re hotbar

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede nickW » 29 Déc 2005, 23:38

Bonsoir,

Les signes d'infection sont toujours présents. :evil:


Étape 1: Recherches dans le Registre
Aller sur http://www.billsway.com/vbspage/ et descendre jusqu'à Registry Search Tool
Télécharger RegSrch.zip, le décompresser dans un dossier qui lui est réservé (par exemple C:\Program Files\RegSrch).

Lancer RegSrch.vbs en faisant un clic droit dessus et en choisissant Ouvrir avec l'invite de commandes.
Taper HbTools dans la zone Enter search string... puis cliquer sur OK.
Laisser le script tourner (jusqu'à 5 minutes); Une petite fenêtre annonce le nombre d'occurrences trouvées.
Cliquer sur OK pour copier le résultat dans Wordpad.
Important: Enregistrer ce fichier (Fichier ---> Enregistrer sous HbTools.txt).


Lancer RegSrch.vbs en faisant un clic droit dessus et en choisissant Ouvrir avec l'invite de commandes.
Taper SinEspias dans la zone Enter search string... puis cliquer sur OK.
Laisser le script tourner (jusqu'à 5 minutes); Une petite fenêtre annonce le nombre d'occurrences trouvées.
Cliquer sur OK pour copier le résultat dans Wordpad.
Important: Enregistrer ce fichier (Fichier ---> Enregistrer sous SinEspias.txt).


Lancer RegSrch.vbs en faisant un clic droit dessus et en choisissant Ouvrir avec l'invite de commandes.
Taper atwynmhw dans la zone Enter search string... puis cliquer sur OK.
Laisser le script tourner (jusqu'à 5 minutes); Une petite fenêtre annonce le nombre d'occurrences trouvées.
Cliquer sur OK pour copier le résultat dans Wordpad.
Important: Enregistrer ce fichier (Fichier ---> Enregistrer sous atwynmhw.txt).


Étape 2: Rapport de Spybot-S&D
Lancer SpyBot-S&D.
Sur la barre de menus principale, cliquer sur "Mode" et choisir "Mode avancé".
Dans le menu de gauche, choisir "Outils" puis "Voir le rapport".
Décocher les options
*- "Inclure la liste des LSPs Winsock dans le rapport."
*- "Inclure la liste des désinstalleurs dans le rapport."
*- "N'incluez pas d'élément désactivé ou connu comme légal."

Sélectionner (en haut) le bouton "Voir le rapport".
Attendre l'affichage du rapport.
Appuyer sur "Exporter", dans la boîte de dialogue qui apparaît, choisir un emplacement et enregistrer le fichier sous Spybot-SD-051229.txt (en conservant le Type "Fichiers textes").


Copier en réponse le contenu des fichiers:
*- HbTools.txt
*- SinEspias.txt
*- atwynmhw.txt
*- Spybot-SD-051229.txt

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede suite... » 30 Déc 2005, 10:01

Bonjour,

*- HbTools.txt
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "HbTools" 30/12/2005 09:41:26

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\InprocServer32]
@="C:\\Program Files\\HbTools\\Bin\\4.7.2.0\\HbtWallpaper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]
"HbTools 4.7.2"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HbTools"="C:\\Program Files\\HbTools\\Bin\\4.7.2.0\\HbtOEAddOn.exe"

*- SinEspias.txt
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "SinEspias" 30/12/2005 09:46:33

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sin Espias"="C:\\Program Files\\SinEspias\\No-Spy.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stnospy"="C:\\Program Files\\SinEspias\\no-spy.exe /autorun"

*- atwynmhw.txt
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "atwynmhw" 30/12/2005 09:49:28

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ulzfayls"="C:\\WINDOWS\\system32\\atwynmhw.exe"

*- Spybot-SD-051229.txt
--- Search result list ---


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP3: Correctif Windows XP - KB873339
/ Windows XP / SP3: Correctif Windows XP - KB885250
/ Windows XP / SP3: Correctif Windows XP - KB885835
/ Windows XP / SP3: Correctif Windows XP - KB885836
/ Windows XP / SP3: Correctif Windows XP - KB885884
/ Windows XP / SP3: Correctif Windows XP - KB886185
/ Windows XP / SP3: Correctif Windows XP - KB887472
/ Windows XP / SP3: Correctif Windows XP - KB887742
/ Windows XP / SP3: Correctif Windows XP - KB888113
/ Windows XP / SP3: Correctif Windows XP - KB888302
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046)
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Correctif Windows XP - KB891781
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893066)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB894391)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896688)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899589)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905915)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB910437)


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
file: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 58992
MD5: 565126cc4a79ca46d555ffdd479e71e3

Located: HK_LM:Run, HbTools
command: C:\Program Files\HbTools\Bin\4.7.2.0\HbtOEAddOn.exe
file:

Located: HK_LM:Run, LWBMOUSE
command: C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
file: C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
size: 356352
MD5: 048ab569700ca72cac17b10137641aff

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: a6939e0f389095a9c77e70604f24dd1f

Located: HK_LM:Run, MULTIMEDIA KEYBOARD
command: C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
file: C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
size: 163840
MD5: a4f59cbe60373f8b1fddfa7b68de4f68

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, Sin Espias
command: C:\Program Files\SinEspias\No-Spy.exe /autorun
file:

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 67584
MD5: e0584ee5e7f07f04a879b19a37465588

Located: HK_LM:Run, stnospy
command: C:\Program Files\SinEspias\no-spy.exe /autorun
file:

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
size: 180269
MD5: 006220ee86eb71c5884f415eaa9e8058

Located: HK_LM:Run, ulzfayls
command: C:\WINDOWS\system32\atwynmhw.exe
file:

Located: HK_LM:RunServices, DJSNetCN
command: C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
file: C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
size: 43152
MD5: 0bda75a3de9dde31b77ef830c3cc2ff1

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247b568c2e53934873f4b655fe6a

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7094272
MD5: bcd239cb30b5356a019fd81e45d6636b

Located: HK_CU:Run, PixVillage
command: C:\Program Files\PixVillage\pixvillage.exe
file: C:\Program Files\PixVillage\pixvillage.exe
size: 4661248
MD5: 9918fb6d4c4c9cd5f2391e7ed5a5bb4f

Located: Démarrage (tous utilisateurs), Adobe Gamma Loader.exe.lnk
command: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Démarrage (tous utilisateurs), EPSON Status Monitor 3 Environment Check 2.lnk
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
size: 127488
MD5: 480a4c03fef58af24d840851edd186f9

Located: Démarrage (tous utilisateurs), InterVideo WinCinema Manager.lnk
command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 184320
MD5: 5a847f7d8d2d9dc37ac6167372356175

Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Démarrage (tous utilisateurs), NkvMon.exe.lnk
command: C:\Program Files\Nikon\NkView6\NkvMon.exe
file: C:\Program Files\Nikon\NkView6\NkvMon.exe
size: 241664
MD5: 29ab460bb765ee9289407b1b1532b4a6

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 24/09/2005 05:12:08
Date (last access): 30/12/2005 09:29:08
Date (last write): 24/09/2005 05:12:08
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 29/12/2005 17:06:24
Date (last access): 30/12/2005 09:29:08
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
BHO name:
CLSID name: CNisExtBho Class
description: NIS 2004,
classification: Legitimate
known filename: NISShExt.dll
info link: http://www.symantec.com/sabu/nis/nis_pe/
info source: TonyKlein
Path: C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\
Long name: NISShExt.dll
Short name:
Date (created): 23/05/2005 05:44:06
Date (last access): 30/12/2005 09:29:08
Date (last write): 23/05/2005 05:44:06
Filesize: 104048
Attributes: archive
MD5: 2C39F45F52708AEAFF707A05C97C380E
CRC32: 188EA471
Version: 8.0.6.2

{BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
BHO name:
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 23/05/2005 05:43:50
Date (last access): 30/12/2005 09:29:08
Date (last write): 22/11/2005 11:04:36
Filesize: 218760
Attributes: archive
MD5: 8168B770A1A3CE2424E62BB7F4F5968E
CRC32: ACD3ABD7
Version: 11.0.16.2



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 12/07/2005 17:04:22
Date (last access): 28/12/2005 20:17:10
Date (last write): 29/08/2005 12:27:12
Filesize: 520968
Attributes: archive
MD5: 679088DD42AFB105A6DA3F5E876D69B6
CRC32: 80D21320
Version: 1.3.272.0

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Installer:
Codebase: http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
description:
classification: Open for discussion
known filename: SymAData.dll
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\FICHIE~1\SYMANT~1\
Long name: SymAData.dll
Short name:
Date (created): 23/05/2005 05:43:36
Date (last access): 28/12/2005 20:05:46
Date (last write): 15/05/2005 21:32:52
Filesize: 161400
Attributes: archive
MD5: 7F8785D76B7F7A79C96E50168DAF498E
CRC32: E6572B3B
Version: 2.0.0.3



--- Process list ---
PID: 0 ( 0) [System]
PID: 772 ( 4) \SystemRoot\System32\smss.exe
PID: 820 ( 772) \??\C:\WINDOWS\system32\csrss.exe
PID: 844 ( 772) \??\C:\WINDOWS\system32\winlogon.exe
PID: 888 ( 844) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 900 ( 844) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 1056 ( 888) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: DF7CE16CFF3217E71742E3D700844C07
PID: 1068 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1140 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1284 ( 888) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1328 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1392 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1676 ( 888) C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
size: 235120
MD5: 8F3A6DA3CA461D9635901FC42FEEE570
PID: 1688 ( 888) C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
size: 181872
MD5: 5655B64E2989EA0380C2FD9004ED1B6C
PID: 1700 ( 888) C:\Program Files\Norton Internet Security\ISSVC.exe
size: 83584
MD5: 2D943734CF559CF5EF16610A4A429BCE
PID: 1712 ( 888) C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1736 ( 888) C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 173160
MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
PID: 1776 ( 888) C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
size: 198256
MD5: 8B975B91F6339389B11D30B7FE87C8DE
PID: 412 ( 888) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 520 ( 888) C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
size: 28672
MD5: 522215532916836B9CA19EE30658F3C1
PID: 540 ( 888) C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
size: 43152
MD5: 0BDA75A3DE9DDE31B77EF830C3CC2FF1
PID: 564 ( 888) C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
size: 114688
MD5: 8AB495F0D82F81458BC9AC85E018FBBF
PID: 584 ( 888) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 13888
MD5: 26830B750372AB1BF29C95DEEBEB802F
PID: 644 ( 888) C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 177288
MD5: 998E500C07D76D4E7AAEFBA32EDC26D5
PID: 804 ( 888) C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 826512
MD5: 4770F773C1417B913196FBF9E13A5ECB
PID: 1268 ( 888) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2368 ( 888) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 3136 ( 844) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: DF7CE16CFF3217E71742E3D700844C07
PID: 3176 (2920) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
PID: 972 (3176) C:\WINDOWS\SOUNDMAN.EXE
size: 67584
MD5: E0584EE5E7F07F04A879B19A37465588
PID: 3352 (3176) C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
size: 356352
MD5: 048AB569700CA72CAC17B10137641AFF
PID: 1108 (3176) C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
size: 163840
MD5: A4F59CBE60373F8B1FDDFA7B68DE4F68
PID: 3372 (3176) C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
size: 58992
MD5: 565126CC4A79CA46D555FFDD479E71E3
PID: 1652 (3176) C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
size: 180269
MD5: 006220EE86EB71C5884F415EAA9E8058
PID: 3396 (3176) C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: A6939E0F389095A9C77E70604F24DD1F
PID: 3404 (3176) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
PID: 3412 (3176) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3432 (3176) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7094272
MD5: BCD239CB30B5356A019FD81E45D6636B
PID: 3440 (3176) C:\Program Files\PixVillage\pixvillage.exe
size: 4661248
MD5: 9918FB6D4C4C9CD5F2391E7ED5A5BB4F
PID: 3468 (3176) C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 184320
MD5: 5A847F7D8D2D9DC37AC6167372356175
PID: 3484 (3176) C:\Program Files\Nikon\NkView6\NkvMon.exe
size: 241664
MD5: 29AB460BB765EE9289407B1B1532B4A6
PID: 3540 (3500) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
size: 68608
MD5: C9FE2CFFC3E5AB9B31A5467EDDAE803B
PID: 3992 ( 888) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 4048 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 184 (1108) C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
size: 102400
MD5: 1A508053AFA275FF78ECB73C8CFC961C
PID: 204 (1108) C:\Program Files\Netropa\Onscreen Display\OSD.exe
size: 90112
MD5: 3E3C213E5C26F87A119C897EA242355C
PID: 220 (1108) C:\Program Files\Netropa\InetKb\Inetkb.exe
size: 102400
MD5: C49B44449FB348867E6590CEA0572D9E
PID: 304 (3176) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: 833E2B3F0E2484C0F2B804AE871B4381
PID: 1596 (3176) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 30/12/2005 09:53:22

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.aliceadsl.fr/abonnes.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89DFB101-461C-482F-A322-BC11209177A8}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89DFB101-461C-482F-A322-BC11209177A8}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5C28078-2B8C-4DEB-8CEB-115905DB96D2}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5C28078-2B8C-4DEB-8CEB-115905DB96D2}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{588610AF-84DE-4540-88EF-EB7B5D43528F}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{588610AF-84DE-4540-88EF-EB7B5D43528F}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86CD48E1-F9C4-4159-97ED-296C7D4DD4EF}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86CD48E1-F9C4-4159-97ED-296C7D4DD4EF}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FFC3F90-C9EB-466C-88BD-B30EC3D9C4B5}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FFC3F90-C9EB-466C-88BD-B30EC3D9C4B5}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
(AddressBook)

Adobe Acrobat 4.0 4.0 (Adobe Acrobat 4.0)
version (major): 4
install location: C:\Program Files\Adobe\Acrobat 4.0
install source: C:\Documents and Settings\Aude\Local Settings\Temp\pft2~tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 4.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

Adobe Photoshop Elements 1.0 (Adobe Photoshop Elements 1.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop Elements
install source: D:\Francais\Adobe Photoshop Elements\
uninstall cmd: C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe SVG Viewer 1.0 (Adobe SVG Viewer)
version (major): 1
install location: C:\WINDOWS\system32\Adobe\SVG Viewer
install source: D:\Francais\Adobe Photoshop Elements\SVG\
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
publisher: Adobe Systems, Inc.

ATI Display Driver 8.05-040812a-017884C-Asus (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

(Connection Manager)

Creative DVD Audio Plugin for Audigy Series (CTDVDAudio Plugin)
uninstall cmd: "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

EPSON Logiciel imprimante (EPSON Imprimante et utilitaires)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r

EPSON Logiciel imprimante (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: E:\mes documents\programmes téléchargés\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Correctif Windows XP - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Correctif Windows XP - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Correctif Windows XP - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Correctif Windows XP - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Correctif Windows XP - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Correctif Windows XP - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Correctif Windows XP - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Correctif Windows XP - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Correctif Windows XP - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Correctif Windows XP - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Mise à jour de sécurité pour Windows XP (KB890046) 1 (KB890046)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Correctif Windows XP - KB890859 1 (KB890859)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Correctif Windows XP - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Mise à jour de sécurité pour Windows XP (KB893066) 2 (KB893066)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Mise à jour de sécurité pour Windows XP (KB893756) 1 (KB893756)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Mise à jour pour Windows XP (KB894391) 1 (KB894391)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Mise à jour de sécurité pour Windows XP (KB896358) 1 (KB896358)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Mise à jour de sécurité pour Windows XP (KB896422) 1 (KB896422)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Mise à jour de sécurité pour Windows XP (KB896423) 1 (KB896423)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Mise à jour de sécurité pour Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Mise à jour de sécurité pour Windows XP (KB896428) 1 (KB896428)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Mise à jour de sécurité pour Windows XP (KB896688) 1 (KB896688)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Mise à jour pour Windows XP (KB898461) 1 (KB898461)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Mise à jour de sécurité pour Windows XP (KB899587) 1 (KB899587)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Mise à jour de sécurité pour Windows XP (KB899589) 1 (KB899589)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Mise à jour de sécurité pour Windows XP (KB899591) 1 (KB899591)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Mise à jour de sécurité pour Windows XP (KB900725) 1 (KB900725)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Mise à jour de sécurité pour Windows XP (KB901017) 1 (KB901017)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Mise à jour de sécurité pour Windows XP (KB901214) 1 (KB901214)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Mise à jour de sécurité pour Windows XP (KB902400) 1 (KB902400)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Mise à jour de sécurité pour Windows XP (KB904706) 1 (KB904706)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Mise à jour de sécurité pour Windows XP (KB905414) 1 (KB905414)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Mise à jour de sécurité pour Windows XP (KB905749) 1 (KB905749)
install date: 20051028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Mise à jour de sécurité pour Windows XP (KB905915) 1 (KB905915)
install date: 20051214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Mise à jour pour Windows XP (KB910437) 1 (KB910437)
install date: 20051214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Lapin Malin Cours Préparatoire ADAPT (Lapin Malin Cours Préparatoire ADAPT)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\The Learning Company\Lapin Malin Cours Préparatoire ADAPT\Uninst.isu"

LiveReg (Symantec Corporation) 3.1.0 (LiveReg)
install location: C:\Program Files\Fichiers communs\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

(MobileOptionPack)

(MPlayer2)

Messenger Plus! 3 (MsgPlus! Plugin)
uninstall cmd: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

OmniMouse Driver 4.0 (NASDAK OmniMouse Driver)
uninstall cmd: C:\Program Files\NASDAK\OmniMouse Driver\4.0\unins000.EXE

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files\Fichiers communs\Ahead\Uninstall\setup.exe /uninstall

(NetMeeting)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\NVUninst.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PixVillage (PixVillage)
uninstall cmd: C:\Program Files\PixVillage\uninstaller.exe

Print@Fujicolor (Print@Fujicolor)
uninstall cmd: C:\PROGRA~1\Fujifilm\UNWISE.EXE C:\PROGRA~1\Fujifilm\INSTALL.LOG

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

Screen Antics 2.1 2.1 (Screen Antics)
uninstall cmd: C:\WINDOWS\uninst.exe
publisher: Jaap van Wingerden

(Sevinst)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection \swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Super Billard et Snooker 3D (Super billard et snooker 3D_is1)
uninstall cmd: "c:\Program Files\Anuman Interactive\Super billard et snooker 3D\unins000.exe"
publisher: Etiumsoft, Inc.
help link: http://www.etiumsoft.com

Norton Internet Security 2005 (Symantec Corporation) 8.0.6.2 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: C:\Program Files\Norton Internet Security
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS
uninstall cmd: C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
publisher: Symantec Corporation

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Winkaa 1.0 1.0 (Winkaa 1.0)
uninstall cmd: "C:\Program Files\Winkaa 1.0\uninstall.exe"

Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

Yahoo! Toolbar (Yahoo! Toolbar)

OmniKey v.4.0 ({0208A7E3-0D30-11D4-A1FC-00508B9D1BA2})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\Setup.exe" -l0x40c

Norton Internet Security 8.0.6.2 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 134217734
version (major): 8
estimated size: 15067
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

InterVideo WinDVD 5 5.3-B5.41 ({1B399A41-C1D0-40A2-9E4F-095868EFAF01})
version (major): 5
version (minor): 3
install location: C:\Program Files\InterVideo\DVD5
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: http://www.intervideo.com/jsp/Support.jsp

ArcSoft Panorama Maker 3.0 ({1CABB679-3958-44AA-BFFF-4E68A2684255})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CABB679-3958-44AA-BFFF-4E68A2684255}\Setup.exe" -l0x40c -uninst

SymNet 5.4.4.17 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 84148228
version (major): 5
version (minor): 4
estimated size: 2722
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation

WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2568
install date: 20051005
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Kit de Connexion Alice ADSL ({3A0221AD-D30B-4320-8F9B-1D0F0E6C6843})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\setup.exe" -l0x40c ControlPanel

Norton AntiSpam 2005.1.0.163 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2005
version (minor): 1
estimated size: 929
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation

Google Earth 3.0.0693 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 50332341
install date: 20051029
install location: C:\Program Files\Google\Google Earth
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\bye13.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
publisher: Google

Norton Internet Security 8.0.6.2 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 134217734
version (major): 8
estimated size: 717
install date: 20051029
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation

Norton Internet Security 8.0.6.2 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 134217734
version (major): 8
estimated size: 2321
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

Norton Internet Security 8.0.6.2 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 134217734
version (major): 8
estimated size: 1081
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation

Norton AntiSpam 2005.1.0.163 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2005
version (minor): 1
estimated size: 10147
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051029
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downlo ... .aspx/help
help telephone: 1-425.882.8080

Encyclopédie Universelle Larousse ({666ADC9C-9C34-4B56-8B22-0419F257FB80})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{666ADC9C-9C34-4B56-8B22-0419F257FB80}\setup.exe" -l0x40c

SPBBC 1.00.0000 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 16777216
version (major): 1
estimated size: 1423
install date: 20051028
install location: C:\Program Files\Norton Internet Security\Norton AntiVirus\
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Your Company Name

Symantec SCSSDist MSI 1.0.0 ({845AF1DD-3618-471F-9745-B1CD9378F669})
version: 16777216
version (major): 1
estimated size: 240
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{845AF1DD-3618-471F-9745-B1CD9378F669}
publisher: Symantec Corporation

Microsoft Office XP Professional avec FrontPage 10.0.2627.5 ({9028040C-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 261202
install date: 20051007
install source: D:\
uninstall cmd: MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM

Xenon 2000 - Project PCF ({93EE3C83-725F-4EA4-891A-CD6B019FCDC1})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EE3C83-725F-4EA4-891A-CD6B019FCDC1}\Setup.exe"

Harry Potter et le prisonnier d'Azkaban(TM) ({A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA})
uninstall cmd: C:\Program Files\EA GAMES\Harry Potter et le prisonnier d'Azkaban(TM)\EAUninstall.exe

Norton Internet Security 8.0.6.2 ({A93C9E60-29B6-49da-BA21-F70AC6AADE20})
version: 134217734
version (major): 8
estimated size: 5585
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
publisher: Symantec Corporation

Nikon View 6 ({AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL

Adobe Reader 7.0.5 - Français 7.0.5 ({AC76BA86-7AD7-1036-7B44-A70000000000})
version: 117440517
version (major): 7
estimated size: 76036
install date: 20051102
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.fr/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

MSRedist 1.0.0.0 ({B7C61755-DB48-4003-948F-3D34DB8EAF69})
version: 16777216
version (major): 1
estimated size: 4507
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\Redist\
uninstall cmd: MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
publisher: Symantec Corporation

MSN Messenger 7.5 7.5.0322.0 ({BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5})
version: 117768514
version (major): 7
version (minor): 5
estimated size: 15725
install date: 20051228
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

Norton AntiVirus 2005 11.0.15 ({C6F5B6CF-609C-428E-876F-CA83176C021B})
version: 184549391
version (major): 11
estimated size: 58769
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\NAV\
uninstall cmd: MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
publisher: Symantec Corporation

Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2754
install date: 20051029
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.4_E\
publisher: Symantec Corporation

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37015
install date: 20051228
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\Pix2047.tmp\dotnetfx\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Symantec Script Blocking Installer 11.0.15 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 184549391
version (major): 11
estimated size: 481
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec

CC_ccProxyExt 103.0.4.3 ({DA42FDCA-7C5A-43EF-9A05-CCE148ADF919})
version: 1728053252
version (major): 103
estimated size: 604
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\Proxy\
uninstall cmd: MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
publisher: Symantec

ccCommon 103.0.4.3 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 1728053252
version (major): 103
estimated size: 5723
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec

Norton Internet Security 1.0.0 ({E3EFA461-EB83-4C3B-9C47-2C1D58A01555})
version: 16777216
version (major): 1
estimated size: 1420
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\HelpMSI\
uninstall cmd: MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
publisher: Symantec Corp.

Norton Internet Security 8.0.6.2 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 134217734
version (major): 8
estimated size: 430
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corporation

Norton WMI Update 2005.1.2.20 ({E85FA9A1-C241-4698-893B-DD99509B8DB0})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\SymSC\
uninstall cmd: MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
publisher: Symantec Corporation

Norton WMI Update 2005.1.2.20 ({F64306A5-4C32-41bb-B153-53986527FAB4})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\SymSC\
uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
publisher: Symantec Corporation

ccPxyCore 103.0.4.3 ({FC08587A-4F01-4188-819F-F55880022917})
version: 1728053252
version (major): 103
estimated size: 2821
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Support\Proxy\
uninstall cmd: MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
publisher: Symantec

Norton Internet Security 8.0.6.2 ({FC2C0536-583C-46c0-844A-62CECAE01F22})
version: 134217734
version (major): 8
estimated size: 308
install date: 20051028
install source: C:\DOCUME~1\Aude\LOCALS~1\Temp\NIS\Setup\
uninstall cmd: MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
publisher: Symantec Corporation



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Pilote ACPI Microsoft
Image path: system32\DRIVERS\ACPI.sys
Image size: 188672
Image MD5: 0BD94FBFC14EA3606CD6CA4C0255BAA3
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXSENS
Display name: Service for WDM 3D Audio Driver
Image path: system32\drivers\ALCXSENS.SYS
Image size: 400384
Image MD5: BA88534A3CEB6161E7432438B9EA4F54
Start: 3
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Realtek AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 626204
Image MD5: 5FF6F7E58C798F1474C0BBFFC23CB78D
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Service de la passerelle de la couche Application
Description: Offre la prise en charge des plug-ins de protocoles tiers pour le Partage de connexion Internet et le Pare-feu Windows.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Display name: Protocole client ARP 1394
Description: Protocole client ARP 1394
Image path: system32\DRIVERS\arp1394.sys
Image size: 60800
Image MD5: F0D692B0BFFB46E30EB3CEA168BBC49F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: A986FCFDAC587E68478DB51547B90800
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 389120
Image MD5: DF7CE16CFF3217E71742E3D700844C07
Start: 2
Type: 272
Error Control: 1

Service (registry key): ati2mtag
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 786944
Image MD5: 49C75E63B8B23B0E534447BA25CE2E76
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Audio Windows
Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Pilote audio Stub
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Con
suite...
 

Messagede nickW » 31 Déc 2005, 01:39

Bonsoir,

Nouvelle manip:

Étape 1: Création du fichier tuer-hotbar.reg
Faire un copier/coller des lignes ci-dessous (dans la zone "Code") dans un éditeur de texte (Bloc-notes, Notepad, Wordpad par exemple) et enregistrer le fichier sous le nom de tuer-hotbar.reg
Attention no 1: Il y a une ligne blanche après la dernière ligne
Attention no 2: l'extension doit être .reg , choisir Tous les fichiers dans la liste déroulante de Type lors du Enregistrer sous..
Si l'extension est .reg.txt, renommer le fichier en .reg
Code: Tout sélectionner
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]
"HbTools 4.7.2"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HbTools"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sin Espias"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stnospy"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ulzfayls"=-





Étape 2: Utilisation du fichier tuer-hotbar.reg
Faire un clic droit sur tuer-hotbar.reg, dans le menu contextuel choisir Fusionner et accepter la fusion dans le registre.


Étape 3: Recherches dans le Registre

Lancer RegSrch.vbs en faisant un clic droit dessus et en choisissant Ouvrir avec l'invite de commandes.
Taper HbTools dans la zone Enter search string... puis cliquer sur OK.
Laisser le script tourner (jusqu'à 5 minutes); Une petite fenêtre annonce le nombre d'occurrences trouvées.
Cliquer sur OK pour copier le résultat dans Wordpad.
Important: Enregistrer ce fichier (Fichier ---> Enregistrer sous HbTools-2.txt).


Lancer RegSrch.vbs en faisant un clic droit dessus et en choisissant Ouvrir avec l'invite de commandes.
Taper SinEspias dans la zone Enter search string... puis cliquer sur OK.
Laisser le script tourner (jusqu'à 5 minutes); Une petite fenêtre annonce le nombre d'occurrences trouvées.
Cliquer sur OK pour copier le résultat dans Wordpad.
Important: Enregistrer ce fichier (Fichier ---> Enregistrer sous SinEspias-2.txt).


Lancer RegSrch.vbs en faisant un clic droit dessus et en choisissant Ouvrir avec l'invite de commandes.
Taper atwynmhw dans la zone Enter search string... puis cliquer sur OK.
Laisser le script tourner (jusqu'à 5 minutes); Une petite fenêtre annonce le nombre d'occurrences trouvées.
Cliquer sur OK pour copier le résultat dans Wordpad.
Important: Enregistrer ce fichier (Fichier ---> Enregistrer sous atwynmhw-2.txt).


Copier en réponse le contenu des fichiers:
*- HbTools-2.txt
*- SinEspias-2.txt
*- atwynmhw-2.txt

avec un nouveau log HijackThis.

A suivre (car il reste des programmes "superflus au démarrage" à supprimer, et des conseils de sécurité à appliquer),
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

suite suite suite...

Messagede dinou » 31 Déc 2005, 18:39

Bonsoir,

*- HbTools-2.txt

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "HbTools" 31/12/2005 18:25:57

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-515967899-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\Txt]
"a"="C:\\Program Files\\RegSrch\\HbTools.Txt"



*- SinEspias-2.txt

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "SinEspias" 31/12/2005 18:26:59

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-515967899-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\Txt]
"b"="C:\\Program Files\\RegSrch\\SinEspias.Txt"


*- atwynmhw-2.txt


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "atwynmhw" 31/12/2005 18:28:03

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-515967899-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\Txt]
"c"="C:\\Program Files\\RegSrch\\atwynmhw.Txt"


Et voici le nouveau log HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 18:33:44, on 31/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/abonnes.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PixVillage] C:\Program Files\PixVillage\pixvillage.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe



Gros Gros MERCI, TRES TRES BONNE ANNEE 2006, et à très bientôt... :D
Dinou
dinou
 
Messages: 13
Inscription: 07 Nov 2005, 21:03
Localisation: Vignoble nantais

Messagede nickW » 31 Déc 2005, 18:52

Bonsoir et Bonne Année,

Les trois fichiers HbTools-2.txt, SinEspias-2.txt et atwynmhw-2.txt sont parfaits: les traces des "méchants" ont disparu.

Pour l'analyse du log HijackThis, rendez-vous l'année prochaine. :D

Salut,

Image
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

BONNE ANNEE

Messagede dinou » 02 Jan 2006, 17:33

JUSTE POUR SOUHAITER UNE TRES TRES BONNE ANNEE 2006...
Dinou
dinou
 
Messages: 13
Inscription: 07 Nov 2005, 21:03
Localisation: Vignoble nantais

Messagede nickW » 02 Jan 2006, 21:55

Bonsoir,

Ton dernier log me semble "propre".

Voici donc quelques conseils supplémentaires:


Un conseil:
Utiliser Ccleaner régulièrement.
Par exemple, prendre l'habitude de le lancer systématiquement avant d'éteindre le PC, ou une fois par jour.


Un conseil:
Abandonner Internet Explorer + Outlook Express au profit de Firefox + Thunderbird


Un conseil:
Installer Java de Sun.
http://assiste.com.free.fr/p/internet_c ... i_java.php


Un conseil:
La version d'essai d'ewido security suite reste utilisable sans limitation de durée, mais avec deux restrictions:
*- pas de surveillance en temps réel,
*- pas de mise à jour automatique en ligne.
Tu peux donc choisir de le laisser installé, et de l'utiliser de temps en temps (pour faire du "nettoyage") en faisant une mise à jour manuelle avant d'exécuter le balayage.


Un conseil:
Lire les Recommandations du "kit de sécurité", et en appliquer les mesures préventives.
http://assiste.com.free.fr/p/internet_e ... curite.php


Un conseil:
Il est possible d'alléger la procédure de démarrage et de libérer quelques ressources système.
Certains programmes sont considérés comme "inutiles au démarrage": ils sont lancés systématiquement à chaque démarrage du système (même si l'on ne s'en sert pas), ils restent actifs et utilisent des ressources du système.
Il est indispensable de consulter la liste des startups (programmes lancés au démarrage) d'après Pacman (Paul Collins) pour prendre sa décision (les garder au démarrage ou non). Voir ICI.
Note:
En ce moment, la version téléchargeable est la plus à jour.
Clic droit sur le lien: http://assiste.files.free.fr/h/Startups-vf.chm
Enregistrer le fichier, puis double clic dessus pour l'ouvrir.

Sont dans ce cas:

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe--->lire attentivement la liste de Pacman
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background--->lire attentivement la liste de Pacman
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background--->lire attentivement la liste de Pacman
O4 - HKCU\..\Run: [PixVillage] C:\Program Files\PixVillage\pixvillage.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe--->lui préférer Adobe Reader SpeedUp 1.34
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE--->un véritable dévoreur de ressources, inutile
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

Note importante sur la mise en œuvre de cette correction ("Fix") des "inutiles au démarrage" via HijackThis (cocher la case devant l'élément puis cliquer sur Fix Checked):
Tout ceci doit être fait
-**- après avoir désactivé TeaTimer de Spybot-S&D s'il est actif (lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer) ou tout autre programme de contrôle d'intégrité,
-**- en demandant à HiJackThis de faire des sauvegardes (cocher "Make backups before fixing items" dans "Config"),
-**- après avoir désactivé la restauration système si Windows ME/XP (voir ICI),
-**- après avoir vidé le cache d'IE (fichiers temporaires d'Internet Explorer), supprimé les fichiers temporaires et vidé la corbeille à l'aide de Ccleaner,
-**- après avoir fermé toutes les fenêtres (Explorateur, Internet Explorer, autres programmes),
-**- Ici doit se placer l'utilisation de HijackThis
-**- après exécution de HijackThis, vider la corbeille, le cache d'IE et les fichiers temporaires grâce à Ccleaner.

Puis redémarrer l'ordinateur en mode normal.


Penser à réactiver la restauration système (si désactivée précédemment).
Penser à retirer l'affichage des fichiers et dossiers cachés si tu n'en as pas besoin.
Penser à réactiver TeaTimer de Spybot-S&D (si désactivé précédemment).
Penser à réactiver tout autre programme de contrôle d'intégrité (si désactivé précédemment).

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede dinou » 10 Mar 2006, 13:26

Bonjour,

Me revoilà pour la suite, enfin l'analyse du log, que voici :

Logfile of HijackThis v1.99.1
Scan saved at 12:10:58, on 10/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PixVillage] C:\Program Files\PixVillage\pixvillage.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe




MERCI ENCORE POUR TOUS VOS CONSEILS TRES UTILES :wink:
Dinou
dinou
 
Messages: 13
Inscription: 07 Nov 2005, 21:03
Localisation: Vignoble nantais

Messagede nickW » 10 Mar 2006, 18:40

Bonsoir,

Mon dernier message, posté le Lun 02 01 2006 à 21h55, est toujours d'actualité.

Autre remarque: le bloqueur de téléchargements nuisibles de Spybot-S&D n'est plus activé?

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede dinou » 10 Mar 2006, 18:57

:Mouaaarrrrffffffff: Toutes mes excuses, j'ai pas regardé la seconde page, par contre je ne sais pas comment le bloqueur de téléchargement de nuisibles était éteint...

Merci encore pour tout et désolé du dérangement... :oops:
Dinou
dinou
 
Messages: 13
Inscription: 07 Nov 2005, 21:03
Localisation: Vignoble nantais

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 24 invités

cron