[OK] Analyse de log hijackthis

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede Invité » 07 Aoû 2005, 18:02

Salut nick
Je vais essayer ta manip mais il me semble que le parasite est encore là. En effet, quand je regarde les flux entrants et sortants de paquets de données lors que je suis connecté à Internet, c'est la folie ! (je vois cela en ouvrant "état de la connexion au réseau local") et je sens aussi que ma machine bosse en tache de fond mais sans proces actif visible via le gestionnaire des taches (ma fenêtre active se désactive de temps en temps une à 2 secondes).
De plus, après chaque connexion Internet, Spybots détecte un tas de cochennerie qui n'existaient plus avant la connexion.

A tout de suite...
Invité
 

Messagede Oravioli » 07 Aoû 2005, 18:29

Re-salut,
Lors de mes messages précédents, j'avais oublié de le connecter... Mouaaarrrrffffffff

J'ai fait ta manip. Rien ne bouge.

Spybots me détecte toujours l'indésirable.
Oravioli
 
Messages: 27
Inscription: 31 Déc 2004, 15:39

Messagede nickW » 07 Aoû 2005, 19:56

Bonsoir,

Pourrais-tu envoyer un log créé par Startdreck et un log HijackThis, tous deux créés en mode normal?

Télécharger et exécuter Startdreck:
Voir: http://assiste.com.free.fr/p/internet_u ... tdreck.php
Téléchargement: http://www.niksoft.at/download/startdreck.htm
Décompresser l'archive startdreck.zip dans un répertoire qui lui sera réservé (par exemple, c:\startdreck).

Lancer le programme par double clic sur StartDreck.exe

Trouver, en bas, un bouton nommé "Config" et cliquer dessus.
Localiser le bouton "unmark all" et cliquer dessus.

Cocher les cases comme ci-dessous:

Image

La case "refresh on exiting config dialog" doit rester cochée.
Cliquer sur le bouton "OK".

Attendre le nouvel affichage (c'est presque instantané).

Cliquer ensuite sur le bouton "Save".
Donner un nom au fichier de sauvegarde.

L'ouvrir dans un éditeur de texte (Notepad ou Wordpad).
S'il y a une grande quantité de lignes de type:
`127.0.0.1 localhost
`127.0.0.1 babe.the-killer.bz
`127.0.0.1 babe.k-lined.com
`127.0.0.1 etc, etc
il faut les supprimer.

Puis faire Fichier--->Sélectionner tout, Fichier--->Copier, puis le coller dans un message en réponse.

A suivre,

PS:
Le log Startdreck étant très long, tu devrais poster un premier message avec le log HijackThis, puis un second avec le log Startdreck.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Oravioli » 07 Aoû 2005, 22:10

Bonsoir, bonsoir

Manip effectuée. Log dans message suivant
Log startdreck

StartDreck (build 2.1.7 public stable) - 2005-08-07 @ 23:04:51 (GMT +02:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Robert at BUREAU-DES-MECS

»Registry
»Run Keys
»Current User
»Run
*MoneyAgent="D:\Applications Windows\Microsoft Money\System\mnyexpr.exe"
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
»RunOnce
»Local Machine
»Run
*NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
*VSOCheckTask="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
*VirusScan Online="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
*MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe
*MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
*RemoteControl="D:\Applications Windows\CyberLink\PowerDVD\PDVDServ.exe"
*EPSON Stylus C66 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
*Share-to-Web Namespace Daemon=D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
*SpybotSnD="D:\Applications Outils\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="D:\Applications Outils\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Personnalisation du navigateur/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Carnet d'adresses 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Mise à jour du Bureau Windows/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Démarrage\desktop.ini
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
*C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
*C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=C:\WINDOWS\UnDino.exe
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+384=\SystemRoot\System32\smss.exe
+432=\??\C:\WINDOWS\system32\csrss.exe
+456=\??\C:\WINDOWS\system32\winlogon.exe
+500=C:\WINDOWS\system32\services.exe
+512=C:\WINDOWS\system32\lsass.exe
+660=C:\WINDOWS\system32\svchost.exe
+736=C:\WINDOWS\system32\svchost.exe
+772=C:\WINDOWS\System32\svchost.exe
+820=C:\WINDOWS\System32\svchost.exe
+884=C:\WINDOWS\System32\svchost.exe
+996=C:\WINDOWS\system32\spoolsv.exe
+1132=c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
+1160=C:\WINDOWS\system32\pctspk.exe
+1256=C:\WINDOWS\System32\svchost.exe
+1276=C:\WINDOWS\system32\wdfmgr.exe
+1308=C:\Program Files\UPHClean\uphclean.exe
+1348=C:\WINDOWS\system32\svchost.exe
+1496=c:\PROGRA~1\mcafee.com\vso\mcshield.exe
+1584=C:\WINDOWS\System32\alg.exe
+1948=C:\WINDOWS\Explorer.EXE
+924=C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
+1072=C:\PROGRA~1\mcafee.com\agent\mcagent.exe
+1184=c:\progra~1\mcafee.com\vso\mcvsescn.exe
+1232=D:\Applications Windows\CyberLink\PowerDVD\PDVDServ.exe
+1152=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
+1664=D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
+1736=D:\Applications Windows\Microsoft Money\System\mnyexpr.exe
+548=C:\Program Files\Messenger\msmsgs.exe
+1916=D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
+2196=c:\progra~1\mcafee.com\vso\mcvsftsn.exe
+4088=D:\Applications Windows\Microsoft Office\Office10\WINWORD.EXE
+3232=D:\Protection ordinateur\startdreck\StartDreck.exe
»NT Services
*Avertissement Alerter - disabled
*Service de la passerelle de la couche Applicati ALG running on demand
`on
*Gestion d'applications AppMgmt - on demand
*Audio Windows AudioSrv running auto
*Service de transfert intelligent en arrière-pla BITS - on demand
`n
*Explorateur d'ordinateur Browser - auto
*Service d'indexation CiSvc - on demand
*Gestionnaire de l'Album ClipSrv - disabled
*Application système COM+ COMSysApp - on demand
*Services de cryptographie CryptSvc running auto
*Lanceur de processus serveur DCOM DcomLaunch running auto
*Client DHCP Dhcp running auto
*Service d'administration du Gestionnaire de dis dmadmin - on demand
`que logique
*Gestionnaire de disque logique dmserver running auto
*Client DNS Dnscache running auto
*Service de rapport d'erreurs ERSvc running auto
*Journal des événements Eventlog running auto
*Système d'événements de COM+ EventSystem running on demand
*Compatibilité avec le Changement rapide d'utili FastUserSwitchingCom - on demand
`sateur
*Aide et support helpsvc running auto
*Accès du périphérique d'interface utilisateur HidServ - disabled
*HTTP SSL HTTPFilter - on demand
*Service COM de gravure de CD IMAPI ImapiService - on demand
*Serveur lanmanserver running auto
*Station de travail lanmanworkstation running auto
*Assistance TCP/IP NetBIOS LmHosts running auto
*McAfee.com McShield McShield running on demand
*McAfee SecurityCenter Update Manager mcupdmgr.exe - on demand
*McAfee.com VirusScan Online Realtime Engine MCVSRte running auto
*Affichage des messages Messenger - disabled
*Partage de Bureau à distance NetMeeting mnmsrvc - on demand
*Distributed Transaction Coordinator MSDTC - on demand
*Windows Installer MSIServer - on demand
*DDE réseau NetDDE - disabled
*DSDM DDE réseau NetDDEdsdm - disabled
*Ouverture de session réseau Netlogon - on demand
*Connexions réseau Netman running on demand
*NLA (Network Location Awareness) Nla running on demand
*Fournisseur de la prise en charge de sécurité L NtLmSsp - on demand
`M NT
*Stockage amovible NtmsSvc - on demand
*PCTEL Speaker Phone Pctspk running auto
*Plug-and-Play PlugPlay running auto
*Services IPSEC PolicyAgent running auto
*Emplacement protégé ProtectedStorage running auto
*Gestionnaire de connexion automatique d'accès d RasAuto - on demand
`istant
*Gestionnaire de connexions d'accès distant RasMan running on demand
*Gestionnaire de session d'aide sur le Bureau à RDSessMgr - on demand
`distance
*Routage et accès distant RemoteAccess - disabled
*Accès à distance au Registre RemoteRegistry running auto
*Localisateur d'appels de procédure distante (RP RpcLocator - on demand
`C)
*Appel de procédure distante (RPC) RpcSs running auto
*QoS RSVP RSVP - on demand
*Gestionnaire de comptes de sécurité SamSs running auto
*Carte à puce SCardSvr - on demand
*Planificateur de tâches Schedule running auto
*Connexion secondaire seclogon running auto
*Notification d'événement système SENS running auto
*Pare-feu Windows / Partage de connexion Interne SharedAccess running auto
`t
*Détection matériel noyau ShellHWDetection running auto
*Spouleur d'impression Spooler running auto
*Service de restauration système srservice - auto
*Service de découvertes SSDP SSDPSRV running on demand
*Acquisition d'image Windows (WIA) stisvc running auto
*MS Software Shadow Copy Provider SwPrv - on demand
*Journaux et alertes de performance SysmonLog - on demand
*Téléphonie TapiSrv running on demand
*Services Terminal Server TermService running on demand
*Thèmes Themes running auto
*Telnet TlntSvr - disabled
*Client de suivi de lien distribué TrkWks running auto
*Windows User Mode Driver Framework UMWdf running auto
*User Profile Hive Cleanup UPHClean running auto
*Hôte de périphérique universel Plug-and-Play upnphost - on demand
*Onduleur UPS - on demand
*Cliché instantané de volume VSS - on demand
*Horloge Windows W32Time running auto
*WebClient WebClient running auto
*Infrastructure de gestion Windows winmgmt running auto
*Service de numéro de série du lecteur multimédi WmdmPmSN - on demand
`a portable
*Extensions du pilote WMI Wmi - on demand
*Carte de performance WMI WmiApSrv - on demand
*Centre de sécurité wscsvc running auto
*Mises à jour automatiques wuauserv running auto
*Configuration automatique sans fil WZCSVC running auto
*Service d'approvisionnement réseau xmlprov - on demand
»Application specific
Oravioli
 
Messages: 27
Inscription: 31 Déc 2004, 15:39

Messagede Oravioli » 07 Aoû 2005, 22:11

suite du message précédent...

log hijackthis sans avoir passé spybots, ni autre spyware

Logfile of HijackThis v1.99.1
Scan saved at 23:06:23, on 07/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Applications Windows\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Applications Windows\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Applications Windows\Microsoft Office\Office10\WINWORD.EXE
D:\Protection ordinateur\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.tiscali.fr/default.php?mode=local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Applications Windows\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Applications Outils\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MoneyAgent] "D:\Applications Windows\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Applications Windows\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Applications Windows\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\APPLIC~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Applications Windows\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/se ... r_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Oravioli
 
Messages: 27
Inscription: 31 Déc 2004, 15:39

Messagede Oravioli » 07 Aoû 2005, 22:12

bon courage nick et merci d'avance
Oravioli
 
Messages: 27
Inscription: 31 Déc 2004, 15:39

Messagede nickW » 08 Aoû 2005, 00:12

Bonsoir/jour,

Tu as écrit:
De plus, après chaque connexion Internet, Spybots détecte un tas de cochennerie qui n'existaient plus avant la connexion.


Lesquelles?

Pourrais-tu envoyer le rapport créé par Spybot-S&D (lorsqu'il détecte ces cochonneries).

Voici comment obtenir et envoyer un rapport complet.
Lancer SpyBot-S&D, faire une Recherche de mises à jour et les appliquer si trouvées.
Lancer un balayage complet ("Vérifier tout"), corriger les problèmes en rouge.
Sur la barre de menus principale, cliquer sur "Mode" et choisir "Mode avancé".
Dans le menu de gauche, choisir "Outils" puis "Voir le rapport".
Vérifier que toutes les options sont cochées sauf "N'incluez pas d'élément désactivé ou connu comme légal.".

Sélectionner (en haut) le bouton "Voir le rapport".
Appuyer sur "Exporter", dans la boîte de dialogue qui apparaît, choisir un emplacement et un nom de sauvegarde pour le fichier (en conservant le Type "Fichiers textes").

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Oravioli » 08 Aoû 2005, 09:12

Salut nick,

Depuis ton dernier message, j'ai tenté la manip suivante :
avec reglite, j'ai tenté de supprimer ISTBAR à l'adresse de registre HKEY_LOCAL_MACHINE\SOFTWARE\
réponse : ACCES DENIED.

et j'ai cherché sur l'ordinateur ISTBAR, résultat de la recherche : FXISTBAR.EXE-0B384564.pf


Je vais t'envoyer les logs que tu me demandes.

A plus
Oravioli
 
Messages: 27
Inscription: 31 Déc 2004, 15:39

Messagede Oravioli » 08 Aoû 2005, 09:45

Re
Par regedit, j'ai cherché dans la base de registre si éventuellement les clés
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

contenaient ISTBAR quelque part... RIEN

quand je vais sur la clé
HKEY_LOCAL_MACHINE\SOFTWARE\ISTBAR et que je clique sur Historyfiles, j'ai le message suivant : Impossible d'ouvrir Historyfiles, erreur lors de l'ouverture de la clé

A plus
Oravioli
 
Messages: 27
Inscription: 31 Déc 2004, 15:39

Messagede Oravioli » 08 Aoû 2005, 11:32

Salut nick,
Que penses tu de mes pistes sur la base de regsitre ?
A plus
ci dessous le rapport spybots

--- Search result list ---
ISearchTech.SideFind: Réglages (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar

Windows Security Center.FirewallDisableNotify: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.AntiVirusDisableNotify: Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-29 Includes\Dialer.sbi (*)
2005-08-04 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2005-08-04 Includes\Malware.sbi (*)
2005-08-04 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-02 Includes\Security.sbi (*)
2005-08-04 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-04 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: Correctif pour DirectX 9 - KB839643
/ Windows Media Player: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Correctif Windows XP - KB834707
/ Windows XP / SP3: Correctif Windows XP - KB867282
/ Windows XP / SP3: Correctif Windows XP - KB873333
/ Windows XP / SP3: Correctif Windows XP - KB873339
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB883939)
/ Windows XP / SP3: Correctif Windows XP - KB885250
/ Windows XP / SP3: Correctif Windows XP - KB885835
/ Windows XP / SP3: Correctif Windows XP - KB885836
/ Windows XP / SP3: Correctif Windows XP - KB885884
/ Windows XP / SP3: Correctif Windows XP - KB886185
/ Windows XP / SP3: Correctif Windows XP - KB887472
/ Windows XP / SP3: Correctif Windows XP - KB887742
/ Windows XP / SP3: Correctif Windows XP - KB888113
/ Windows XP / SP3: Correctif Windows XP - KB888302
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046)
/ Windows XP / SP3: Correctif Windows XP - KB890047
/ Windows XP / SP3: Correctif Windows XP - KB890175
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Correctif Windows XP - KB890923
/ Windows XP / SP3: Correctif Windows XP - KB891781
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893066)
/ Windows XP / SP3: Correctif Windows XP - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB903235)


--- Startup entries list ---
Located: HK_LM:Run, EPSON Stylus C66 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
size: 99840
MD5: 438f5a247ab69062442462924e92d3b5

Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 278528
MD5: c9a041d6e5211ca48aeba3ac1987d837

Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
file: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
size: 180224
MD5: ccda6063f9183eeb7799241914727218

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, RemoteControl
command: "D:\Applications Windows\CyberLink\PowerDVD\PDVDServ.exe"
file: D:\Applications Windows\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313

Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: 2f2bc80803f0638f6738e37f769e4bd0

Located: HK_LM:Run, VirusScan Online
command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 163840
MD5: 3fe1e841ed8483f7a75a1e86f6fc2216

Located: HK_LM:Run, VSOCheckTask
command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
size: 122880
MD5: 90cf41e5d4e8d3a88d8630da5c3b7a3a

Located: HK_CU:Run, MoneyAgent
command: "D:\Applications Windows\Microsoft Money\System\mnyexpr.exe"
file: D:\Applications Windows\Microsoft Money\System\mnyexpr.exe
size: 204863
MD5: e289b9f8721d0bcc4117c4cc973c75ee

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk
command: D:\Applications Windows\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: D:\Applications Windows\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
command: D:\Applications Windows\Microsoft Office\Office10\OSA.EXE
file: D:\Applications Windows\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---


--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

RaptisoftGameLoader (RaptisoftGameLoader)
DPF name: RaptisoftGameLoader
CLSID name:
Installer:
Codebase: http://www.miniclip.com/hamsterball/rap ... loader.cab

teleir_cert (teleir_cert)
DPF name: teleir_cert
CLSID name:
Installer:
Codebase: https://static.ir.dgi.minefi.gouv.fr/se ... r_cert.cab

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/ms ... b31267.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 15:00:18
Date (last access): 08/08/2005 12:23:18
Date (last write): 29/05/2003 15:00:18
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 7.1.9502.1

{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/Me ... b31267.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 06/04/2004 19:03:54
Date (last access): 08/08/2005 12:23:18
Date (last write): 06/04/2004 19:03:54
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 9.2.7513.1

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 12/07/2005 18:04:22
Date (last access): 08/08/2005 10:01:24
Date (last write): 12/07/2005 18:04:22
Filesize: 520456
Attributes: archive
MD5: 873B40B79F93C160AE7F1B88DA72E5F8
CRC32: 67A985E9
Version: 1.3.254.0

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/Mi ... b31267.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 15:00:22
Date (last access): 08/08/2005 12:23:18
Date (last write): 29/05/2003 15:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1

{32564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv8dmo.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 13/08/2004 18:10:50
Date (last access): 08/08/2005 12:23:18
Date (last write): 16/03/2005 09:09:56
Filesize: 1115848
Attributes: archive
MD5: 5CF5EBA8DA5EFAE945C93CD7433A4321
CRC32: 548889C0
Version: 1.0.3.24

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
Path: C:\WINDOWS\System32\
Long name: mcinsctl.dll
Short name:
Date (created): 09/06/2004 18:24:10
Date (last access): 08/08/2005 12:19:36
Date (last write): 09/06/2004 18:24:10
Filesize: 341088
Attributes: archive
MD5: 51C1F2F0034A18C9CB562F12CD392A30
CRC32: 904D5FFB
Version: 4.0.0.83

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/Me ... b31267.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~2.DLL
Date (created): 29/05/2003 15:00:20
Date (last access): 08/08/2005 12:23:18
Date (last write): 29/05/2003 15:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/msnme ... loader.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 05/11/2004 16:58:20
Date (last access): 08/08/2005 10:01:24
Date (last write): 05/11/2004 16:58:20
Filesize: 119496
Attributes: archive
MD5: 1B40AA6A5D25E6CB4EDFC4C717113161
CRC32: 4F5D45E3
Version: 1.0.0.1

{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZI ... b31267.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 06/04/2004 19:03:12
Date (last access): 08/08/2005 10:01:24
Date (last write): 06/04/2004 19:03:12
Filesize: 85032
Attributes: archive
MD5: 65431ACCF09A96C3BE53B7681BFFE44D
CRC32: C8777857
Version: 9.2.7513.1

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase: http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
Path: C:\WINDOWS\System32\
Long name: McGDMgr.dll
Short name:
Date (created): 14/06/2004 17:02:08
Date (last access): 08/08/2005 12:19:36
Date (last write): 14/06/2004 17:02:08
Filesize: 279640
Attributes: archive
MD5: E8074DB73A77854CD588B08398BE4FC2
CRC32: C5AFD416
Version: 1.0.0.20

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: https://download.macromedia.com/pub/sho ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 09/06/2004 15:59:26
Date (last access): 08/08/2005 11:08:52
Date (last write): 09/06/2004 15:59:26
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 384 ( 4) \SystemRoot\System32\smss.exe
PID: 432 ( 384) \??\C:\WINDOWS\system32\csrss.exe
PID: 456 ( 384) \??\C:\WINDOWS\system32\winlogon.exe
PID: 500 ( 456) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 63DCDE1A0D86EEB8924D6738FF616EAD
PID: 512 ( 456) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 259AF82A0932EEA4F316F92DB94707B6
PID: 660 ( 500) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 724 ( 500) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 760 ( 500) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 808 ( 500) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 848 ( 500) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 984 ( 500) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DF9FC62AD51CB082B0AE371919A232CB
PID: 1136 ( 500) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
size: 106496
MD5: B1E94B3ED8AF23AEBBC2CCFCCADBA104
PID: 1168 ( 500) C:\WINDOWS\system32\pctspk.exe
size: 86016
MD5: 9946F9F9B359B010E879D6FF0155D9B7
PID: 1244 ( 500) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1284 ( 500) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1316 ( 500) C:\Program Files\UPHClean\uphclean.exe
size: 192573
MD5: C65BDF0E5B5413D4FD939068666E564A
PID: 1356 ( 500) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1496 ( 500) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 225375
MD5: 97ADDEE4DC70929A8B482A7AE7842920
PID: 1588 ( 500) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: B43CC0F07752D456038CD0268E4D84E9
PID: 3404 (3164) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 2A7BD330924252A2FD80344FC949BB72
PID: 3448 (3404) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 163840
MD5: 3FE1E841ED8483F7A75A1E86F6FC2216
PID: 2588 (3404) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 278528
MD5: C9A041D6E5211CA48AEBA3AC1987D837
PID: 2396 (3404) D:\Applications Windows\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915A106A2FB87292CEF0AD4F36ADF313
PID: 3868 (3404) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
size: 99840
MD5: 438F5A247AB69062442462924E92D3B5
PID: 3876 (3404) D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: 2F2BC80803F0638F6738E37F769E4BD0
PID: 2884 (3404) D:\Applications Windows\Microsoft Money\System\mnyexpr.exe
size: 204863
MD5: E289B9F8721D0BCC4117C4CC973C75EE
PID: 580 (3404) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3456 (3448) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 417849
MD5: C87CCFAC151DA6D88F50608F2E3C8DC2
PID: 3644 ( 660) D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
size: 77824
MD5: A302AE354F6A164DB1AE2A778EA48B9D
PID: 4016 ( 660) c:\progra~1\mcafee.com\vso\mcvsftsn.exe
size: 221184
MD5: FE1642C18909CD2FBDE080CE4D7747E1
PID: 2380 (3404) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: 385D1644E676C96EB07848ADA63E37FA
PID: 2664 (3404) D:\Applications Windows\Microsoft Office\Office10\WINWORD.EXE
size: 10586696
MD5: 01A74D6DF1C292DD2BEFFE458237A71C
PID: 2704 (3404) D:\Applications Outils\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 08/08/2005 12:29:43

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://login.tiscali.fr/default.php?mode=local
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BCE6CFF-CE0D-4282-8CD6-E61F2DA900BD}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BCE6CFF-CE0D-4282-8CD6-E61F2DA900BD}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{096FA668-E886-4485-B49C-AA13E95AFF1F}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{096FA668-E886-4485-B49C-AA13E95AFF1F}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDC07232-9739-4D97-B426-B6B70F690DF7}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDC07232-9739-4D97-B426-B6B70F690DF7}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B94DDCE6-C433-4299-A06B-A3573E30DE20}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B94DDCE6-C433-4299-A06B-A3573E30DE20}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E923E6A4-B783-4D08-9B8D-11E596EEF472}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E923E6A4-B783-4D08-9B8D-11E596EEF472}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF08061F-DFBB-44A2-95BA-768BFDA7E618}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF08061F-DFBB-44A2-95BA-768BFDA7E618}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
a-squared Free 1.6 1.6 (a-squared Free_is1)
install location: D:\Protection ordinateur\a2free\
uninstall cmd: "D:\Protection ordinateur\a2free\unins000.exe"
publisher: Emsi Software GmbH
help link: http://forum.emsisoft.com

Ad-Aware SE Personal (Ad-Aware SE Personal)
uninstall cmd: D:\APPLIC~1\AD-AWA~1\UNWISE.EXE D:\APPLIC~1\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

(AddressBook)

AIDA32 v3.93 (AIDA32_is1)
uninstall cmd: "D:\Applications Windows\AIDA32 - Personal System Information\unins000.exe"
publisher: Tamas Miklos
help link: http://www.aida32.hu

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "D:\Applications Outils\CCleaner\uninst.exe"

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

(Creative WebCam NX)

(Creative WebCam NX Guide de l'utilisateur Francais)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

EPSON Logiciel imprimante (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r

ESC66 Guide de référence (ESC66 Guide de référence)
install location: C:\Program Files\EPSON\TPMANUAL\ESC66\REF_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESC66\REF_G\DOCUNINS.EXE

ESC66 Guide des logiciels (ESC66 Guide des logiciels)
install location: C:\Program Files\EPSON\TPMANUAL\ESC66\PQU_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESC66\PQU_G\DOCUNINS.EXE

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: D:\Protection ordinateur\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Electronic Arts Product Registration 1.01.0000 (InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1661
install date: 20050112
install source: E:\Support\eapr\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D7D50E0C-27DD-4999-BC05-E026B580F93A} /l1036
publisher: Electronic Arts
comments: Vos remarques
contact: Service support clientèle
help link: http://www.uk.ea.com
help telephone: 09067 53 22 53

InterActual Player (InterActual Player)
uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe

Correctif Windows XP - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Correctif Windows XP - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Correctif Windows XP - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Correctif Windows XP - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Mise à jour de sécurité pour Windows XP (KB883939) 1 (KB883939)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Correctif Windows XP - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Correctif Windows XP - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Correctif Windows XP - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Correctif Windows XP - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Correctif Windows XP - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Correctif Windows XP - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Correctif Windows XP - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Correctif Windows XP - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Correctif Windows XP - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Mise à jour de sécurité pour Windows XP (KB890046) 1 (KB890046)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Correctif Windows XP - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Correctif Windows XP - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Correctif Windows XP - KB890859 1 (KB890859)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Correctif Windows XP - KB890923 1 (KB890923)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Correctif Windows XP - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Correctif Windows XP - KB893066 1 (KB893066)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Correctif Windows XP - KB893086 1 (KB893086)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Mise à jour de sécurité pour Windows XP (KB896358) 1 (KB896358)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Mise à jour de sécurité pour Windows XP (KB896422) 1 (KB896422)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Mise à jour de sécurité pour Windows XP (KB896428) 1 (KB896428)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Mise à jour pour Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Mise à jour de sécurité pour Windows XP (KB901214) 1 (KB901214)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Mise à jour de sécurité pour Windows XP (KB903235) 1 (KB903235)
install date: 20050717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log

McAfee SecurityCenter (Mcafee SecurityCenter)
uninstall cmd: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

Ahead Nero - Burning Rom (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNERO.exe /UNINSTALL

(NetMeeting)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Registrar Lite 2.00 (Registrar Lite 2.00)
uninstall cmd: "D:\Protection ordinateur\Reglite\unwise.exe" D:\PROTEC~1\Reglite\INSTALL.LOG
publisher: Resplendence Software Projects Sp.
help link: http://www.resplendence.com

(SchedulingAgent)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: D:\Applications Outils\Spybot - Search & Destroy\
uninstall cmd: "D:\Applications Outils\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

McAfee VirusScan (VirusScan Online)
uninstall cmd: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040819.151636 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

WinZip 8.1 SR-1 (5266f) (WinZip)
version (major): 8
version (minor): 1
install location: D:\APPLIC~1\WINZIP\
uninstall cmd: "D:\Applications Windows\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/wzredir.cgi?FRSWZX

Sélecteur d'installation de Microsoft Works Suite 2003 (Works2003Setup)
uninstall cmd: C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
help link: http://www.microsoft.com/france/support/default.asp

Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui

Microsoft Money 11.0.100 ({01A2E33A-8ADA-42D1-9173-8F65149E952F})
version: 184549476
version (major): 11
estimated size: 49671
install date: 20040911
install location: INSTALLDIR
install source: E:\Money\
uninstall cmd: MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
publisher: Microsoft
comments: La base de données d'installation contient la logique et les données requises pour installer Money.
help link: http://www.microsoft.com/france/support
help telephone: http://www.microsoft.com/france/support

Extension Système de Microsoft Money 11.0.120 ({02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7})
version: 184549496
version (major): 11
estimated size: 6345
install date: 20040911
install source: E:\Money\
uninstall cmd: MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
publisher: Microsoft
comments: Permet d'installer les composants système utilisés par Microsoft Money.
help link: http://www.microsoft.com/france/support
help telephone: http://www.microsoft.com/france/support

Encyclopédie Microsoft Encarta 2003 2003 ({03460014-3975-4267-9F39-1DC4745090B7})
version (major): 2003
version (minor): 2003
estimated size: 532712
install date: 20040911
install source: E:\
uninstall cmd: MsiExec.exe /I{03460014-3975-4267-9F39-1DC4745090B7}
publisher: Microsoft Corporation
help link: http://support.microsoft.com

EPSON PRINT Image Framer Tool2.1 ({23B59ED4-C360-11D7-875B-0090CC005647})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything

WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2552
install date: 20040911
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

ShareIns 1.00.0000 ({590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09})
version: 16777216
version (major): 1
estimated size: 964
install date: 20040912
install source: E:\Media\Xtras\ShareIns\
publisher: Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20050731
install source: C:\DOCUME~1\Robert\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downlo ... .aspx/help
help telephone: 1-425.882.8080

EPSON PhotoQuicker3.5 ({65F5B7AF-3363-11D7-BB6B-00018021113F})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

({7BF68B83-5057-4D4B-0093-28285EEB9EE3})

EPSON Web-To-Page ({7F14F68C-17FA-4F88-B3FD-7F449C1EBF32})
install location: C:\Program Files\EPSON\EPSON Web-To-Page
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything

Jasc Paint Shop Pro 8 8.10.0000 ({81A34902-9D0B-4920-A25C-4CDC5D14B328})
version: 134873088
version (major): 8
version (minor): 10
estimated size: 122559
install date: 20040911
install source: D:\Applications Windows\Jasc Software Inc\Setup Files\Paint Shop Pro 8 Try And Buy Installer\
uninstall cmd: MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
publisher: Nom de votre société
comments: Jasc Software Inc Paint Shop Pro 8
contact: Service clientèle
help link: http://www.jasc.com/support2.asp
help telephone: (952) 930-9171

Microsoft Office XP Professional avec FrontPage 10.0.4330.0 ({9028040C-6000-11D3-8CFE-0050048383C9})
version: 167776490
version (major): 10
estimated size: 155159
install date: 20040911
install location: INSTALLLOCATION
install source: E:\
uninstall cmd: MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: D:\Applications Windows\Microsoft Office\Office10\1036\OFREAD10.HTM

MSN Messenger 7.0 7.0.0813 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600813})
version: 117441325
version (major): 7
estimated size: 11888
install date: 20050526
install source: C:\DOCUME~1\Florian\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}
publisher: Microsoft Corporation

Adobe Reader 7.0 - Français 7.0.0 ({AC76BA86-7AD7-1036-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 74464
install date: 20050102
install location: D:\Applications Windows\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.fr/support/main.html
help telephone:
readme: D:\Applications Windows\Adobe\Acrobat 7.0\Reader\Readme.htm

HP Photo and Imaging 1.0 - Scanjet 3500c Series 1.00.0000 ({B8E952E3-A823-443A-8493-39A0CCE0E3EB})
version: 16777216
version (major): 1
install date: 20050711
install source: E:\hpsw\
uninstall cmd: MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
publisher: {&Tahoma8}Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: +33 (0)1 43 62 34 34

User Profile Hive Cleanup Service 1.5.21 ({BF755CD9-E185-498A-AAFB-E9F8470AB1CC})
version: 17104917
version (major): 1
version (minor): 5
estimated size: 196
install date: 20050724
install source: D:\Applications a installer\
uninstall cmd: MsiExec.exe /I{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}
publisher: Microsoft Corporation
contact: Robin Caron

Electronic Arts Product Registration 1.01.0000 ({D7D50E0C-27DD-4999-BC05-E026B580F93A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1661
install date: 20050112
install source: E:\Support\eapr\
publisher: Electronic Arts
comments: Vos remarques
contact: Service support clientèle
help link: http://www.uk.ea.com
help telephone: 09067 53 22 53

OS Pack Works Suite 3.0.0.0000 ({E38D381A-ABCF-4D97-9D9C-B3A8529DCA15})
version: 50331648
version (major): 3
estimated size: 169
install date: 20040911
install source: E:\ospack\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/france
help telephone:



--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ac97intc
Display name: Service d'installation du pilote audio Intel(r) 82801 (WDM)
Image path: system32\drivers\ac97intc.sys
Image size: 96256
Image MD5: 0F2D66D5F08EBE2F77BB904288DCF6F0
Start: 3
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Pilote ACPI Microsoft
Image path: System32\DRIVERS\ACPI.sys
Image size: 188672
Image MD5: 0BD94FBFC14EA3606CD6CA4C0255BAA3
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: Environnement de prise en charge de réseau AFD
Description: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): AFS2K
Display name: AFS2k
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Service de la passerelle de la couche Application
Description: Offre la prise en charge des plug-ins de protocoles tiers pour le Partage de connexion Internet et le Pare-feu Windows.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: B43CC0F07752D456038CD0268E4D84E9
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): Aspi32
Start: 0
Type: 0
Error Control: 0

Service (registry key): AsyncMac
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: System32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: System32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: System32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Audio Windows
Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Pilote audio Stub
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Service de transfert intelligent en arrière-plan
Description: Transfère des fichiers en tâche de fond en utilisant la bande passante du réseau lors de ses périodes d'inactivité. Si le service est arrêté, des fonctionnalités telles que Windows Update et MSN Explorer ne pourront plus télécharger automatiquement des programmes et d'autres informations. Si ce service est désactivé, tous les services qui en dépendent explicitement peuvent présenter des problèmes de transfert de fichiers s'ils ne disposent pas d'un mécanisme sûr de remplacement pour transférer les fichier
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss

Service (registry key): Browser
Display name: Explorateur d'ordinateur
Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Décodeur sous-titre fermé
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 17024
Image MD5: 6163ED60B684BAB19D3352AB22FC48B2
Start: 3
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: Pilote de CD-ROM
Image path: System32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Service d'indexation
Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: ABFAC5D58218C0A655DFCAE2D8A535F3
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: Gestionnaire de l'Album
Description: Active le Gestionnaire de l'Album afin de stocker les informations et les partager avec des ordinateurs à distance. Si le service est arrêté, le Gestionnaire de l'Album ne pourra pas partager les informations avec des ordinateurs à distance. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: E42101918C50F754FC15367814FEC11C
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: Application système COM+
Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model) . Si le service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. Si ce service est désactivé, les services qui en dépendent de manière explicite ne pourront pas démarrer.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: 9B2CE161927038D4CABE0482A14FD052
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Services de cryptographie
Description: Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Display name: Lanceur de processus serveur DCOM
Description: Fournit la fonctionnalité de lancement des services DCOM.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Display name: Client DHCP
Description: Gère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Pilote de disque
Image path: System32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Service d'administration du Gestionnaire de disque logique
Description: Configure les lecteurs de disque durs et les volumes. Le service ne s'exécute que pour les processus de configurations puis s'arrête.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 225280
Image MD5: 647D03A59615FEE96D647D4426F1537E
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 800256
Image MD5: E2D3B7620310FE56685F9B15A6B404B3
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Pilote de Gestionnaire de disque logique
Image path: System32\drivers\dmio.sys
Image size: 154496
Image MD5: C77F5C20AA70197A69AA84BAA9DE43C8
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Gestionnaire de disque logique
Description: Détecte et analyse de nouveaux lecteurs de disque durs et envoie les informations de volume de disque au service gestionnaire administratif de disque logique pour la configuration. Si ce service est arrêté, l'état des disques dynamiques et les informations de configuration peuvent devenir obsolètes. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 2979B03D5382A602623C0535B16AB9C0
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Synthétiseur DLS du noyau Microsoft
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: Client DNS
Description: Résout et met en cache les noms DNS pour cet ordinateur. Si ce service est arrêté, l'ordinateur ne pourra pas résoudre les noms DNS et trouver les contrôleurs de domaine Active Directo
Oravioli
 
Messages: 27
Inscription: 31 Déc 2004, 15:39

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 16 invités

cron