Désinstaller barre et bloquage de prog

albertman, le mercredi 22 mars 2006 à 14:09:14

Voilà j'ai la barre d'outils SearchToolbar qui s'est installée et je ne peux la supprimer. Comment faire ???

De plus les prog Spybot et Ad-aware se bloquent peu après leur démarrage.

Merci de m'aider

Répondre à albertman Signaler ce message aux modérateurs Aller au dernier message

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Kristopher, le mercredi 22 mars 2006 à 14:18:39

Bonjour ??

Pour faire simple :

SearchToolbar = Adware.W32.SearchNugget

1/ Télécharge et scanne ton PC avec Ewido Security Suite : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html
Copie/colle le rapport entier sur le forum.

2/ Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport entier sur le forum.

3/ Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
- Installe le dans son propre dossier.
Par exemple, C:\HijackThis
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Bonne chance.

++
Copyright © Kristopher

Répondre à Kristopher

1Ce message vous semble utile, votez !
Ce message ne vous semble pas utile, votez !
Signaler ce message aux modérateurs

Albertman, le mercredi 22 mars 2006 à 14:50:12

Rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 14:48:02, on 22/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\NotifyPhoneBook.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrateur\Bureau\Mathieu\Divers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\System32\NBA Live 2006 crack.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [prgsys0984] MONITER.exe
O4 - HKLM\..\Run: [WTFCTF] ftbar.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pense-Bête] C:\Program Files\Pense-bete\pb79d.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: SMScatcher Texte - C:\Documents and Settings\Administrateur\Bureau\Thierry\getText.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potf_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D6912DF-0160-406B-8197-5226CF487B79}: NameServer = 85.255.116.134,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C68F916-3610-49A9-AECB-1067D4F1155C}: NameServer = 85.255.116.134 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7D3BD4-E3BD-4CD6-A22D-DA09FCCDCA25}: NameServer = 85.255.116.134,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B124A2D2-C5A2-42BB-BC68-A86A9D43257B}: NameServer = 85.255.116.134,85.255.112.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Il ne veut pas me faire le point 1 il y a tjrs un problème

Répondre à Albertman

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

albertman, le mercredi 22 mars 2006 à 14:56:41

Il doit y avoir autre chose comme virus car je ne sais plus aller sur Word et je ne sais plus utiliser MSN........

Répondre à albertman

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Kristopher, le mercredi 22 mars 2006 à 15:32:26

Fais ce qui est demandé et dans l'ordre de préférence.
Copyright © Kristopher

Répondre à Kristopher

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

albertman, le mercredi 22 mars 2006 à 19:21:53

Pour le point 1 :

Il me met après 27,5 % d'analyse :

SecuritySuite.exe a rencontré un problème et doit fermer .....

Répondre à albertman

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

albertman, le mercredi 22 mars 2006 à 19:29:14

Voilà ce que j'obtiens dans spybot qui plante aussi

--- Search result list ---
Erreur lors des vérifications!: All-In-One Telcom [19] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) ()

Erreur lors des vérifications!: All-In-One Telcom [20] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) ()

Erreur lors des vérifications!: All-In-One Telcom [21] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) ()

Erreur lors des vérifications!: All-In-One Telcom [22] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) ()

Erreur lors des vérifications!: All-In-One Telcom [23] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) ()

Erreur lors des vérifications!: All-In-One Telcom [24] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) ()

Erreur lors des vérifications!: All-In-One Telcom [39] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) ()

Erreur lors des vérifications!: All-In-One Telcom [40] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) ()

Erreur lors des vérifications!: All-In-One Telcom [54] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) ()

Erreur lors des vérifications!: All-In-One Telcom [55] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) ()

Erreur lors des vérifications!: All-In-One Telcom [58] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) ()

Erreur lors des vérifications!: All-In-One Telcom [60] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) ()

Erreur lors des vérifications!: All-In-One Telcom [68] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000004) ()

Erreur lors des vérifications!: All-In-One Telcom [69] (Access violation at address 005A4BA7 in module 'SpybotSD.exe'. Read of address 00000014) ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-22 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-19 Includes\Cookies.sbi (*)
2006-03-19 Includes\Dialer.sbi (*)
2006-03-19 Includes\Hijackers.sbi (*)
2006-03-19 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-19 Includes\Malware.sbi (*)
2006-03-19 Includes\PUPS.sbi (*)
2006-03-19 Includes\Revision.sbi (*)
2006-03-19 Includes\Security.sbi (*)
2006-03-19 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-19 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Security Update for Microsoft Data Access Components
/ Windows Media Player: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows XP / SP2: Correctif Windows XP - KB823182
/ Windows XP / SP2: Correctif Windows XP - KB824105
/ Windows XP / SP2: Correctif Windows XP - KB824141
/ Windows XP / SP2: Correctif Windows XP - KB825119
/ Windows XP / SP2: Correctif Windows XP - KB826939
/ Windows XP / SP2: Correctif Windows XP - KB828035
/ Windows XP / SP2: Correctif Windows XP - KB828741
/ Windows XP / SP2: Correctif Windows XP - KB835732
/ Windows XP / SP2: Correctif Windows XP - KB837001
/ Windows XP / SP2: Correctif Windows XP (SP2) Q819696

--- Startup entries list ---
Located: HK_LM:Run, AME_CSA
command: rundll32 amecsa.cpl,RUN_DLL
file:

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
file: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 72536
MD5: eb1c955e1d279518ec5d6d13caf24a12

Located: HK_LM:Run, CloseDNF
command: C:\WINDOWS\System32\Utility.exe \1008
file: C:\WINDOWS\System32\Utility.exe
size: 282624
MD5: 62b05f4886742c430f0b5126626eb97f

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821f73b833c4daebc33c1a9a4b16bb5a

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
size: 172032
MD5: efa425c96f30751fcd79d7787fe4b075

Located: HK_LM:Run, I downloaded pirated Software from P2P and now I post my Hijack log whining
command: C:\WINDOWS\System32\NBA Live 2006 crack.exe
file:

Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: b5eca5948d7f8eaa00333231f33ea31a

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: f5f3a19013808113b1f3dada4379606a

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 32256
MD5: ac0f912ea7571e9c1ad7b64c83f72bd9

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: 99b4b415dd1be7325deda3b88df5938a

Located: HK_LM:Run, PE2CKFNT SE
command: C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
file: C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
size: 25088
MD5: c0e2547956224aef28de1eb169d5bf94

Located: HK_LM:Run, POINTER
command: point32.exe
file:

Located: HK_LM:Run, prgsys0984
command: MONITER.exe
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 5d22b4258489575412f6d18affc847a2

Located: HK_LM:Run, snpstd
command: C:\WINDOWS\vsnpstd.exe
file: C:\WINDOWS\vsnpstd.exe
size: 40960
MD5: f14bd811617d3485ef3a8b6bff880024

Located: HK_LM:Run, System service79
command: C:\WINDOWS\\\etb\\pokapoka79.exe
file:

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
size: 180269
MD5: 006220ee86eb71c5884f415eaa9e8058

Located: HK_LM:Run, WTFCTF
command: ftbar.exe
file:

Located: HK_LM:Run, WTFCTF
command: ftbar.exe
file:

Located: HK_CU:Run, IncrediMail
command: C:\Program Files\IncrediMail\bin\IncMail.exe /c
file:

Located: HK_CU:Run, msnmsgr
command: "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
file: C:\PROGRA~1\MSNMES~1\msnmsgr.exe
size: 7094272
MD5: 9aeae16c278de790b083bca987824b36

Located: HK_CU:Run, Pense-Bête
command: C:\Program Files\Pense-bete\pb79d.exe
file:

Located: HK_CU:Run, prcmon
command: xsetup.exe
file:

Located: HK_CU:Run, StatusCheck
command: 34763.exe
file:

Located: HK_CU:Run, SYSTRAV
command: avpmondll.exe
file:

Located: HK_CU:Run, taskdir
command: C:\WINDOWS\System32\taskdir.exe
file: C:\WINDOWS\System32\taskdir.exe
size: 51127
MD5: 6f2ed1b899c1fc62c0e081a8d24fc455

Located: Démarrage (tous utilisateurs), Adobe Gamma Loader.lnk
command: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa

Located: Démarrage (tous utilisateurs), InterCheck Monitor.LNK
command: C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
file: C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
size: 208896
MD5: 3aed3bb5c4f05a9939c9fca170a61f48

Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{08BEC6AA-49FC-4379-3587-4B21E286C19E} (SearchToolbar)
BHO name:
CLSID name: SearchToolbar
Path: C:\WINDOWS\System32\
Long name: sycay.dll
Short name:
Date (created): 22/03/2006 12:04:10
Date (last access): 22/03/2006 19:11:10
Date (last write): 22/03/2006 12:04:10
Filesize: 155648
Attributes: archive
MD5: B88F36AD1B0775AAE6B7FCA1C667032D
CRC32: A74BBBED
Version: 1.0.0.1

{77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
BHO name:
CLSID name:

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 23/02/2006 16:38:46
Date (last access): 22/03/2006 19:11:10
Date (last write): 14/02/2006 20:06:14
Filesize: 1204224
Attributes: readonly archive
MD5: D91CB7361D7814035F543C7CCAE9DD60
CRC32: 16D568FF
Version: 3.0.131.0

--- ActiveX list ---
Yahoo! Pool 2 (Yahoo! Pool 2)
DPF name: Yahoo! Pool 2
CLSID name:
Installer:
Codebase: http://download.games.yahoo.com/games/clients/y/potf_x.cab

{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/templates/ieawsdc.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 23/08/2004 15:18:14
Date (last access): 22/03/2006 16:11:48
Date (last write): 23/08/2004 15:18:14
Filesize: 87240
Attributes: archive
MD5: 4A693868D8FA24258FE3800D94D7629E
CRC32: 479B10C8
Version: 11.0.6007.0

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 19/05/2004 11:43:38
Date (last access): 22/03/2006 16:25:58
Date (last write): 9/09/2004 14:45:18
Filesize: 54488
Attributes: archive
MD5: 12EF836DCCCDD0211F3E09D72812B9C6
CRC32: 8038F1E1
Version: 10.1.0.11

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MSNPupld.inf
Codebase: http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: MsnPUpld.dll
Short name:
Date (created): 8/10/2004 16:01:22
Date (last access): 22/03/2006 16:11:46
Date (last write): 8/10/2004 16:01:22
Filesize: 372736
Attributes: archive
MD5: D2ED523BB0FE94F8F492BEFE1C336040
CRC32: C4677625
Version: 10.0.910.0

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\oscan8.inf
Codebase: http://download.bitdefender.com/resources/scan8/oscan8.cab
Path: C:\WINDOWS\DOWNLO~1\CONFLICT.1\
Long name: oscan8.ocx
Short name:
Date (created): 9/03/2005 15:40:44
Date (last access): 22/03/2006 19:11:00
Date (last write): 9/03/2005 15:40:44
Filesize: 475136
Attributes: archive
MD5: 38F3695A3824342E29703D28404B121A
CRC32: AD9D0B16
Version: 1.0.0.1

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player)
DPF name:
CLSID name: Zylom Games Player
Installer: C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
Codebase: http://game02.zylom.com/activex/zylomgamesplayer.cab
Path: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\
Long name: zylomgamesplayer.dll
Short name: ZYLOMG~1.DLL
Date (created): 13/01/2006 17:03:56
Date (last access): 22/03/2006 15:21:52
Date (last write): 28/04/2005 10:43:12
Filesize: 155648
Attributes: archive
MD5: DD952BCB596DB2AA9AF8BD89F77CE98F
CRC32: 10FBFA3F
Version: 2.0.0.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 596 ( 4) \SystemRoot\System32\smss.exe
PID: 684 ( 596) \??\C:\WINDOWS\system32\csrss.exe
PID: 708 ( 596) \??\C:\WINDOWS\system32\winlogon.exe
PID: 752 ( 708) C:\WINDOWS\system32\services.exe
size: 101888
MD5: FC0691097471EE374907E1024EDCBD43
PID: 764 ( 708) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B7B1C150AFF59455DB4DF082815F88F5
PID: 952 ( 752) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 980 ( 752) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1104 ( 752) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1196 ( 752) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1392 ( 752) C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
size: 234640
MD5: 1785A754806599D81E32556F3175687E
PID: 1460 (1432) C:\WINDOWS\Explorer.EXE
size: 1008128
MD5: 82FE0D400CB1AC937234467B927B867A
PID: 1500 ( 752) C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
size: 255120
MD5: 9C39485B6BFB8F89E5C352BA3F6AB06D
PID: 1644 ( 752) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: B1CE5287F096895D9BE26EB86F4D5FAF
PID: 1736 ( 752) C:\WINDOWS\System32\drivers\CDAC11BA.EXE
size: 54784
MD5: C10D484A89EE0566D6A7B45A1D1F310C
PID: 1772 ( 752) C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 6E7F3D4829335322156BB1E52E6D45F7
PID: 1816 ( 752) C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
size: 11776
MD5: 80858F87275634946EED13B514222CDB
PID: 1884 ( 752) C:\WINDOWS\System32\nvsvc32.exe
size: 69632
MD5: 26712CF8BE48BC767854927435C0B6A9
PID: 2016 ( 752) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 156 ( 752) C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
size: 159744
MD5: 99F584C7ABD7E58A5F07799B4544EF58
PID: 212 ( 752) C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
size: 290816
MD5: 1297C94D5EA8CFC63493E4B0FFFC1800
PID: 288 (1460) C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: B5ECA5948D7F8EAA00333231F33EA31A
PID: 300 (1460) C:\Program Files\Microsoft Hardware\Mouse\point32.exe
size: 176128
MD5: 44FCD222D8A4BCFF2C944C081AEAD78C
PID: 332 (1460) C:\WINDOWS\System32\rundll32.exe
size: 32256
MD5: AC0F912EA7571E9C1AD7B64C83F72BD9
PID: 432 (1460) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
size: 172032
MD5: EFA425C96F30751FCD79D7787FE4B075
PID: 440 ( 752) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 448 ( 332) C:\WINDOWS\System32\NotifyPhoneBook.exe
size: 81920
MD5: C42292B956DD31B3F79640CE5A462C10
PID: 476 (1460) C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 72536
MD5: EB1C955E1D279518EC5D6D13CAF24A12
PID: 536 (1460) C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: F5F3A19013808113B1F3DADA4379606A
PID: 544 (1460) C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
PID: 564 (1460) C:\WINDOWS\vsnpstd.exe
size: 40960
MD5: F14BD811617D3485EF3A8B6BFF880024
PID: 584 (1460) C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
size: 180269
MD5: 006220EE86EB71C5884F415EAA9E8058
PID: 1288 (1460) C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
size: 208896
MD5: 3AED3BB5C4F05A9939C9FCA170A61F48
PID: 2448 ( 952) C:\PROGRA~1\INCRED~1\bin\IMApp.exe
size: 131113
MD5: 9867991369A9EE0DDB78A80CDE38AA4B
PID: 2268 ( 964) C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8
PID: 2844 (1460) C:\Program Files\Messenger\msmsgs.exe
size: 1491216
MD5: 86E14CA9134602A7A75C108279D263E0
PID: 2892 (1460) C:\Program Files\ewido anti-malware\SecuritySuite.exe
size: 528448
MD5: 87DE2E52B80DDBE0673A20512588DA3C
PID: 2872 (2892) C:\WINDOWS\System32\dwwin.exe
size: 180224
MD5: 50BBAE1656237FBFE88D8C492A0B5C69
PID: 224 (1460) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 22/03/2006 19:27:11

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.be/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: NL MSAFD Tcpip [TCP/IP]
GUID: {B99D5C5D-BFC6-4DF3-A1BA-6005DEF61424}
Filename: C:\Program Files\NetLimiter\nl_lsp.dll

Protocol 1: NL MSAFD Tcpip [UDP/IP]
GUID: {8C355D72-E2B2-46BB-AD5E-ECF3651F7897}
Filename: C:\Program Files\NetLimiter\nl_lsp.dll

Protocol 2: NL MSAFD Tcpip [RAW/IP]
GUID: {BCA02D14-673B-45A5-987A-CCB9CE4325CA}
Filename: C:\Program Files\NetLimiter\nl_lsp.dll

Protocol 3: NL RSVP UDP Service Provider
GUID: {A6DCBB8A-D425-44D3-99E5-C8739649D012}
Filename: C:\Program Files\NetLimiter\nl_lsp.dll

Protocol 4: NL RSVP TCP Service Provider
GUID: {4C13D038-0579-4CDC-98A6-D6ACDC2B402E}
Filename: C:\Program Files\NetLimiter\nl_lsp.dll

Protocol 10: MSAFD ATM AAL5
GUID: {C3656046-3AAF-11D1-A8C3-00C04FC99C9C}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 23: NL LSP
GUID: {FFC85092-6E55-4039-B7ED-00DBFD3F3189}
Filename: C:\Program Files\NetLimiter\nl_lsp.dll

--- Uninstall list ---
a-squared Free 1.6 1.6 (a-squared Free_is1)
install location: C:\Program Files\a2 Free\
uninstall cmd: "C:\Program Files\a2 Free\unins000.exe"
publisher: Emsi Software GmbH
help link: http://forum.emsisoft.com

Le Maillon Faible (Activision_lmfUninstallKey)
uninstall cmd: C:\PROGRA~1\ACTIVI~1\LEMAIL~1\UNINST~1\UNINST~1.EXE C:\Program Files\Activision\Le Maillon Faible\uninstall\Le Maillon Faible.log

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\Documents and Settings\Administrateur\Local Settings\Temp\pftA~tmp\
uninstall cmd: C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

Adobe Photoshop 7.0.1 7.0.1 (Adobe Photoshop 7.0.1)
version (major): 7
install location: C:\Program Files\Adobe\Photoshop 7.0
install source: C:\Documents and Settings\Administrateur\Local Settings\Temp\pft5B~tmp\
uninstall cmd: C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)
uninstall cmd: "C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe"

(Branding)

SafeCast Shared Components (CdaC13Ba)
version (major): 2
version (minor): 20
install location: C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\
uninstall cmd: C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
publisher: Macrovision

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

CopyToDVD Suite 3 3.0.20 (CopyToDVD_is1)
install location: C:\Program Files\VSO\
uninstall cmd: "C:\Program Files\VSO\unins000.exe"
publisher: VSO Software

(DirectAnimation)

(DirectDrawEx)

DivX 5.0.2 Pro Bundle (DivX 5.0.2 Pro Bundle)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log

DivXG400 (DivXG400)
uninstall cmd: "C:\WINDOWS\IPUI_DivXG400.exe" /U /D

DJMixStation 2 feat. Virtual DJ (DJMixStation 2 feat. Virtual DJ)
uninstall cmd: C:\eJay\DJMIXS~1\UNWISE.EXE C:\eJay\DJMIXS~1\INSTALL.LOG

(DjVu)

DVD Shrink 3.2 (DVD Shrink_is1)
install location: C:\Program Files\DVD Shrink\
uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe"
publisher: DVD Shrink
help link: http://www.dvdshrink.org

(DXM_Runtime)

Easy CD-DA Extractor 6.2 (Easy CD-DA Extractor 6.2)
uninstall cmd: C:\WINDOWS\iun6002.exe "C:\Program Files\Easy CD-DA Extractor 6\irunin.ini"

easyplanet features (easyplanet)
uninstall cmd: rundll32.exe C:\PROGRA~1\EASYPL~1\INSTAL~1/INSTAL~1.DLL,EUninstall

(EG003)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -fc:\Hager\EG003\Uninst.isu

Select CashBack (ek1c6msm)
uninstall cmd: C:\WINDOWS\ek1c6msm.exe

Hager - Tehalit 4.0 (Elcom 4.0)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"c:\Hager\Elcom 4.0\Uninst.isu"

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

ffdshow (remove only) (ffdshow)
uninstall cmd: "C:\Program Files\ffdshow\uninstall.exe"

(Fontcore)

FusionSoft DVD Player XP Version 4.5 (FusionSoft DVD Player XP_is1)
uninstall cmd: "C:\Program Files\FusionSoft DVD Player XP\unins000.exe"
publisher: FusionSoft
help link: http://fusionsoft.multimania.com

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Administrateur\Bureau\Mathieu\Divers\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp deskjet 5100 series (hp deskjet 5100 series_Driver)
uninstall cmd: rundll32 hpzcon08.dll,VendorJettison hp deskjet 5100 series

hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe

Huffyuv AVI lossless video codec (Remove Only) (HUFFYUV)
uninstall cmd: rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Internet Explorer Q832894 (ieupdate)
uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf

IKEA Home Planner Office (IKEA Home Planner Office)
uninstall cmd: C:\PROGRA~1\IKEAHO~1\UNWISE.EXE C:\PROGRA~1\IKEAHO~1\INSTALL.LOG

IncrediMail Xe (IncrediMail)
uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log

(InstallShield Uninstall Information)

PowerQuest PartitionMagic 8.0 8.00.000 (InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804})
version: 134217728
version (major): 8
estimated size: 46074
install date: 20031017
install location: C:\Program Files\PowerQuest\PartitionMagic 8.0\
install source: D:\Partition Magic 8.0\Setup\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
publisher: PowerQuest
comments: PowerQuest Inc.
contact: Customer Support Department
help link: http://www.powerquest.com/support
help telephone: 1-801-226-6834
readme: Readme.txt

Electronic Arts Product Registration 1.01.0000 (InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1689
install date: 20031214
install source: E:\Support\eapr\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D7D50E0C-27DD-4999-BC05-E026B580F93A} /l1036
publisher: Electronic Arts
comments: Vos remarques
contact: Service support clientèle
help link: http://www.uk.ea.com
help telephone: 09067 53 22 53

InterActual Player (InterActual Player)
uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe

Correctif Windows XP - KB823182 20030724.164137 (KB823182)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823182

Correctif Windows XP - KB824105 20030724.164954 (KB824105)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824105

Correctif Windows XP - KB824141 20030925.103830 (KB824141)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824141

Correctif Windows XP - KB825119 20030828.114011 (KB825119)
uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=825119

Correctif Windows XP - KB826939 20030902.221438 (KB826939)
uninstall cmd: C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=826939

Correctif Windows XP - KB828035 20031021.165340 (KB828035)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

Correctif Windows XP - KB828741 20040305.182524 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Correctif Windows XP - KB835732 20040329.175712 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Correctif Windows XP - KB837001 20040317.231038 (KB837001)
uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837001

LiveUpdate 1.90 (Symantec Corporation) 1.90.15.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log

Configurateur électronique (magnet)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -fc:\Hager\Magnet\Uninst.isu

Micro Application - Kit d'Impression CD 2000 (Micro Application - Kit d'Impression CD 2000)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Kit d'Impression CD 2000\Uninst.isu"

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

Messenger Plus! 3 (MsgPlus! Plugin)
uninstall cmd: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

(MsJavaVM)

Barre d'outils MSN (MSN Toolbar)
uninstall cmd: C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\mtbs.exe c

Complément MSN pour Windows Messenger (MSNEXT)
uninstall cmd: rundll32.exe "C:\Program Files\Messenger\MSGSC.dll",UnregisterMSNExt

Neodivx 9.2 Crystal Fusion (Neodivx 9.2 Crystal Fusion_is1)
uninstall cmd: "C:\Program Files\Neodivx\unins000.exe"
publisher: Neodivx 9.2 Crystal Fusion
help link: http://www.neodivx.org

Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NetLimiter 1.30 (remove only) (NetLimiter)
uninstall cmd: "C:\Program Files\NetLimiter\nluninst.exe"

(NetMeeting)

Nikon FotoShare 1.0.1.0 (Nikon FotoShare)
uninstall cmd: C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
contact: FotoSharefr@pixology.com

NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: C:\WINDOWS\System32\msiuins.exe

Outlook Express Q837009 (oeupdate)
uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Plitote boeder Sm@rtScan (Plitote boeder Sm@rtScan)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\TWAIN_32\Sm@rtScan\Uninst.isu

Intel(R) PRO Network Adapters and Drivers (PROSet)
uninstall cmd: Prounstl.exe

Correctif Windows XP (SP2) Q819696 20030513.103008 (Q819696)
uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=819696

Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] (Q828026)
uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828026

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

Semiolog (Semiolog2)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -fc:\Hager\Semiolog\Uninst.isu

(Sevinst)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

SMScatcher (SMScatcher)
uninstall cmd: C:\WINDOWS\GPInstall.exe "/UNINST=C:\Documents and Settings\Administrateur\Bureau\Thierry\UnInst.log" "/APPNAME=SMScatcher"

Sophos Anti-Virus version 3.86.1 (Sophos-SweepNT)
uninstall cmd: "C:\Program Files\Sophos SWEEP for NT\setup.exe" remove

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

TextBridge Classic 2.0 (TextBridge Classic 2.0)
uninstall cmd: "C:\Program Files\TextBridge Classic 2.0\bin\setup.exe" -funinst.ins

Top Congés 1.2.0.5 (Top Congés_is1)
install location: C:\Program Files\Top Conges\
uninstall cmd: "C:\Program Files\Top Conges\unins000.exe"
publisher: LOGIC ANTILLES
help link: mailto:support@logicantilles.com

Ulead Photo Express 2.0 SE (Ulead Photo Express 2.0 SE)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\IS32Inst.dll"

(UninstallWipModem)

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinISO 5.3 (WinISO_is1)
uninstall cmd: "C:\Program Files\WinISO\unins000.exe"
publisher: WinISO Computing Inc.
help link: http://www.winiso.com

Archiveur WinRAR (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip 8.1 SR-1 (5266f) (WinZip)
version (major): 8
version (minor): 1
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/wzredir.cgi?FRSWZX

XviD Video Codec 24062003-1 (Koepi's developer build) (XviD)
uninstall cmd: "C:\Program Files\XviD\UninstXviD.exe"

Zylom Games Player Plugin (Zylom Games Player Plugin)
install location: C:\Program Files\Zylom Games\
uninstall cmd: "C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall
publisher: Zylom Games

Microsoft Office 2000 CD-ROM 2 9.00.2720 ({0004040C-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 67249
install date: 20031019
install source: E:\
uninstall cmd: MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

Adobe Photoshop Album 2.0 Edition Découverte 2.00.000 ({11B569C2-4BF6-4ED0-9D17-A4273943CB24})
version: 33554432
version (major): 2
estimated size: 15975
install date: 20050328
install source: C:\WINDOWS\Downloaded Installations\{FB590DCB-74FE-4352-A2C5-1BEAAC216F7E}\
uninstall cmd: MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\readme.txt

HP Software Update 3.0.5.001 ({15EE79F4-4ED1-4267-9B0F-351009325D7D})
version: 50331653
version (major): 3
estimated size: 3910
install date: 20050404
install source: C:\WINDOWS\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\
uninstall cmd: MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
publisher: Hewlett-Packard
contact: http://www.hp.com/support

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

Microsoft IntelliPoint 4.1 4.10.0851 ({1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F})
version: 67765075
version (major): 4
version (minor): 10
estimated size: 6040
install date: 20031015
install source: e:\mouse\Setup\
publisher: Microsoft Corporation
help link: http://microsoft.com/support
help telephone:

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

J2SE Runtime Environment 5.0 Update 1 1.5.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0150010})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 154001
install date: 20050613
install source: http://java.sun.com/webapps/download/GetFile/1.5.0_01-b08/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_01\README.txt

WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2652
install date: 20031014
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

USB PC Camera 4.6.0.1 ({57383270-6F61-4DC8-A9B8-C1745FC29F38})
version: 67502080
install location: C:\Program Files\Sonix\USB PC Camera
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Symantec Network Driver Update 5.3.2 ({6AF90EF6-F7F9-466C-99F4-1774826FBB40})
version: 84082690
version (major): 5
version (minor): 3
estimated size: 2253
install date: 20040723
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.0_E\
uninstall cmd: MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
publisher: Symantec Corporation

PartitionMagic 8.00.000 ({6BE2A4A4-99FB-48ED-AE1E-4E850389F804})
version: 134217728
version (major): 8
estimated size: 46074
install date: 20031017
install location: C:\Program Files\PowerQuest\PartitionMagic 8.0\
install source: D:\Partition Magic 8.0\Setup\
publisher: PowerQuest
comments: PowerQuest Inc.
contact: Customer Support Department
help link: http://www.powerquest.com/support
help telephone: 1-801-226-6834
readme: Readme.txt

Java 2 Runtime Environment, SE v1.4.2_03 1.4.2_03 ({7148F0A8-6813-11D6-A77B-00B0D0142030})
version (major): 1
version (minor): 4
estimated size: 109952
install date: 20040907
install source: C:\Documents and Settings\Administrateur\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Lisez-moi.txt

DivX 6.0.3 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivXNetworks, Inc.

DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

Microsoft Office XP Professional 10.0.2627.5 ({9211040C-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 508394
install date: 20031014
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM

Découvrez la photographie numérique HP ({92B3EF78-3DB2-4DED-8DD1-F2DDF6EC2DF3})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B3EF78-3DB2-4DED-8DD1-F2DDF6EC2DF3}\Setup.exe" -l0x40c

CopyToDVD 2.4.15 ({93884E34-FD8F-46A9-A4D4-402868A5D51F}_is1)
uninstall cmd: "C:\Program Files\vso\CopyToDVD\unins000.exe"
publisher: VSO Software

Microsoft IntelliType Pro 2.2 2.20.447.0 ({9DE006A5-B384-4EDE-A760-0F217136B9EA})
version: 34865599
version (major): 2
version (minor): 20
estimated size: 6717
install date: 20031015
install source: e:\keyboard\Setup\
publisher: Microsoft
help link: http://microsoft.com/support
help telephone:

Adobe Reader 7.0 - Français 7.0.0 ({AC76BA86-7AD7-1036-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 74760
install date: 20060313
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.fr/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Disque de souvenirs HP 1.0.4.805 ({B376402D-58EA-45EA-BD50-DD924EB67A70})
version: 16777220
version (major): 1
estimated size: 23760
install date: 20031020
install source: E:\applications\cue\HPMD\
uninstall cmd: MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
publisher: Hewlett-Packard Company
comments: logiciel Créateur de disque de souvenirs HP
help link: http://www.hp.com
help telephone: (208) 323-2551

MSN Messenger 7.5 7.5.0324.0 ({BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 67111
install date: 20060210
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

Produit Suite driver modem ADSL ({BEBED42E-0BF4-11D5-928C-0060677630C4})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEBED42E-0BF4-11D5-928C-0060677630C4}\Setup.exe"

Nikon Message Center 0.91.000 ({D2FCC1AE-6311-47C5-8130-C6C66D77DD71})
version: 5963776
install location: C:\Program Files\Fichiers communs\Nikon\Message Center
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL

Symantec Script Blocking Installer 1.0.0 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 16777216
version (major): 1
estimated size: 385
install date: 20041007
install source: D:\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec

CC_ccStart 2.0.0.635 ({D6414CC7-F215-467F-88B1-546ED863F35B})
version: 33554432
version (major): 2
install date: 20041007
install source: D:\Support\ccStart\
uninstall cmd: MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
publisher: Symantec Corporation

Electronic Arts Product Registration 1.01.0000 ({D7D50E0C-27DD-4999-BC05-E026B580F93A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1689
install date: 20031214
install source: E:\Support\eapr\
publisher: Electronic Arts
comments: Vos remarques
contact: Service support clientèle
help link: http://www.uk.ea.com
help telephone: 09067 53 22 53

ccCommon 2.0.0.635 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 33554432
version (major): 2
estimated size: 4340
install date: 20041007
install source: D:\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec

SymNet 4.7.1 ({E47EE8FB-ACC0-4608-859C-4E2851B18A6A})
version: 67567617
version (major): 4
version (minor): 7
estimated size: 60
install date: 20041007
install source: D:\Support\SymNet\
uninstall cmd: MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
publisher: Symantec Corp

Norton AntiVirus Parent MSI 10.0.0 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 167772160
version (major): 10
estimated size: 1
install date: 20041007
install source: D:\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corp.

1.9.2.1705 ({E9F81423-211E-46B6-9AE0-38568BC5CF6F})
version: 17367042
version (major): 1
version (minor): 9
estimated size: 3925
install date: 20051219
install source: C:\Documents and Settings\Administrateur\Bureau\Mathieu\Divers\Alcohol 120% v1.9.2.1705 Multilanguage Serial (Ok)\Alcohol 120% v1.9.2.1705 Multilanguage + serial (OK)\
uninstall cmd: MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
help link: alcohol_dev@alcohol-soft.com

MP3 Player 2.0.0 ({EA470D3B-058E-4772-B020-3C8C1F652A2E})
version: 33554432
version (major): 2
estimated size: 2220
install date: 20041020
install source: D:\PCTOOLS\
uninstall cmd: MsiExec.exe /I{EA470D3B-058E-4772-B020-3C8C1F652A2E}
publisher: MP3

CM 03-04 4.1.0 ({F71C0208-1D32-439D-9257-F90F0BAACE6A})
version: 67174400
version (major): 4
version (minor): 1
estimated size: 429317
install date: 20040730
install source: D:\
publisher: Eidos
comments: Please contact Eidos Technical Support with any issues concerning CM4
contact: Technical Support
help link: http://www.eidos.co.uk/support/index.html
help telephone: 0870 9000 0222
readme: http://www.sigames.com

hp deskjet 5100 1.00.0000 ({FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D})
version: 16777216
version (major): 1
estimated size: 36925
install date: 20031020
install source: E:\
uninstall cmd: msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
publisher: Hewlett-Packard
help link: http://www.hp.com
help telephone: -
readme: 0

PictureProject 1.0 ({FF3999BE-1A7B-4738-88AA-97BF14094A4A})
version: 16777216
install location: C:\Program Files\Nikon\PictureProject
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL

--- System Services ---
Service (registry key): a347bus
Image path: System32\DRIVERS\a347bus.sys
Image size: 160640
Image MD5: 1F61CACACB521215F39061789147968C
Start: 0
Type: 1
Error Control: 1

Service (registry key): a347scsi
Image path: System32\Drivers\a347scsi.sys
Image size: 5248
Image MD5: 113E4B318BBAA7483CA4E582A4D63F49
Start: 0
Type: 1
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Pilote ACPI Microsoft
Image path: System32\DRIVERS\ACPI.sys
Image size: 180224
Image MD5: FFDEF54A7A4519CF7117536D43DEEFAB
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 142208
Image MD5: FF773FEDA15E8BD97FD54FE87A0ACDBE
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): AFS2K
Display name: AFS2k
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Display name: Filtre de bus AGP Intel
Image path: System32\DRIVERS\agp440.sys
Image size: 25472
Image MD5: 65880045C51AA36184841CEE915A61DF
Start: 0
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Realtek AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 752764
Image MD5: 02D94D2D336D3DE8C5E8FE04A62D552D
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Service de la passerelle de la couche Application
Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmeAtmPc
Display name: AmeAtmPc
Image path: System32\DRIVERS\AmeAtmPc.sys
Image size: 110179
Image MD5: D857FFF08F9EF56C81CD23C3CB583805
Start: 3
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): Aspi32
Start: 0
Type: 0
Error Control: 0

Service (registry key): AsyncMac
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: System32\DRIV

Répondre à albertman

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Kristopher, le jeudi 23 mars 2006 à 11:05:36

Re,

Ton dernier message où tu postes ton rapport Spybot est très long et totalement inutile - cela nous gênera juste pour la lecture de nos futures postes liés à tes problèmes. Fais seulement ce qui est demandé si non on va y passez toute la vie...

À cause de MessengerPlus! 3 ton PC est devenu une fontaine de spywares ! Désinstalle donc ce programme.

Ton PC reste toujours profondément infecté.

1/Coche et fixe ces lignes à l'aide de HijackThis :

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dll

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\sycay.dll

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028

Ainsi que ces 017 qui t'envoie directement en Ukraine :

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D6912DF-0160-406B-8197-5226CF487B79}: NameServer = 85.255.116.134,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C68F916-3610-49A9-AECB-1067D4F1155C}: NameServer = 85.255.116.134 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7D3BD4-E3BD-4CD6-A22D-DA09FCCDCA25}: NameServer = 85.255.116.134,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B124A2D2-C5A2-42BB-BC68-A86A9D43257B}: NameServer = 85.255.116.134,85.255.112.5

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

2/ Clique sur "démarrer"-> "Exécuter…" et tape "services.msc"

Repère ce service néfaste :

NTBOOTMGR (NTBOOT)

Double clic sur ce service, puis clique sur "Arrêter" et mets les sur "Désactivé".

3/ Cherche et efface ce fichier (en gras) :

C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

4/ Comme les virus ont pénétré dans ton PC :

Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport sur le forum.

Ensuite

Scanne ton PC avec cet antivirus en ligne : http://www.pandasoftware.com/activescan/fr/activescan_principal.htm
Copie/colle le rapport sur le forum.

5/ Après avoir tout fait dans cet ordre, reposte un nouveau log HijackThis et je te dirai les dernières lignes à fixer.

Bien à Toi ;)
Copyright © Kristopher

Répondre à Kristopher

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

albertman, le jeudi 23 mars 2006 à 16:20:10

voilà le rapport de Bitdefender :

BitDefender Online Scanner - Real Time Virus Report

Generated at: Thu, Mar 23, 2006 - 16:19:26

--------------------------------------------------------------------------------

Scan Info

Scanned Files
473504

Infected Files
21

Virus Detected

Trojan.Downloader.FFZ
12

Trojan.Fakealert
1

Trojan.Downloader.Tibs.BT
1

Adware.Iectr.A
7

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.