Infection Smitfraud-c

salut
telecharge
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
tu le decompresse tu double clik dessus sur smitfraudfix.cmd et tu choisi l option 1
cela vas generer un rapport donne nous le
voila a quoi cela resemble http://siri.urz.free.fr/Fix/SmitfraudFix.php
******* la chasse et le balltrap ma vrai passion
voir site perso dans profil

il faut decompresser quand tu la telecharger
la tu te retrouve avec un dossier smitfraud tu l ouvre et la tu double clik sur smitfraudfix.cmd la chasse et le balltrap ma vrai passion
voir site perso dans profil

Mea culpa, pas bien dézippé

Voici le rapport :

SmitFraudFix v2.06

Rapport fait à 1:49:25,09 le dim. 11/12/2005
Executé à partir de C:\fix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\mscornet.exe PRESENT !
C:\WINDOWS\system32\mssearchnet.exe PRESENT !
C:\WINDOWS\system32\msvol.tlb PRESENT !
C:\WINDOWS\system32\ncompat.tlb PRESENT !
C:\WINDOWS\system32\nvctrl.exe PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\1024\ PRESENT!

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

oki relance le et cette fois option2 la chasse et le balltrap ma vrai passion
voir site perso dans profil

Re,

J'ai lancé l'option 2
Ca m'a signalé que certains processus étaient en cours et ne pouvaient pas être supprimés
Ensuite, une demande de nettoyage de regsitre que j'ai accepté
Reboot
Un rapport généré automatiquement après reboot :

SmitFraudFix v2.06

Rapport fait à 1:54:48,10 le dim. 11/12/2005
Executé à partir de C:\fix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\hp????.tmp supprimé
Problème suppression C:\WINDOWS\system32\ld????.tmp
Problème suppression C:\WINDOWS\system32\mscornet.exe
Problème suppression C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\msvol.tlb supprimé
Problème suppression C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\nvctrl.exe supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\ts.ico supprimé
C:\WINDOWS\system32\1024\ supprimé


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\ld????.tmp supprimé
C:\WINDOWS\system32\mscornet.exe supprimé
C:\WINDOWS\system32\mssearchnet.exe supprimé
C:\WINDOWS\system32\ncompat.tlb supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

J'en suis où ?

lol desoler il faut le faire en mode sans echec
la chasse et le balltrap ma vrai passion
voir site perso dans profil

salut quick

sais pas si balltrap est encore la

t'es sur que tu as fais le scan 2 en mode sans echec ? parce que en mode sans echec , les processus sont desactivés

Voilà, suis revenu, j'ai refait une recherche, voilà le dernier rapport :

SmitFraudFix v2.06

Rapport fait à 2:11:29,32 le dim. 11/12/2005
Executé à partir de C:\fix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Ca paraît bon ?

Autre chose, depuis que je suis infecté ,à l'arrivée sur le bureau, j'ai un message windows installer qui me dit (en gros, j'i pas noté)que je dois désinstaller norton antivirus et le réinstaller. Il serait KO ?

Re Balltrap,

Suite à l'infection de mon pc, spybot et norton antivirus ont été endommagés. Je les ai donc réinstallés et ils semblent fonctionner correctement.

Par contre, spybot continue à me détecter Smitfraud-C sans pouvoir le supprimer. Pourtant, mon pc semble refonctionner comme avant l'infection. D'autre part, spybot ne détecte rien en mode sans échec mais bien en mode normal. Après retour du mode sans échec, mon papier peint est disparu (fonf bleu) et ma page de démarrage dans IE est changée sur MSN. Rien de bien grave apparemment, mais je pense que le problème ne doit pas être tout à fait résolu.

Quant au dernier rapport que j'ai posté, qu'en penses-tu ?

Salut

quick157, poste le log de spybot pour voir les erreurs qu'il signale.

a+

Salut Siri,

Tu veux le log complet (très long) ou uniquement le problème détecté relatif à Smitfraud-C ?

Bah, poste tout, on fera le tri nous même ;-)

a+

No prob, voici :


--- Search result list ---
Smitfraud-C.: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1220945662-2111687655-725345543-1004\Sof­tware\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-11 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-09 Includes\Cookies.sbi (*)
2005-12-09 Includes\Dialer.sbi (*)
2005-12-09 Includes\Hijackers.sbi (*)
2005-12-09 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-12-09 Includes\Malware.sbi (*)
2005-12-09 Includes\PUPS.sbi (*)
2005-12-09 Includes\Revision.sbi (*)
2005-12-09 Includes\Security.sbi (*)
2005-12-09 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-09 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP3: Correctif Windows XP - KB873339
/ Windows XP / SP3: Correctif Windows XP - KB885250
/ Windows XP / SP3: Correctif Windows XP - KB885835
/ Windows XP / SP3: Correctif Windows XP - KB885836
/ Windows XP / SP3: Correctif Windows XP - KB886185
/ Windows XP / SP3: Correctif Windows XP - KB887472
/ Windows XP / SP3: Correctif Windows XP - KB887742
/ Windows XP / SP3: Correctif Windows XP - KB887797
/ Windows XP / SP3: Correctif Windows XP - KB888113
/ Windows XP / SP3: Correctif Windows XP - KB888302
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046)
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Correctif Windows XP - KB891781
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893066)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896688)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB900930)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749)


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
file: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 58992
MD5: 565126cc4a79ca46d555ffdd479e71e3

Located: HK_LM:Run, CmCardRun
command: C:\WINDOWS\system32\CmWatch.exe
file: C:\WINDOWS\system32\CmWatch.exe
size: 229376
MD5: 5d7d38cda0b45c1fd1698ce6798c0f50

Located: HK_LM:Run, DSLAGENTEXE
command: dslagent.exe USB
file: C:\WINDOWS\system32\dslagent.exe
size: 16384
MD5: 989e130e5e841bea68ba361d292a0207

Located: HK_LM:Run, GSICONEXE
command: GSICON.EXE
file: C:\WINDOWS\system32\GSICON.EXE
size: 90112
MD5: 3f1cdf749fe69c525a1a9a7ff3c3d8d1

Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 458752
MD5: 3c0ee706ceb7e9a154bf8e7749ca5a91

Located: HK_LM:Run, LogitechVideoTray
command: C:\Program Files\Logitech\Video\LogiTray.exe
file: C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: 2d3bcca5c7ca55fedd60e3336d3a92af

Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\system32\LVCOMSX.EXE
file: C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: 5ba8a7da5d0573f7923e02b260aad2f1

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, nTrayFw
command: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
file: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
size: 266240
MD5: 144d815eba5f324cdd5128841abf3b1a

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: f5402cd47b7389ddc21f92119a906eee

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: f5402cd47b7389ddc21f92119a906eee

Located: HK_LM:Run, NVMixerTray
command: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
file: C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 37fff683aee7f09f5f7087138192bf02

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 60d44ef1cb5f41160e9d0a7e637cc8aa

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: ff86e640e4e0fd18cfb4696b38867222

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, URLLSTCK.exe
command: C:\Program Files\Norton Internet Security\UrlLstCk.exe
file: C:\Program Files\Norton Internet Security\UrlLstCk.exe
size: 34432
MD5: f78f7e1890239e00487c083255abe209

Located: HK_LM:Run, WINCINEMAMGR
command: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 270336
MD5: 46a6365179ee6c91a6b483b36794049a

Located: HK_LM:RunServices, DJSNetCN
command: C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
file: C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
size: 43152
MD5: 0bda75a3de9dde31b77ef830c3cc2ff1

Located: HK_CU:Run, ASUS SmartDoctor
command: C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
file:

Located: HK_CU:Run, LogitechSoftwareUpdate
command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: C:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: d679346402cbf2330cad1fcf815c6524

Located: HK_CU:Run, updateMgr
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
file:

Located: Démarrage (tous utilisateurs), InterVideo WinCinema Manager.lnk
command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 270336
MD5: 46a6365179ee6c91a6b483b36794049a

Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 450560
MD5: a5e4cd281c93e174181c5873fafd4f16

Located: Démarrage (utilisateur), Démarrage d'Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA.EXE
file: C:\Program Files\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d

Located: Démarrage (utilisateur), Microsoft Recherche accélérée.lnk
command: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
file: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: 505bec5c5179ab1cf642003ead916be7

Located: Démarrage (utilisateur), OpenOffice.org 2.0.lnk
command: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
size: 61440
MD5: 7ad01eef5a7689da15d8597bf5790884

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 10/11/2005 13:03:56
Date (last access): 11/12/2005 20:21:02
Date (last write): 10/11/2005 13:22:10
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5



--- ActiveX list ---
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
Codebase: http://game01.zylom.com/activex/zylomgamesplayer.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 13:03:56
Date (last access): 11/12/2005 16:23:48
Date (last write): 10/11/2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 13:03:56
Date (last access): 11/12/2005 20:52:44
Date (last write): 10/11/2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\zylomloader.inf
Codebase: http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 804 ( 4) \SystemRoot\System32\smss.exe
PID: 876 ( 804) \??\C:\WINDOWS\system32\csrss.exe
PID: 900 ( 804) \??\C:\WINDOWS\system32\winlogon.exe
PID: 944 ( 900) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 956 ( 900) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 1100 ( 944) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1148 ( 944) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1192 ( 944) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1240 ( 944) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1324 ( 944) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1512 ( 944) C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
size: 235120
MD5: 8F3A6DA3CA461D9635901FC42FEEE570
PID: 1648 (1632) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
PID: 1700 ( 944) C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
size: 181872
MD5: 5655B64E2989EA0380C2FD9004ED1B6C
PID: 1712 ( 944) C:\Program Files\Norton Internet Security\ISSVC.exe
size: 83584
MD5: 2D943734CF559CF5EF16610A4A429BCE
PID: 1724 ( 944) C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1796 ( 944) C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 173160
MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
PID: 1816 ( 944) C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
size: 198256
MD5: 8B975B91F6339389B11D30B7FE87C8DE
PID: 196 ( 944) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 276 ( 944) C:\WINDOWS\ATKKBService.exe
size: 253952
MD5: 3F23027D8F33754F6E084B6E59E0B0BF
PID: 316 ( 944) C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
size: 43152
MD5: 0BDA75A3DE9DDE31B77EF830C3CC2FF1
PID: 340 ( 944) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
size: 20543
MD5: B81F8778F5BB485F3B75114F0C99A49F
PID: 376 ( 944) C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 177288
MD5: 998E500C07D76D4E7AAEFBA32EDC26D5
PID: 448 ( 944) C:\Program Files\Norton Utilities\NPROTECT.EXE
size: 139264
MD5: D64AD3C38E8774D9839CE3DE861909C5
PID: 540 ( 340) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
size: 20543
MD5: B81F8778F5BB485F3B75114F0C99A49F
PID: 580 ( 944) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
size: 131136
MD5: CF0FA7F8366002692BF7E46805F531B9
PID: 2528 ( 944) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
size: 57412
MD5: ACE9C161B76C066288A17FEA4BB7BFFC
PID: 2552 ( 944) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: 0B24AB7CC5B7ED2AA7F438A4072459F4
PID: 2592 ( 944) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
size: 198368
MD5: 63EE66B5229A14809E5D89A9275325AD
PID: 2692 ( 944) C:\Program Files\Speed Disk\nopdb.exe
size: 172065
MD5: 5EF5D09F97E0113B35F916B57B0ADC75
PID: 2708 ( 944) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 2768 ( 944) C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 826512
MD5: 4770F773C1417B913196FBF9E13A5ECB
PID: 2796 ( 944) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2856 ( 944) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
size: 139264
MD5: B47576825F0A397E1C807C7EC23E1560
PID: 3156 ( 944) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 3328 (1648) C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: FF86E640E4E0FD18CFB4696B38867222
PID: 3372 (1648) C:\WINDOWS\system32\CmWatch.exe
size: 229376
MD5: 5D7D38CDA0B45C1FD1698CE6798C0F50
PID: 3504 (1648) C:\WINDOWS\system32\GSICON.EXE
size: 90112
MD5: 3F1CDF749FE69C525A1A9A7FF3C3D8D1
PID: 3512 (1648) C:\WINDOWS\system32\dslagent.exe
size: 16384
MD5: 989E130E5E841BEA68BA361D292A0207
PID: 3644 (1648) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: F5402CD47B7389DDC21F92119A906EEE
PID: 3660 (1648) C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: 5BA8A7DA5D0573F7923E02B260AAD2F1
PID: 3680 (1648) C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: 2D3BCCA5C7CA55FEDD60E3336D3A92AF
PID: 3696 (1648) C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 37FFF683AEE7F09F5F7087138192BF02
PID: 3728 (1648) C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 58992
MD5: 565126CC4A79CA46D555FFDD479E71E3
PID: 3836 (1648) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 4016 (1100) C:\Program Files\Logitech\Video\FxSvr2.exe
size: 192512
MD5: 1B11C113DC4383C6C07A45BFFBDC7D63
PID: 3724 (1648) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: 833E2B3F0E2484C0F2B804AE871B4381
PID: 4412 (1648) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4856 (1100) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 4936 (1100) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: DB493DD6BC2FA5B38811F2BCDCF03D2B
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/12/2005 20:52:43

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.skynet.be/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 1: NVIDIA App Filter over [MSAFD Tcpip [UDP/IP]]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 2: NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 3: NVIDIA App Filter over [RSVP UDP Service Provider]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 4: NVIDIA App Filter over [RSVP TCP Service Provider]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 5: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF5E46B7-35FE-4985-A721-C0C0DC04A15A}] SEQPACKET 7]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 6: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF5E46B7-35FE-4985-A721-C0C0DC04A15A}] DATAGRAM 7]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 7: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{5695C6CB-DCEA-4EA0-8E5A-E1A2D94C5F22}] SEQPACKET 4]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 8: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{5695C6CB-DCEA-4EA0-8E5A-E1A2D94C5F22}] DATAGRAM 4]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 9: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{597E1A74-A576-4FD1-92A1-F1ECAC4E84F8}] SEQPACKET 3]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 10: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{597E1A74-A576-4FD1-92A1-F1ECAC4E84F8}] DATAGRAM 3]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 11: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{E36BD9C6-90B8-4DD0-BC68-EA8FB9961A87}] SEQPACKET 0]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 12: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{E36BD9C6-90B8-4DD0-BC68-EA8FB9961A87}] DATAGRAM 0]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 13: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{984CD0BE-06D7-40BE-8277-728496D34362}] SEQPACKET 1]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 14: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{984CD0BE-06D7-40BE-8277-728496D34362}] DATAGRAM 1]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 15: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7BCE046-B3E0-422D-8121-CF73589166F1}] SEQPACKET 2]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 16: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7BCE046-B3E0-422D-8121-CF73589166F1}] DATAGRAM 2]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 17: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DAED0A9-F022-460D-944C-5F3D15A3DB62}] SEQPACKET 5]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 18: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DAED0A9-F022-460D-944C-5F3D15A3DB62}] DATAGRAM 5]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 19: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{400BCACE-7340-4926-B59F-C247864449E2}] SEQPACKET 6]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 20: NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{400BCACE-7340-4926-B59F-C247864449E2}] DATAGRAM 6]
GUID: {4F949FA1-7C6E-4E5D-B13A-75364173CCFC}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll

Protocol 42: NVIDIA App Filter
GUID: {561A1E9F-D78B-40E3-866D-4CE5CF6BB83F}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

BeClean 1.4 (BeClean_is1)
uninstall cmd: "C:\Program Files\BeClean\unins000.exe"
publisher: Budy Setiawan Kusumah
help link: http://boozet.xepher.net

(Branding)

C-Media USB Mass Storage Driver (C-Media Card Reader Driver)
uninstall cmd: C:\WINDOWS\system32\CmCardRm.exe

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

ASUS SmartDoctor 4.78 (InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009})
version: 72220672
version (major): 4
version (minor): 78
estimated size: 9287
install date: 20051028
install source: C:\Documents and Settings\User\Mes documents\Benoit\INTERNET\Archives d'installation\SmartDoc478\SmartDoc\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1036
publisher: Nom de votre société
comments: SmartDoctor moinitors graphic card's healthy
contact: http://www.asus.com.tw
help link: http://www.asus.com.tw
help telephone: 886-2-28943447

ASUS Video Security 3.0.0.8 (InstallShield_{169E414A-37C7-434E-9021-27A03AE087CD})
version: 50331648
version (major): 3
estimated size: 5848
install date: 20051008
install source: E:\Utility\VideoSec\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{169E414A-37C7-434E-9021-27A03AE087CD}
publisher: ASUSTek Computer Inc.
comments:
contact: http://www.asus.com.tw
help link: http://www.asus.com.tw
help telephone: 886-2-29843447
readme: C:\Program Files\ASUS\ASUS Video Security\ReadMe.txt

NVIDIA ForceWare Network Access Manager 2.03.467 (InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347})
version: 33751507
version (major): 2
version (minor): 3
estimated size: 38633
install date: 20051209
install source: C:\WINDOWS\Downloaded Installations\{9DF687E7-381C-4882-A05F-4ADF1DD53394}\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
publisher: NVIDIA Corporation
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

(InstallShield_{524C56E0-6560-45D6-8C37-34C9DDBE3BF6})

ASUS GameFace Live 2.50.0002 (InstallShield_{68D8533B-9EE7-46AB-B8B2-D643F888C5DF})
version: 36831234
version (major): 2
version (minor): 50
estimated size: 22032
install date: 20051008
install location: C:\Program Files\ASUS\ASUS GameFace Live\
install source: E:\Utility\GameFace\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D8533B-9EE7-46AB-B8B2-D643F888C5DF}
publisher: ASUSTeK Computer Inc.
contact: Technical Support Department
help link: http://www.asus.com
help telephone: +886-2-2894-3447

ASUS Utilities 1.02 (InstallShield_{F4026ECE-9F19-43EC-9FC8-474C2DB7D2BE})
version: 16908288
version (major): 1
version (minor): 2
install date: 20051008
install location: C:\Program Files\ASUS\
install source: E:\utility\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F4026ECE-9F19-43EC-9FC8-474C2DB7D2BE} /l1036
publisher: ASUSTek Computer Inc.
contact: Technical Dept.
help link: http://www.asus.com.tw
help telephone: +886-2-28943447

(KB884016)

(KB893803)

Language pack for Ad-Aware SE (Language pack for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

LiveReg (Symantec Corporation) 3.1.0 (LiveReg)
install location: C:\Program Files\Fichiers communs\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Logitech Print Service (Logitech Print Service)
uninstall cmd: C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG

Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: http://www.macromedia.com/fr/support/shockwave

Micro Application - Mah-Jong II (Mah-Jong II)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"c:\documents and settings\user\mes documents\jeux\Uninst.isu"

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files\Fichiers communs\Ahead\Uninstall\Setup.exe /uninstall

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

(NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

Norton Speed Disk 6.0 pour Windows NT (Norton Speed Disk)

Norton Utilities 2002 pour Windows (Norton Utilities)
version (major): 6
install location: C:\Program Files\Norton Utilities\NORTON.EXE
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Norton Utilities\Uninst.isu" -c"C:\Program Files\Norton Utilities\_ISNU.DLL"
publisher: Symantec Corporation

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

Microsoft Office 97 Professional (Office8.0)
uninstall cmd: C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Programme de gestion Camera de Logitech® (QcDrv)
install location: C:\Program Files\Fichiers communs\Logitech\QCDRV
install source: D:\Drivers\Bin
uninstall cmd: "C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

(SchedulingAgent)

(Sevinst)

Shareaza version 2.2.1.0 2.2.1.0 (Shareaza_is1)
install location: C:\Program Files\Shareaza\
uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support

(Shockwave)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

StartupRun 1.22 (StartupRun)
install location: C:\Program Files\StartupRun
uninstall cmd: C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\StartupRun\uninst1~.nsu"
publisher: NirSoft

Norton Internet Security 2005 (Symantec Corporation) 8.0.6.2 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: C:\Program Files\Norton Internet Security
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS
uninstall cmd: C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
publisher: Symantec Corporation

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

ASUS SmartDoctor 4.78 ({12E11FBB-7CA6-4A86-834D-5E6390D51009})
version: 72220672
version (major): 4
version (minor): 78
estimated size: 9287
install date: 20051028
install source: C:\Documents and Settings\User\Mes documents\Benoit\INTERNET\Archives d'installation\SmartDoc478\SmartDoc\
publisher: Nom de votre société
comments: SmartDoctor moinitors graphic card's healthy
contact: http://www.asus.com.tw
help link: http://www.asus.com.tw
help telephone: 886-2-28943447

Norton Internet Security 8.0.6.2 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 134217734
version (major): 8
estimated size: 15067
install date: 20051211
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

ASUS Video Security 3.0.0.8 ({169E414A-37C7-434E-9021-27A03AE087CD})
version: 50331648
version (major): 3
estimated size: 5848
install date: 20051008
install source: E:\Utility\VideoSec\
publisher: ASUSTek Computer Inc.
comments:
contact: http://www.asus.com.tw
help link: http://www.asus.com.tw
help telephone: 886-2-29843447
readme: C:\Program Files\ASUS\ASUS Video Security\ReadMe.txt

NVIDIA ForceWare Network Access Manager 2.03.467 ({1F6423DE-7959-4178-80E0-023C7EAA5347})
version: 33751507
version (major): 2
version (minor): 3
estimated size: 38633
install date: 20051209
install source: C:\WINDOWS\Downloaded Installations\{9DF687E7-381C-4882-A05F-4ADF1DD53394}\
publisher: NVIDIA Corporation
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

SymNet 5.4.4.17 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 84148228
version (major): 5
version (minor): 4
estimated size: 2722
install date: 20051211
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation

2.0.14.551 ({2FCE4FC5-6930-40E7-A4F1-F862207424EF})
version (major): 2
install location: C:\Program Files\InterVideo\WCreator2
uninstall cmd: C:\ADSL\setup.exe REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: http://www.intervideo.com/jsp/Support.jsp

ASUS Enhanced Display Driver 6.14.10.0121 ({315ACD04-BCEB-478B-9B1D-5431D0E6CB11})
version: 101580810
install location: C:\Program Files\ASUSTeK COMPUTER INC.\ASUS Enhanced Display Driver
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20051211
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt

WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2608
install date: 20051006
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Norton AntiSpam 2005.1.0.163 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2005
version (minor): 1
estimated size: 929
install date: 20051211
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation

Google Earth 3.0.0548 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 50332196
install date: 20051018
install location: C:\Program Files\Google\Google Earth
install source: C:\DOCUME~1\User\LOCALS~1\Temp\bye9A.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
publisher: Google

({40602E2C-AB5C-4887-8093-3BFE5B8B95B3})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL

Visionneuse Journal Windows Microsoft 1.5.2316.0 ({43DCF766-6838-4F9A-8C91-D92DA586DFA8})
version: 17107212
version (major): 1
version (minor): 5
estimated size: 3864
install date: 20051126
install source: C:\DOCUME~1\User\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
publisher: Microsoft
comments: Visionneuse de documents créés avec l'application Journal Windows.
contact: Microsoft

Norton Internet Security 8.0.6.2 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 134217734
version (major): 8
estimated size: 717
install date: 20051211
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation

Norton Internet Security 8.0.6.2 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 134217734
version (major): 8
estimated size: 2321
install date: 20051211
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

Norton Internet Security 8.0.6.2 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 134217734
version (major): 8
estimated size: 1081
install date: 20051211
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation

Norton AntiSpam 2005.1.0.163 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2005
version (minor): 1
estimated size: 10147
install date: 20051211
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051018
install source: C:\DOCUME~1\User\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

ASUS GameFace Live 2.50.0002 ({68D8533B-9EE7-46AB-B8B2-D643F888C5DF})
version: 36831234
version (major): 2
version (minor): 50
estimated size: 22032
install date: 20051008
install location: C:\Program Files\ASUS\ASUS GameFace Live\
install source: E:\Utility\GameFace\
publisher: ASUSTeK Computer Inc.
contact: Technical Support Department
help link: http://www.asus.com
help telephone: +886-2-2894-3447

SPBBC 1.00.0000 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 16777216
version (major): 1
estimated size: 1423
install date: 20051211
install location: C:\Program Files\Norton Internet Security\Norton AntiVirus\
install source: C:\DOCUME~1\User\LOCALS~1\Temp\NIS\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Your Company Name

Symantec SCSSDist MSI 1.0.0 ({845AF1DD-3618-471F-9745-B1CD9378F669})