97E8B33FA21B
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 2
Type: 32
Error Control: 1

Service (registry key): RpcSssvc
Display name: Remote Procedure Call (RPC) Service
Description: Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly.
Object name: LocalSystem
Image path: C:\WINNT\system32\RpcSs.exe
Start: 2
Type: 272
Error Control: 0

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe -s
Image size: 176912
Image MD5: 2A21BDDB1BA9B5CD776949380AB46A76
Start: 3
Type: 272
Error Control: 1
Depends On services: TcpIp,Afd

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 33552
Image MD5: 0C13D582EDAF90CBEA454A1AC535B913
Start: 4
Type: 32
Error Control: 1

Service (registry key): SCardDrv
Display name: Smart Card Helper
Description: Provides support for legacy smart card readers attached to the computer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 100112
Image MD5: 13C381E66CDA8D4D80E84BF18307551F
Start: 3
Type: 32
Error Control: 0
Depends On group: "Smart Card Reader"

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages and controls access to a smart card inserted into a smart card reader attached to the computer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 100112
Image MD5: 13C381E66CDA8D4D80E84BF18307551F
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a program to run at a designated time.
Object name: LocalSystem
Image path: %SystemRoot%\system32\MSTask.exe
Image size: 119568
Image MD5: 37D7411389A10D7F3ABFE12B247B1AC5
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): SchedulingAgent
Start: 2
Type: 0
Error Control: 0

Service (registry key): seclogon
Display name: RunAs Service
Description: Enables starting processes under alternate credentials
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 4
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: System32\DRIVERS\serenum.sys
Image size: 14160
Image MD5: 6DB5FDF67486679DA3149EF212374861
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: System32\DRIVERS\serial.sys
Image size: 62736
Image MD5: 80F28698F48E298D278057F23206133B
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Display name: High-Capacity Floppy Disk Drive
Image path: system32\DRIVERS\sfloppy.sys
Image size: 10384
Image MD5: 96B8AAE4F799E81A23AEDA935E14F768
Start: 3
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): sglfb
Start: 1
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Display name: Internet Connection Sharing
Description: Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 4
Type: 288
Error Control: 1
Depends On services: RasMan

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): SLIP
Display name: BDA Slip De-Framer
Image path: system32\DRIVERS\SLIP.sys
Image size: 10880
Image MD5: 92723FBDD30771C293FE5ED266A31CA6
Start: 3
Type: 1
Error Control: 1

Service (registry key): smwdm
Image path: system32\drivers\smwdm.sys
Image size: 578304
Image MD5: FA3368A7039F5ABAA4B933703AC34763
Start: 3
Type: 1
Error Control: 1

Service (registry key): SoundMAX Agent Service (default)
Display name: SoundMAX Agent Service
Object name: LocalSystem
Image path: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Image size: 45056
Image MD5: 3978F082274F723AD5A0A8058C2417DD
Start: 2
Type: 16
Error Control: 1

Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 45328
Image MD5: 987DAF317B917CFC973DE8364D62A76C
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: System32\DRIVERS\srv.sys
Image size: 244944
Image MD5: 42306C014D9E4D285EB5F49FE1178373
Start: 3
Type: 2
Error Control: 1

Service (registry key): StiSvc
Display name: Still Image Service
Object name: LocalSystem
Image path: %systemroot%\system32\stisvc.exe
Image size: 61712
Image MD5: B75235626B950FF821146555C612F814
Start: 2
Type: 272
Error Control: 1

Service (registry key): streamip
Display name: BDA IPSink
Image path: system32\DRIVERS\StreamIP.sys
Image size: 14976
Image MD5: 4544FD0DB39CB7B385A5392C068162CD
Start: 3
Type: 1
Error Control: 1

Service (registry key): swenum
Display name: Software Bus Driver
Image path: System32\DRIVERS\swenum.sys
Image size: 4096
Image MD5: 616A013D3EA068B6DEE83D905E92EE9F
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 53552
Image MD5: 8C7CD06D097A59391D94B59715FCA67C
Start: 3
Type: 1
Error Control: 1

Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): SymEvent
Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Image size: 57968
Image MD5: AFDCF8008D0FFE23F42071C1540F35E7
Start: 3
Type: 1
Error Control: 1

Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 47568
Image MD5: 6C14D96F8C1BA929FAD4BA40A29217FA
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Configures performance logs and alerts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 85776
Image MD5: F4F35FE5F46262D45491822D8A66BF62
Start: 3
Type: 16
Error Control: 1

Service (registry key): TAPBIND
Display name: TAPBIND
Image path: \??\C:\PROGRA~1\Alcatel\ENTERN~1\app\TAPBIND1.SYS
Image size: 43072
Image MD5: D500592D9E8EBD0DE68A3B23412D2EFC
Start: 3
Type: 1
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: System32\DRIVERS\tcpip.sys
Image size: 332144
Image MD5: 5F1BE742B1F2196663255991AE7ACC83
Start: 1
Type: 1
Error Control: 1

Service (registry key): tga
Start: 1
Type: 1
Error Control: 0

Service (registry key): TlntSvr
Display name: Telnet
Description: Allows a remote user to log on to the system and run console programs using the command line.
Object name: LocalSystem
Image path: %SystemRoot%\system32\tlntsvr.exe
Image size: 186128
Image MD5: FA57D2175F4978E2F32CB1B02781D76A
Start: 4
Type: 16
Error Control: 1
Depends On services: RpcSs,TcpIp

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Sends notifications of files moving between NTFS volumes in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): uhcd
Display name: Microsoft USB Universal Host Controller Driver
Image path: System32\DRIVERS\uhcd.sys
Image size: 32848
Image MD5: 376FB5E14B9D375DB3536BA563EAE97A
Start: 3
Type: 1
Error Control: 1

Service (registry key): ultra66
Start: 4
Type: 1
Error Control: 1

Service (registry key): Update
Display name: Microcode Update Driver
Image path: System32\DRIVERS\update.sys
Image size: 173232
Image MD5: 7A77F319935328CF30945FE0F3C69C9A
Start: 3
Type: 1
Error Control: 1

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\ups.exe
Image size: 17680
Image MD5: 222A997AA4C7F7A2B3453B556AFA4406
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbhub
Display name: Microsoft USB Standard Hub Driver
Image path: System32\DRIVERS\usbhub.sys
Image size: 40176
Image MD5: 5C202078F5D500786A1F3279FAC3AA64
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 12592
Image MD5: 6C0A98C98B84EEE9E3FB1CF86B6250B8
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: System32\DRIVERS\USBSTOR.SYS
Image size: 21552
Image MD5: 13EBA8A2DA3447FE7F217E34210AC554
Start: 3
Type: 1
Error Control: 1

Service (registry key): UtilMan
Display name: Utility Manager
Description: Starts and configures accessibility tools from one window
Object name: LocalSystem
Image path: %SystemRoot%\System32\UtilMan.exe
Image size: 22800
Image MD5: 7A960F1E9A0B2F7D14F1D0EDDD74375C
Start: 3
Type: 272
Error Control: 1

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): VxD
Start: 0
Type: 0
Error Control: 0

Service (registry key): W32Time
Display name: Windows Time
Description: Sets the computer clock.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: System32\DRIVERS\wanarp.sys
Image size: 32272
Image MD5: AA8C76DFC4AFA72F09FDBC6621B7D38D
Start: 3
Type: 1
Error Control: 1

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 73872
Image MD5: 997D25513BC89614417829B5BEC7C75C
Start: 3
Type: 1
Error Control: 1

Service (registry key): winavguard
Display name: winavguard
Description: winavguard
Object name: LocalSystem
Image path: "C:\WINNT\winavguard.exe"
Image size: 118272
Image MD5: EF455EC791905F12EBA4A73A8637A76D
Start: 2
Type: 272
Error Control: 0

Service (registry key): Windows Spooler Service
Display name: Microsoft Windows Spooler Service
Description: Microsoft Windows Spooler Service
Object name: LocalSystem
Image path: "C:\WINNT\services.exe"
Image size: 87552
Image MD5: F2CCC732C1E1C71B5991F099FB844E98
Start: 2
Type: 272
Error Control: 0

Service (registry key): WinMgmt
Display name: Windows Management Instrumentation
Description: Provides system management information.
Object name: LocalSystem
Image path: %SystemRoot%\System32\WBEM\WinMgmt.exe
Image size: 196706
Image MD5: 05B2001E1BC653FD6091E741B46F71B4
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): winsck
Display name: Windows TCP/IP Socket Driver
Description: Provides support for Winsock and the TCP/IP Socket Layer. This service cannot be stopped.
Object name: LocalSystem
Image path: C:\WINNT\winsock\csrss.exe
Start: 2
Type: 16
Error Control: 0

Service (registry key): Winsock
Display name: Windows TCP/IP Socket Layer
Description: Provides support for the TCP/IP Socket Layer. This service cannot be stopped.
Object name: LocalSystem
Image path: C:\WINNT\winsock\services.exe
Start: 4
Type: 16
Error Control: 0

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\system32\Services.exe
Image size: 89360
Image MD5: CFED2D28F5B8A24127E9E06043070643
Start: 3
Type: 32
Error Control: 1

Service (registry key): WS2IFSL
Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Image path: \SystemRoot\System32\drivers\ws2ifsl.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): wscsvc
Start: 4
Type: 0
Error Control: 0

Service (registry key): WSTCODEC
Display name: World Standard Teletext Codec
Image path: system32\DRIVERS\WSTCODEC.SYS
Image size: 18688
Image MD5: 04ACA6442E639A794293828E8DDA7A44
Start: 3
Type: 1
Error Control: 1

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k wugroup
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 2
Type: 32
Error Control: 1

Service (registry key): WZCSVC
Display name: Wireless Configuration
Description: Provides authenticated network access control using IEEE 802.1x for wired and wireless Ethernet networks.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,ProtectedStorage,WMI

Service (registry key): {6080A529-897E-4629-A488-ABA0C29B635E}
Display name: Intel(R) Graphics Platform (SoftBIOS) Driver
Image path: system32\drivers\ialmsbw.sys
Image size: 122942
Image MD5: 9C4B8EAD60C0CE09C0FCF49F6788BB19
Start: 3
Type: 1
Error Control: 1

Service (registry key): {75616418-57CA-45D8-909C-0A6942A18288}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {B9B8AB05-05B8-48F4-BF76-9761B61457DB}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
Display name: Intel(R) Graphics Chipset (KCH) Driver
Image path: system32\drivers\ialmkchw.sys
Image size: 99002
Image MD5: DFEBDCC9E3678FAD34B14867C47C1036
Start: 3
Type: 1
Error Control: 1


encore merci de votre aide !!!
a b 8 Sécurité
3 Juillet 2006 18:59:13

Bonjour,

Installe Ewido
Lance Ewido puis mets le à jour en cliquant sur " Update Now "
Ferme le programme.
Aide sur Ewido de Rub_Mic

Redémarre en mode sans échec

Relance Ewido puis choisis l'onglet " Scanner "
Fais un " Complete System Scan "
** Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse **
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.

Poste un rapport Hijackthis :

  • Télécharge Hijackthis
  • Mets le dans un dossier ou sur ton bureau
  • Lance l'application
  • Choisis l'option Do a system scan and save a logfile
  • Copie/Colle le rapport ici

    Aide sur Hijackthis
    Contenus similaires
    3 Juillet 2006 21:07:06

    Merci pour ta réponse rapide !
    Mais j'ai déjà un problème...
    j'ai bien installé ewido. Par contre, lorsque je veux le lancer en mode sans échec, rien ne se passe.
    Après quelques minutes, j'obtiens le message suivant :

    something bad happened in the application. error diagnostic file saved to c:\program files\ewido anti-spyware 4.0\ewido.err.

    et le message de diagnostic est le suivant :

    //==<ewido anti-spyware 4.0>===================================
    Exception code: C0000005 ACCESS_VIOLATION
    Fault address: 00426DD6 01:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    Module Date: 06/16/2006 16:39:05
    File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
    Exception Date: 07/03/2006 20:45:22

    Registers:
    EAX:0012E32C
    EBX:014A0EB8
    ECX:0012E344
    EDX:356D0001
    ESI:77E139A2
    EDI:01623004
    CS:EIP:001B:00426DD6
    SS:ESP:0023:0012E1F8 EBP:0012E38C
    DS:0023 ES:0023 FS:003B GS:0000
    Flags:00010246

    Intel specific method

    Call stack:
    Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
    00426DD6 0012E38C 00013551 0012E3B8 00000000 014A0EB8 0001:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    00427B42 0012E3D4 0012E990 00000001 00010076 50000000 0001:00026B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    004280DA 0012E468 0012E5F4 77E1343F 0001006E 00000005 0001:000270DA C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77E139E5 0012E488 0001006E 00000005 00000000 014402C4 0001:000029E5 C:\WINNT\system32\USER32.DLL

    ImageHelp specific method

    Call stack:
    Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
    00426DD6 0012E38C 00013551 0012E3B8 00000000 014A0EB8 0001:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    00427B42 0012E3D4 0012E990 00000001 00010076 50000000 0001:00026B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    004280DA 0012E468 0012E5F4 77E1343F 0001006E 00000005 0001:000270DA C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77E139E5 0012E488 0001006E 00000005 00000000 014402C4 MsgWaitForMultipleObjectsEx+135

    Loaded Modules:
    Base Size Module
    00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77F80000 07D000 5.00.2195.6899 C:\WINNT\system32\ntdll.dll
    690A0000 00B000 5.00.2134.0001 C:\WINNT\system32\PSAPI.DLL
    7C570000 0B8000 5.00.2195.6897 C:\WINNT\system32\KERNEL32.DLL
    10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
    70A70000 064000 6.00.2800.1552 C:\WINNT\system32\SHLWAPI.dll
    78000000 045000 6.01.9844.0000 C:\WINNT\system32\msvcrt.dll
    77F40000 03E000 5.00.2195.6898 C:\WINNT\system32\GDI32.dll
    77E10000 065000 5.00.2195.6897 C:\WINNT\system32\USER32.DLL
    7C2D0000 062000 5.00.2195.6876 C:\WINNT\system32\ADVAPI32.dll
    77D30000 071000 5.00.2195.6904 C:\WINNT\system32\RPCRT4.DLL
    75030000 014000 5.00.2195.6601 C:\WINNT\system32\WS2_32.dll
    75020000 008000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL
    77570000 030000 5.00.2161.0001 C:\WINNT\system32\WINMM.dll
    782F0000 245000 5.00.3900.6922 C:\WINNT\system32\SHELL32.dll
    71710000 084000 5.81.4916.0400 C:\WINNT\system32\COMCTL32.dll
    6B2C0000 005000 5.00.2180.0001 C:\WINNT\system32\MSIMG32.dll
    76B30000 03E000 5.00.3700.6693 C:\WINNT\system32\comdlg32.dll
    77A50000 0EF000 5.00.2195.6906 C:\WINNT\system32\ole32.dll
    75050000 008000 5.00.2195.6603 C:\WINNT\system32\WSOCK32.dll
    77340000 013000 5.00.2195.6602 C:\WINNT\system32\iphlpapi.dll
    77520000 005000 5.00.2134.0001 C:\WINNT\system32\ICMP.DLL
    77320000 017000 5.00.2181.0001 C:\WINNT\system32\MPRAPI.DLL
    75150000 00F000 5.00.2195.6897 C:\WINNT\system32\SAMLIB.DLL
    75170000 04F000 5.00.2195.6949 C:\WINNT\system32\NETAPI32.DLL
    7C340000 00F000 5.00.2195.6695 C:\WINNT\system32\Secur32.dll
    77BF0000 011000 5.00.2195.6666 C:\WINNT\system32\NTDSAPI.dll
    77980000 024000 5.00.2195.6824 C:\WINNT\system32\DNSAPI.DLL
    77950000 02A000 5.00.2195.6666 C:\WINNT\system32\WLDAP32.DLL
    751C0000 006000 5.00.2134.0001 C:\WINNT\system32\NETRAP.dll
    779B0000 09B000 2.40.4522.0000 C:\WINNT\system32\OLEAUT32.DLL
    773B0000 02F000 5.00.2195.6601 C:\WINNT\system32\ACTIVEDS.DLL
    77380000 023000 5.00.2195.6701 C:\WINNT\system32\ADSLDPC.DLL
    77830000 00E000 5.00.2168.0001 C:\WINNT\system32\RTUTILS.DLL
    77880000 08E000 5.00.2195.6622 C:\WINNT\system32\SETUPAPI.DLL
    7C0F0000 061000 5.00.2195.6794 C:\WINNT\system32\USERENV.DLL
    774E0000 033000 5.00.2195.6625 C:\WINNT\system32\RASAPI32.DLL
    774C0000 011000 5.00.2195.6738 C:\WINNT\system32\RASMAN.DLL
    77530000 022000 5.00.2195.6664 C:\WINNT\system32\TAPI32.DLL
    77360000 019000 5.00.2195.6685 C:\WINNT\system32\DHCPCSVC.DLL
    77820000 007000 5.00.2195.6623 C:\WINNT\system32\VERSION.dll
    759B0000 006000 5.00.2195.6611 C:\WINNT\system32\LZ32.DLL
    00D90000 016000 <no info> C:\WINNT\system32\alg.dll
    6BD00000 00D000 0.01.0002.0003 C:\WINNT\system32\SYNCOR11.DLL
    775A0000 090000 2000.02.3511.0000 C:\WINNT\system32\CLBCATQ.DLL
    77840000 03E000 5.00.2195.6705 C:\WINNT\system32\cscui.dll
    770C0000 023000 5.00.2195.6713 C:\WINNT\system32\CSCDLL.DLL
    72A00000 02D000 5.00.2195.6613 C:\WINNT\system32\DBGHELP.DLL

    //==<ewido anti-spyware 4.0>===================================
    Exception code: C0000005 ACCESS_VIOLATION
    Fault address: 00426DD6 01:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    Module Date: 06/16/2006 16:39:05
    File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
    Exception Date: 07/03/2006 20:48:53

    Registers:
    EAX:0012E32C
    EBX:014A0F00
    ECX:0012E344
    EDX:E0350001
    ESI:77E139A2
    EDI:01623004
    CS:EIP:001B:00426DD6
    SS:ESP:0023:0012E1F8 EBP:0012E38C
    DS:0023 ES:0023 FS:003B GS:0000
    Flags:00010246

    Intel specific method

    Call stack:
    Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
    00426DD6 0012E38C 00013551 0012E3B8 00000000 014A0F00 0001:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    00427B42 0012E3D4 0012E990 00000001 0002006C 50000000 0001:00026B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    004280DA 0012E468 0012E5F4 77E1343F 00020080 00000005 0001:000270DA C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77E139E5 0012E488 00020080 00000005 00000000 014402C4 0001:000029E5 C:\WINNT\system32\USER32.DLL

    ImageHelp specific method

    Call stack:
    Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
    00426DD6 0012E38C 00013551 0012E3B8 00000000 014A0F00 0001:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    00427B42 0012E3D4 0012E990 00000001 0002006C 50000000 0001:00026B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    004280DA 0012E468 0012E5F4 77E1343F 00020080 00000005 0001:000270DA C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77E139E5 0012E488 00020080 00000005 00000000 014402C4 MsgWaitForMultipleObjectsEx+135

    Loaded Modules:
    Base Size Module
    00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77F80000 07D000 5.00.2195.6899 C:\WINNT\system32\ntdll.dll
    690A0000 00B000 5.00.2134.0001 C:\WINNT\system32\PSAPI.DLL
    7C570000 0B8000 5.00.2195.6897 C:\WINNT\system32\KERNEL32.DLL
    10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
    70A70000 064000 6.00.2800.1552 C:\WINNT\system32\SHLWAPI.dll
    78000000 045000 6.01.9844.0000 C:\WINNT\system32\msvcrt.dll
    77F40000 03E000 5.00.2195.6898 C:\WINNT\system32\GDI32.dll
    77E10000 065000 5.00.2195.6897 C:\WINNT\system32\USER32.DLL
    7C2D0000 062000 5.00.2195.6876 C:\WINNT\system32\ADVAPI32.dll
    77D30000 071000 5.00.2195.6904 C:\WINNT\system32\RPCRT4.DLL
    75030000 014000 5.00.2195.6601 C:\WINNT\system32\WS2_32.dll
    75020000 008000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL
    77570000 030000 5.00.2161.0001 C:\WINNT\system32\WINMM.dll
    782F0000 245000 5.00.3900.6922 C:\WINNT\system32\SHELL32.dll
    71710000 084000 5.81.4916.0400 C:\WINNT\system32\COMCTL32.dll
    6B2C0000 005000 5.00.2180.0001 C:\WINNT\system32\MSIMG32.dll
    76B30000 03E000 5.00.3700.6693 C:\WINNT\system32\comdlg32.dll
    77A50000 0EF000 5.00.2195.6906 C:\WINNT\system32\ole32.dll
    75050000 008000 5.00.2195.6603 C:\WINNT\system32\WSOCK32.dll
    77340000 013000 5.00.2195.6602 C:\WINNT\system32\iphlpapi.dll
    77520000 005000 5.00.2134.0001 C:\WINNT\system32\ICMP.DLL
    77320000 017000 5.00.2181.0001 C:\WINNT\system32\MPRAPI.DLL
    75150000 00F000 5.00.2195.6897 C:\WINNT\system32\SAMLIB.DLL
    75170000 04F000 5.00.2195.6949 C:\WINNT\system32\NETAPI32.DLL
    7C340000 00F000 5.00.2195.6695 C:\WINNT\system32\Secur32.dll
    77BF0000 011000 5.00.2195.6666 C:\WINNT\system32\NTDSAPI.dll
    77980000 024000 5.00.2195.6824 C:\WINNT\system32\DNSAPI.DLL
    77950000 02A000 5.00.2195.6666 C:\WINNT\system32\WLDAP32.DLL
    751C0000 006000 5.00.2134.0001 C:\WINNT\system32\NETRAP.dll
    779B0000 09B000 2.40.4522.0000 C:\WINNT\system32\OLEAUT32.DLL
    773B0000 02F000 5.00.2195.6601 C:\WINNT\system32\ACTIVEDS.DLL
    77380000 023000 5.00.2195.6701 C:\WINNT\system32\ADSLDPC.DLL
    77830000 00E000 5.00.2168.0001 C:\WINNT\system32\RTUTILS.DLL
    77880000 08E000 5.00.2195.6622 C:\WINNT\system32\SETUPAPI.DLL
    7C0F0000 061000 5.00.2195.6794 C:\WINNT\system32\USERENV.DLL
    774E0000 033000 5.00.2195.6625 C:\WINNT\system32\RASAPI32.DLL
    774C0000 011000 5.00.2195.6738 C:\WINNT\system32\RASMAN.DLL
    77530000 022000 5.00.2195.6664 C:\WINNT\system32\TAPI32.DLL
    77360000 019000 5.00.2195.6685 C:\WINNT\system32\DHCPCSVC.DLL
    77820000 007000 5.00.2195.6623 C:\WINNT\system32\VERSION.dll
    759B0000 006000 5.00.2195.6611 C:\WINNT\system32\LZ32.DLL
    00D90000 016000 <no info> C:\WINNT\system32\alg.dll
    6BD00000 00D000 0.01.0002.0003 C:\WINNT\system32\SYNCOR11.DLL
    775A0000 090000 2000.02.3511.0000 C:\WINNT\system32\CLBCATQ.DLL
    77840000 03E000 5.00.2195.6705 C:\WINNT\system32\cscui.dll
    770C0000 023000 5.00.2195.6713 C:\WINNT\system32\CSCDLL.DLL
    72A00000 02D000 5.00.2195.6613 C:\WINNT\system32\DBGHELP.DLL

    //==<ewido anti-spyware 4.0>===================================
    Exception code: C0000005 ACCESS_VIOLATION
    Fault address: 00426DD6 01:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    Module Date: 06/16/2006 16:39:05
    File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
    Exception Date: 07/03/2006 20:54:05

    Registers:
    EAX:0012E32C
    EBX:014A0F00
    ECX:0012E344
    EDX:F5FB0001
    ESI:77E139A2
    EDI:01623004
    CS:EIP:001B:00426DD6
    SS:ESP:0023:0012E1F8 EBP:0012E38C
    DS:0023 ES:0023 FS:003B GS:0000
    Flags:00010246

    Intel specific method

    Call stack:
    Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
    00426DD6 0012E38C 00013551 0012E3B8 00000000 014A0F00 0001:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    00427B42 0012E3D4 0012E990 00000001 0003007A 50000000 0001:00026B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    004280DA 0012E468 0012E5F4 77E1343F 0003006A 00000005 0001:000270DA C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77E139E5 0012E488 0003006A 00000005 00000000 014402C4 0001:000029E5 C:\WINNT\system32\USER32.DLL

    ImageHelp specific method

    Call stack:
    Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
    00426DD6 0012E38C 00013551 0012E3B8 00000000 014A0F00 0001:00025DD6 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    00427B42 0012E3D4 0012E990 00000001 0003007A 50000000 0001:00026B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    004280DA 0012E468 0012E5F4 77E1343F 0003006A 00000005 0001:000270DA C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77E139E5 0012E488 0003006A 00000005 00000000 014402C4 MsgWaitForMultipleObjectsEx+135

    Loaded Modules:
    Base Size Module
    00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    77F80000 07D000 5.00.2195.6899 C:\WINNT\system32\ntdll.dll
    690A0000 00B000 5.00.2134.0001 C:\WINNT\system32\PSAPI.DLL
    7C570000 0B8000 5.00.2195.6897 C:\WINNT\system32\KERNEL32.DLL
    10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
    70A70000 064000 6.00.2800.1552 C:\WINNT\system32\SHLWAPI.dll
    78000000 045000 6.01.9844.0000 C:\WINNT\system32\msvcrt.dll
    77F40000 03E000 5.00.2195.6898 C:\WINNT\system32\GDI32.dll
    77E10000 065000 5.00.2195.6897 C:\WINNT\system32\USER32.DLL
    7C2D0000 062000 5.00.2195.6876 C:\WINNT\system32\ADVAPI32.dll
    77D30000 071000 5.00.2195.6904 C:\WINNT\system32\RPCRT4.DLL
    75030000 014000 5.00.2195.6601 C:\WINNT\system32\WS2_32.dll
    75020000 008000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL
    77570000 030000 5.00.2161.0001 C:\WINNT\system32\WINMM.dll
    782F0000 245000 5.00.3900.6922 C:\WINNT\system32\SHELL32.dll
    71710000 084000 5.81.4916.0400 C:\WINNT\system32\COMCTL32.dll
    6B2C0000 005000 5.00.2180.0001 C:\WINNT\system32\MSIMG32.dll
    76B30000 03E000 5.00.3700.6693 C:\WINNT\system32\comdlg32.dll
    77A50000 0EF000 5.00.2195.6906 C:\WINNT\system32\ole32.dll
    75050000 008000 5.00.2195.6603 C:\WINNT\system32\WSOCK32.dll
    77340000 013000 5.00.2195.6602 C:\WINNT\system32\iphlpapi.dll
    77520000 005000 5.00.2134.0001 C:\WINNT\system32\ICMP.DLL
    77320000 017000 5.00.2181.0001 C:\WINNT\system32\MPRAPI.DLL
    75150000 00F000 5.00.2195.6897 C:\WINNT\system32\SAMLIB.DLL
    75170000 04F000 5.00.2195.6949 C:\WINNT\system32\NETAPI32.DLL
    7C340000 00F000 5.00.2195.6695 C:\WINNT\system32\Secur32.dll
    77BF0000 011000 5.00.2195.6666 C:\WINNT\system32\NTDSAPI.dll
    77980000 024000 5.00.2195.6824 C:\WINNT\system32\DNSAPI.DLL
    77950000 02A000 5.00.2195.6666 C:\WINNT\system32\WLDAP32.DLL
    751C0000 006000 5.00.2134.0001 C:\WINNT\system32\NETRAP.dll
    779B0000 09B000 2.40.4522.0000 C:\WINNT\system32\OLEAUT32.DLL
    773B0000 02F000 5.00.2195.6601 C:\WINNT\system32\ACTIVEDS.DLL
    77380000 023000 5.00.2195.6701 C:\WINNT\system32\ADSLDPC.DLL
    77830000 00E000 5.00.2168.0001 C:\WINNT\system32\RTUTILS.DLL
    77880000 08E000 5.00.2195.6622 C:\WINNT\system32\SETUPAPI.DLL
    7C0F0000 061000 5.00.2195.6794 C:\WINNT\system32\USERENV.DLL
    774E0000 033000 5.00.2195.6625 C:\WINNT\system32\RASAPI32.DLL
    774C0000 011000 5.00.2195.6738 C:\WINNT\system32\RASMAN.DLL
    77530000 022000 5.00.2195.6664 C:\WINNT\system32\TAPI32.DLL
    77360000 019000 5.00.2195.6685 C:\WINNT\system32\DHCPCSVC.DLL
    77820000 007000 5.00.2195.6623 C:\WINNT\system32\VERSION.dll
    759B0000 006000 5.00.2195.6611 C:\WINNT\system32\LZ32.DLL
    00D90000 016000 <no info> C:\WINNT\system32\alg.dll
    6BD00000 00D000 0.01.0002.0003 C:\WINNT\system32\SYNCOR11.DLL
    775A0000 090000 2000.02.3511.0000 C:\WINNT\system32\CLBCATQ.DLL
    77840000 03E000 5.00.2195.6705 C:\WINNT\system32\cscui.dll
    770C0000 023000 5.00.2195.6713 C:\WINNT\system32\CSCDLL.DLL
    72A00000 02D000 5.00.2195.6613 C:\WINNT\system32\DBGHELP.DLL

    au cas où ça te dit qqch...
    merci !
    3 Juillet 2006 21:45:19

    j'ai fait tourner ewido en mode normal. Voici déjà le log :


    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 21:37:41 3/07/2006

    + Scan result:



    C:\Documents and Settings\Default User\Application Data\Μicrosoft\javaw.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\!update-3920[1].0000 -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\WINNT\Temp\!update.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\WINNT\QWRtaW5pc3RyYXRvcg\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : Cleaned with backup (quarantined).
    C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
    [1272] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1348] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1400] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1512] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1536] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\Installer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\FP20.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\OXBCTRAC.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\e0202afmgd2a2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\ffclient.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\fp6603jse.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\im41_qc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\ktl6l73s1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\lkfpx70n.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\lv0009dme.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\mpjava.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\nwtui2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\tNpiui.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\tOpiui.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\turmmgr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\ufimdmat.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\warebundle2.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\windows\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\Program Files\ѕystem32\iеxplore.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINNT\system32\__delete_on_reboot__a_l_g_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINNT\system32\kui.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\ifqw\ifqwd\ifqwc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
    C:\WINNT\winavguard.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\c1[1].exe -> Backdoor.SdBot.ass : Cleaned with backup (quarantined).
    C:\WINNT\services.exe -> Backdoor.SdBot.ass : Cleaned with backup (quarantined).
    C:\WINNT\antivirusguard.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\de[1].exe -> Downloader.Adload.cd : Cleaned with backup (quarantined).
    C:\steam.exe -> Downloader.Adload.cd : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\dfndr[1].exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\dfndra[1].exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\dfndr.exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\dfndra.exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\kybrd[1].exe -> Downloader.Adload.cf : Cleaned with backup (quarantined).
    C:\kybrd.exe -> Downloader.Adload.cf : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\drsmartload46a[1].exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\windows\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\dfndrb_2[1].exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
    C:\dfndrb_2.exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
    C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\nwnm[1].exe -> Hijacker.VB.fb : Cleaned with backup (quarantined).
    C:\nwnm.exe -> Hijacker.VB.fb : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\kybrdb_2[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CJE34T07\kybrd_1[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CJE34T07\nwnmb_2[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\nwnm_1[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\kybrd_1.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\kybrdb_2.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\nwnm_1.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\dfndra_1[1].exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
    C:\dfndra_1.exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
    C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
    C:\WINNT\system32\1B.tmp -> Proxy.Ranky.dh : Cleaned with backup (quarantined).
    C:\WINNT\system32\1D.tmp -> Proxy.Ranky.dh : Cleaned with backup (quarantined).
    C:\WINNT\system32\30.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\48.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\4A.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\4D.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\4F.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\51.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\52.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\53.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\55.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\57.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\8D.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\8F.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\90.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\91.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\92.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\93.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\94.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\95.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\96.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\97.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\98.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\99.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9A.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9B.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9C.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9D.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9E.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9F.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\A1.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\A2.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\B3.tmp -> Proxy.Ranky.eu : Cleaned with backup (quarantined).
    C:\WINNT\system32\B4.tmp -> Proxy.Ranky.eu : Cleaned with backup (quarantined).
    C:\WINNT\system32\B2.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\B6.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\B8.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\D6.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\D9.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\B5.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\BB.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\BF.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\C0.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\B0.tmp -> Proxy.Ranky.ez : Cleaned with backup (quarantined).
    C:\WINNT\system32\B1.tmp -> Proxy.Ranky.ez : Cleaned with backup (quarantined).
    C:\WINNT\system32\C1.tmp -> Proxy.Ranky.fb : Cleaned with backup (quarantined).
    C:\WINNT\system32\102.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\103.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\104.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\108.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\109.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10A.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10B.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10C.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10D.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10E.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10F.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\110.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\111.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\112.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\11F.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\FF.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\a[1].jpg -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\113.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\114.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\116.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\117.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\118.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\11B.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\11E.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\120.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\121.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\122.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\123.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\125.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\126.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\12A.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\12C.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\131.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\16D.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\16E.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\winsock\csrss.exe_tobedeleted -> Proxy.Ranky.fr : Cleaned with backup (quarantined).
    C:\WINNT\devices\services.exe -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\105.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\106.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\107.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\115.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E3.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E4.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E5.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E6.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E7.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\ED.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\EE.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\EF.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\F0.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\F1.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\F4.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\FD.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\GARDE\Cookies\garde@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@e-2dj6wfliqpc5sco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@e-2dj6wgk4wmdjmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@e-2dj6wjliahdjklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Default User\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\Documents and Settings\Default User\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CJE34T07\winavguard[1].exe -> Worm.Mytob.eo : Cleaned with backup (quarantined).
    C:\WINNT\Temp\eraseme_13124.exe -> Worm.Mytob.eo : Cleaned with backup (quarantined).


    ::Report end

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 21:37:41 3/07/2006

    + Scan result:



    C:\Documents and Settings\Default User\Application Data\Μicrosoft\javaw.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\!update-3920[1].0000 -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\WINNT\Temp\!update.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\WINNT\QWRtaW5pc3RyYXRvcg\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : Cleaned with backup (quarantined).
    C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
    [1272] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1348] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1400] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1512] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1536] C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\Installer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\FP20.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\OXBCTRAC.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\e0202afmgd2a2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\ffclient.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\fp6603jse.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\im41_qc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\ktl6l73s1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\lkfpx70n.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\lv0009dme.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\mpjava.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\nwtui2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\tNpiui.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\tOpiui.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\turmmgr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINNT\system32\ufimdmat.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\warebundle2.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\windows\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\Program Files\ѕystem32\iеxplore.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINNT\system32\__delete_on_reboot__a_l_g_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINNT\system32\kui.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\ifqw\ifqwd\ifqwc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
    C:\WINNT\winavguard.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\c1[1].exe -> Backdoor.SdBot.ass : Cleaned with backup (quarantined).
    C:\WINNT\services.exe -> Backdoor.SdBot.ass : Cleaned with backup (quarantined).
    C:\WINNT\antivirusguard.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\de[1].exe -> Downloader.Adload.cd : Cleaned with backup (quarantined).
    C:\steam.exe -> Downloader.Adload.cd : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\dfndr[1].exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\dfndra[1].exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\dfndr.exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\dfndra.exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\kybrd[1].exe -> Downloader.Adload.cf : Cleaned with backup (quarantined).
    C:\kybrd.exe -> Downloader.Adload.cf : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\drsmartload46a[1].exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\windows\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\dfndrb_2[1].exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
    C:\dfndrb_2.exe -> Downloader.VB.afv : Cleaned with backup (quarantined).
    C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\nwnm[1].exe -> Hijacker.VB.fb : Cleaned with backup (quarantined).
    C:\nwnm.exe -> Hijacker.VB.fb : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\kybrdb_2[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CJE34T07\kybrd_1[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CJE34T07\nwnmb_2[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MN0D8RSN\nwnm_1[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\kybrd_1.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\kybrdb_2.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\nwnm_1.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8FGBUJ2X\dfndra_1[1].exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
    C:\dfndra_1.exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
    C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
    C:\WINNT\system32\1B.tmp -> Proxy.Ranky.dh : Cleaned with backup (quarantined).
    C:\WINNT\system32\1D.tmp -> Proxy.Ranky.dh : Cleaned with backup (quarantined).
    C:\WINNT\system32\30.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\48.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\4A.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\4D.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\4F.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\51.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\52.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\53.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\55.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\57.tmp -> Proxy.Ranky.eh : Cleaned with backup (quarantined).
    C:\WINNT\system32\8D.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\8F.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\90.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\91.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\92.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\93.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\94.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\95.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\96.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\97.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\98.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\99.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9A.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9B.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9C.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9D.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9E.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\9F.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\A1.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\A2.tmp -> Proxy.Ranky.er : Cleaned with backup (quarantined).
    C:\WINNT\system32\B3.tmp -> Proxy.Ranky.eu : Cleaned with backup (quarantined).
    C:\WINNT\system32\B4.tmp -> Proxy.Ranky.eu : Cleaned with backup (quarantined).
    C:\WINNT\system32\B2.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\B6.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\B8.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\D6.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\D9.tmp -> Proxy.Ranky.ev : Cleaned with backup (quarantined).
    C:\WINNT\system32\B5.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\BB.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\BF.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\C0.tmp -> Proxy.Ranky.ew : Cleaned with backup (quarantined).
    C:\WINNT\system32\B0.tmp -> Proxy.Ranky.ez : Cleaned with backup (quarantined).
    C:\WINNT\system32\B1.tmp -> Proxy.Ranky.ez : Cleaned with backup (quarantined).
    C:\WINNT\system32\C1.tmp -> Proxy.Ranky.fb : Cleaned with backup (quarantined).
    C:\WINNT\system32\102.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\103.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\104.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\108.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\109.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10A.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10B.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10C.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10D.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10E.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\10F.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\110.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\111.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\112.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\11F.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\WINNT\system32\FF.tmp -> Proxy.Ranky.fn : Cleaned with backup (quarantined).
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\672FSBCV\a[1].jpg -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\113.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\114.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\116.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\117.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\118.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\11B.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\11E.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\120.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\121.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\122.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\123.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\125.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\126.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\12A.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\12C.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\131.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\16D.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\system32\16E.tmp -> Proxy.Ranky.fp : Cleaned with backup (quarantined).
    C:\WINNT\winsock\csrss.exe_tobedeleted -> Proxy.Ranky.fr : Cleaned with backup (quarantined).
    C:\WINNT\devices\services.exe -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\105.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\106.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\107.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\115.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E3.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E4.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E5.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E6.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\E7.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\ED.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\EE.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\EF.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\F0.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\F1.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\F4.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\WINNT\system32\FD.tmp -> Proxy.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\GARDE\Cookies\garde@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@e-2dj6wfliqpc5sco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@e-2dj6wgk4wmdjmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@e-2dj6wjliahdjklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Default User\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\Documents and Settings\Default User\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
    C:\Documents and Settings\GARDE\Cookies\garde@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CJE34T07\winavguard[1].exe -> Worm.Mytob.eo : Cleaned with backup (quarantined).
    C:\WINNT\Temp\eraseme_13124.exe -> Worm.Mytob.eo : Cleaned with backup (quarantined).


    ::Report end

    3 Juillet 2006 21:47:21

    et voici le rapport de hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 21:40:55, on 3/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Altiris\AClient\AClient.exe
    C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    C:\WINNT\LogWatNT.exe
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\winavguard.exe
    C:\WINNT\services.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Altiris\AClient\AClntUsr.EXE
    C:\dfndrc_4.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\winsock\csrss.exe
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [defender] C:\\dfndrc_4.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eu.delhaize.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eu.delhaize.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eu.delhaize.com
    O20 - AppInit_DLLs: C:\WINNT\system32\alg.dll
    O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\sfrdenrl.dll
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINNT\system32\RpcSs.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: winavguard - Unknown owner - C:\WINNT\winavguard.exe (file missing)
    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINNT\services.exe (file missing)
    O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - C:\WINNT\winsock\csrss.exe (file missing)


    Merci !!!
    a b 8 Sécurité
    3 Juillet 2006 21:53:29

    Imprime ces instructions, ou colle les dans un fichier texte.
    Regarde bien l'indication en bas, avant de commencer la procédure.
    Télécharge Look2Me-Destroyer.exe sur ton Bureau.

    . Ferme toutes les fenêtres actives.
    . Lance l'outil Look2Me-Destroyer.exe.
    . Coche Run this program as a task
    . Un message s'affichera :
    "Look2Me-Destroyer will close and re-open in approximately 1 minute"-> OK
    . Il se relancera après la minute, puis appuie sur le bouton Scan for L2M.
    . Les icônes de ton Bureau vont disparaître.
    . Le scan termine, clique sur Remove L2M
    . Un nouveau message Done Scanning apparaîtra, clique sur OK.
    . Suivi de Done removing infected files! Look2Me-Destroyer will now shutdown your computer -> OK.
    . Ton PC va s’éteindre.
    . Démarre ton PC normalement.
    . Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt

    Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.

    Télécharge Smitfraudfix
    Dézippe-le sur le Bureau.
    Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.
    3 Juillet 2006 22:20:14

    voilà le premier...


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 3/07/2006 22:05:07

    Infected! C:\WINNT\system32\sfrdenrl.dll
    Infected! C:\WINNT\system32\m0nqla551d.dll
    Infected! C:\WINNT\system32\sfrdenrl.dll
    Infected! C:\WINNT\system32\wrpui.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINNT\system32\sfrdenrl.dll
    C:\WINNT\system32\sfrdenrl.dll Deleted successfully!

    Attempting to delete: C:\WINNT\system32\m0nqla551d.dll
    C:\WINNT\system32\m0nqla551d.dll Deleted successfully!

    Attempting to delete: C:\WINNT\system32\sfrdenrl.dll
    C:\WINNT\system32\sfrdenrl.dll Deleted successfully!

    Attempting to delete: C:\WINNT\system32\wrpui.dll
    C:\WINNT\system32\wrpui.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FD1483C8-91C3-4843-A76F-004430EB7519}"
    HKCR\Clsid\{FD1483C8-91C3-4843-A76F-004430EB7519}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{218C5192-EE61-441C-AE68-E67009257436}"
    HKCR\Clsid\{218C5192-EE61-441C-AE68-E67009257436}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{10836FB3-DBE8-41C6-8595-7B95C3951F85}"
    HKCR\Clsid\{10836FB3-DBE8-41C6-8595-7B95C3951F85}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{421487FE-713B-487F-AEB5-0B2B62451888}"
    HKCR\Clsid\{421487FE-713B-487F-AEB5-0B2B62451888}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2399E009-43B0-45DF-BAB4-7B9835AA1CA8}"
    HKCR\Clsid\{2399E009-43B0-45DF-BAB4-7B9835AA1CA8}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8286FE99-DD45-4A5C-A827-89C3DBBE0B02}"
    HKCR\Clsid\{8286FE99-DD45-4A5C-A827-89C3DBBE0B02}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{21833498-CA1D-4038-AE15-01EEE66BE153}"
    HKCR\Clsid\{21833498-CA1D-4038-AE15-01EEE66BE153}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7A9DAE15-70D1-4926-8016-80B2E4958192}"
    HKCR\Clsid\{7A9DAE15-70D1-4926-8016-80B2E4958192}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{53EA4D1B-B8ED-4866-A928-483DE33C0909}"
    HKCR\Clsid\{53EA4D1B-B8ED-4866-A928-483DE33C0909}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7330B82-E9F4-421B-B0D2-51826790B482}"
    HKCR\Clsid\{D7330B82-E9F4-421B-B0D2-51826790B482}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2B569280-9619-498D-A91D-5C37D00152F9}"
    HKCR\Clsid\{2B569280-9619-498D-A91D-5C37D00152F9}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded
    3 Juillet 2006 22:22:42

    et le deuxième...

    SmitFraudFix v2.67

    Scan done at 22:16:38,84, lun. 03/07/2006
    Run from C:\Documents and Settings\GARDE\Desktop\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\dfndr?_?.exe FOUND !
    C:\drsmartload?.exe FOUND !
    C:\drsmartload??.exe FOUND !
    C:\drsmartload???.exe FOUND !
    C:\drsmartload????.exe FOUND !
    C:\kybrd?_?.exe FOUND !
    C:\nwnm?_?.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\GARDE\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GARDE\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    a b 8 Sécurité
    3 Juillet 2006 22:26:40

    Redémarre en mode sans échec

    Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à la ou les questions
    Sauvegarde puis poste le rapport.

    Poste un rapport Hijackthis
    4 Juillet 2006 13:22:02

    Help ! J'ai des popups intempestifs qui s'affichent dés que je me connecte à Internet sans toucher à rien................................ et j'ai déjà Spybot mais les mouchards réapparaissent aprés le nettoyage............................ et j'ai ausii un mouchards qui ne se supprimme pas : Command service . :-( :-( :-( :-( :-( :-(
    4 Juillet 2006 18:56:55

    SmitFraudFix v2.67

    Scan done at 18:41:15,23, mar. 04/07/2006
    Run from C:\Documents and Settings\GARDE\Desktop\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\dfndr?_?.exe Deleted
    C:\drsmartload?.exe Deleted
    C:\drsmartload???.exe Deleted
    C:\drsmartload????.exe Deleted
    C:\kybrd?_?.exe Deleted
    C:\nwnm?_?.exe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    4 Juillet 2006 18:57:27

    Logfile of HijackThis v1.99.1
    Scan saved at 18:50:40, on 4/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Altiris\AClient\AClient.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    C:\WINNT\LogWatNT.exe
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Altiris\AClient\AClntUsr.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\winsock\csrss.exe
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eu.delhaize.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eu.delhaize.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eu.delhaize.com
    O20 - AppInit_DLLs: C:\WINNT\system32\alg.dll
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINNT\system32\RpcSs.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: winavguard - Unknown owner - C:\WINNT\winavguard.exe (file missing)
    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINNT\services.exe (file missing)
    O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - C:\WINNT\winsock\csrss.exe (file missing)

    a b 8 Sécurité
    4 Juillet 2006 22:59:31

    Tu n'as pas de firewall :
    Installe par exemple Kerio

    . Télécharge delcmdservice (par Marckie), et sauvegardez-le sur ton Bureau.
    . Décompresse le contenu sur votre Bureau (un dossier nommé delcmdservice)
    . Double-clique sur le dossier delcmdservice
    . Double-clique sur delreg.bat afin de lancer l'outil
    . Ensuite clique sur le menu Démarrer puis executez
    . Dans le champs, tape Services.msc
    . Dans la liste vérifie que Command Service n'est pas présent, si c'est le cas, double-clique dessus
    . Positionne le type de démarrage sur désactiver

    De Malekal_Morte
    5 Juillet 2006 09:05:13

    Logfile of HijackThis v1.99.1
    Scan saved at 09:03:55, on 05/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
    C:\PROGRA~1\WANADOO\ComComp.exe
    C:\PROGRA~1\WANADOO\Toaster.exe
    C:\PROGRA~1\WANADOO\Inactivity.exe
    C:\PROGRA~1\WANADOO\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\WANADOO\Watch.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\dilou.DILOU-0WAQDYC8P\Bureau\hijackthis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Bold Else] C:\DOCUME~1\DILOU~1.DIL\APPLIC~1\SAVECU~1\Mealteam.exe
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B1BFAE2-EC12-42AB-93E5-5B69F8E8ACD3}: NameServer = 80.10.246.130 80.10.246.3
    O20 - AppInit_DLLs: repairs303169590.dll
    O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\m8juli1918.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    5 Juillet 2006 13:51:36

    RAMMSTEIN-mann, cree ton propre sujet !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS