Probleme my web search

hellraiser -  
crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
je vous contact car j ai scanner mon ordinateur avec spyboot SD et il a trouver myway mywebsearch qu'il n arrive pas a supprimer!
je travail avec vista
j ai deja essayer de scanner mon mon pc avec hijackthis et voici le rapport du scan qui apparait dans le bloc note:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:46, on 12/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: CCC.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8564 bytes

est ce que quelqu'un peut m aider svp
Configuration: Windows Vista
Internet Explorer 7.0

18 réponses

  1. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Salut,

    Désactive l’UAC (User Account Control) le temps de la désinfection.
    Démarrer, Panneau de configuration, Comptes d’utilisateurs, Désactiver le contrôle des comptes d’utilisateur.
    (Manipulation inverse pour le remettre en fin de désinfection).
    (Cela va permettre aux outils de désinfection de travailler correctement).

    **********

    Désactive le Teatimer de Spybot :
    - Lance Spybot
    - Va dans Mode puis Mode avancé puis Outils puis Résident et décoche la case Tea timer.
    Exemple sur cette image : = = = =>>> ICI <<<= = = =

    ************

    Télécharges ToolBar S&D ( de Eric_71 )
    = = = = >>> En cliquant ici <<< = = = =

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipulation !!
    * Double-cliques sur l’exécutable pour lancer l’outil
    * Une fois fait, tape F pour sélectionner le Français
    * Choisis l’option 1 (Recherche) et tape sur Entrée.
    * Une fois le scan finit, un rapport va apparaître au format .txt.
    * Copie-colle l’intégralité de son contenu dans ta prochaine réponse ...
    Note :
    Le rapport est sauvegardé ici : C:\TB.txt
    Tuto si besoin ICI
    0
  2. helraiser
     
    probleme je n arrive pas a telécharger la toolbar car la page n est plus active
    0
    1. helraiser
       
      est ce que vous recevez ma reponse??
      0
    2. helraiser
       
      voici le rapport
      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
      BIOS : Default System BIOS
      USER : francois ( Administrator )
      BOOT : Normal boot
      Antivirus : Norton Internet Security 2007 (Activated)
      Firewall : Norton Internet Security 2007 (Activated)
      C:\ (Local Disk) - NTFS - Total:141 Go (Free:22 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( lun. 12/01/2009|21:11 )

      [ UAC => 1 ]

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\AskTBar
      C:\Program Files\AskTBar\SrchAstt
      C:\Program Files\AskTBar\SrchAstt\1.bin
      C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
      C:\Users\francois\Desktop\BitLord.lnk
      C:\Users\francois\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\BitLord
      C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitLord
      C:\Program Files\BitLord
      C:\Program Files\BitLord\BitLord.exe
      C:\Program Files\BitLord\BitLord.url
      C:\Program Files\BitLord\BitLord.xml
      C:\Program Files\BitLord\BitLord_Win9x.exe
      C:\Program Files\BitLord\Downloads
      C:\Program Files\BitLord\Downloads.xml
      C:\Program Files\BitLord\lang
      C:\Program Files\BitLord\License.txt
      C:\Program Files\BitLord\rules
      C:\Program Files\BitLord\uninst.exe
      C:\Program Files\BitLord\Downloads\(Tim Burton) L.Etrange.NoA«l.de.Monsieur.Jack.FRENCH.DVDRiP.Share.By.Luigiko ( For Itoma tracker ).avi.bc!
      C:\Program Files\BitLord\Downloads\Asterix Aux Jeux Olympiques FRENCH DVDRip XviD.avi
      C:\Program Files\BitLord\Downloads\Austin.Powers.1.FRENCH.DVDRip.XviD-KiRBY.avi
      C:\Program Files\BitLord\Downloads\Austin.Powers.2.L'espion.Qui.M'a.Tirée.FRENCH.DVDRip.XviD-KiRBY.avi
      C:\Program Files\BitLord\Downloads\Austin.Powers.3.Dans.Goldmember.FRENCH.DVDRip.XviD-KiRBY.avi
      C:\Program Files\BitLord\Downloads\Blanche Neige Et Les 7 Nains.avi
      C:\Program Files\BitLord\Downloads\Course.A.La.Mort..torrent
      C:\Program Files\BitLord\Downloads\Course.A.La.Mort.Death.Race.FRENCH.DVDRIP.XVID-TICKETS.zip
      C:\Program Files\BitLord\Downloads\Death.Race.French.Dvdrip.Repack.1CD.Xvid-RLD
      C:\Program Files\BitLord\Downloads\Disco.FRENCH.DVDRiP.XviD-ULTRASON
      C:\Program Files\BitLord\Downloads\DA©trompez-vous.avi
      C:\Program Files\BitLord\Downloads\Eurotrip.avi
      C:\Program Files\BitLord\Downloads\Horton.DVDrip.FRENCH.2008
      C:\Program Files\BitLord\Downloads\intracable
      C:\Program Files\BitLord\Downloads\Kungfu.Panda..torrent
      C:\Program Files\BitLord\Downloads\Kungfu.Panda.FRENCH.DVDRiP.LD.XViD-FUN
      C:\Program Files\BitLord\Downloads\La dA©chirure
      C:\Program Files\BitLord\Downloads\LA FAILLE.2007.french. bonne qualitA©
      C:\Program Files\BitLord\Downloads\la ferme se rebelle.TRACKERSURFER.french.dvdrip.avi.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes
      C:\Program Files\BitLord\Downloads\Les Infiltres Dvdrip French By L@ndte@m
      C:\Program Files\BitLord\Downloads\Madagascar.2005.FRENCH.DVDRiP.XViD.MZISYS.avi.bc!
      C:\Program Files\BitLord\Downloads\Mr brooks
      C:\Program Files\BitLord\Downloads\pb_math_CE2(4).xls
      C:\Program Files\BitLord\Downloads\sans sarah rien ne vas DVDRIP.avi.bc!
      C:\Program Files\BitLord\Downloads\Tarzan (walt dysney) by l@ndte@m
      C:\Program Files\BitLord\Downloads\VTS_01_1_HomeCinema.avi
      C:\Program Files\BitLord\Downloads\XViD-FR
      C:\Program Files\BitLord\Downloads\Death.Race.French.Dvdrip.Repack.1CD.Xvid-RLD\death-rld.nfo.bc!
      C:\Program Files\BitLord\Downloads\Death.Race.French.Dvdrip.Repack.1CD.Xvid-RLD\Death.Race.French.Dvdrip.Repack.1CD.Xvid-RLD.avi.bc!
      C:\Program Files\BitLord\Downloads\Disco.FRENCH.DVDRiP.XviD-ULTRASON\disco_xvid.avi.bc!
      C:\Program Files\BitLord\Downloads\Horton.DVDrip.FRENCH.2008\A LIRE AVANT TOUT !!!.html
      C:\Program Files\BitLord\Downloads\Horton.DVDrip.FRENCH.2008\Horton.Hears.a.Who.FRENCH.R5.XviD-PWD.rar
      C:\Program Files\BitLord\Downloads\Kungfu.Panda.FRENCH.DVDRiP.LD.XViD-FUN\Kungfu.Panda.FRENCH.DVDRiP.LD.XViD-FUN.avi
      C:\Program Files\BitLord\Downloads\Kungfu.Panda.FRENCH.DVDRiP.LD.XViD-FUN\Kungfu.Panda.FRENCH.DVDRiP.LD.XViD-FUN.nfo
      C:\Program Files\BitLord\Downloads\La dA©chirure\La dA©chirure.avi.bc!
      C:\Program Files\BitLord\Downloads\LA FAILLE.2007.french. bonne qualitA©\18754391.jpg.bc!
      C:\Program Files\BitLord\Downloads\LA FAILLE.2007.french. bonne qualitA©\gagner de l'argent en misant 5 euros, c'est pas des conneries!!!.rtf.bc!
      C:\Program Files\BitLord\Downloads\LA FAILLE.2007.french. bonne qualitA©\vcdfrv-fracture-cd1.bin.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes\18823451.jpg.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes\Ideal-Graph  - Accueil.URL.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes\la brute.rtf.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes\Landcheyenne.com - Le forum du partage et de la bonne humeur - Accueil.URL.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes\landteam.nfo.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes\les deux mondes .avi.bc!
      C:\Program Files\BitLord\Downloads\Les deux mondes\Torrent downloaded from Demonoid.com.txt
      C:\Program Files\BitLord\Downloads\Mr brooks\la brute.rtf
      C:\Program Files\BitLord\Downloads\Mr brooks\Landcheyenne.com - Le forum du partage et de la bonne humeur - Accueil.URL
      C:\Program Files\BitLord\Downloads\Mr brooks\landteam.nfo
      C:\Program Files\BitLord\Downloads\Mr brooks\Mr Brooks.avi
      C:\Program Files\BitLord\Downloads\Mr brooks\mr brooks.jpg
      C:\Program Files\BitLord\Downloads\Mr brooks\Torrent downloaded from Demonoid.com.txt
      C:\Program Files\BitLord\Downloads\Tarzan (walt dysney) by l@ndte@m\Landcheyenne le forum du partage et de la bonne humeur - Accueil.URL
      C:\Program Files\BitLord\Downloads\Tarzan (walt dysney) by l@ndte@m\TARZAN_.AVI
      C:\Program Files\BitLord\Downloads\Tarzan (walt dysney) by l@ndte@m\Torrent downloaded from Demonoid.com.txt
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.nfo
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r00
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r01
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r02
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r03
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r04
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r05
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r06
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r07
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r08
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r09
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r10
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r11
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r12
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r13
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r14
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r15
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r16
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r17
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r18
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r19
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r20
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r21
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r22
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r23
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r24
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r25
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r26
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r27
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r28
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r29
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r30
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r31
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r32
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r33
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r34
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r35
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r36
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r37
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r38
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r39
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r40
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r41
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r42
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r43
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r44
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r45
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r46
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.r47
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.rar
      C:\Program Files\BitLord\Downloads\XViD-FR\Mamma.Mia.FRENCH.DVDRip.XviD-ULTRASON\mm_xvid.sfv
      C:\Program Files\BitLord\lang\lang_ar_ae.xml
      C:\Program Files\BitLord\lang\lang_bg_bg.xml
      C:\Program Files\BitLord\lang\lang_ca_es.xml
      C:\Program Files\BitLord\lang\lang_cz_cz.xml
      C:\Program Files\BitLord\lang\lang_da_dk.xml
      C:\Program Files\BitLord\lang\lang_de_de.xml
      C:\Program Files\BitLord\lang\lang_el_gr.xml
      C:\Program Files\BitLord\lang\lang_en_us.xml
      C:\Program Files\BitLord\lang\lang_es_ar.xml
      C:\Program Files\BitLord\lang\lang_es_es.xml
      C:\Program Files\BitLord\lang\lang_et_ee.xml
      C:\Program Files\BitLord\lang\lang_fi_fi.xml
      C:\Program Files\BitLord\lang\lang_fr_fr.xml
      C:\Program Files\BitLord\lang\lang_gl_es.xml
      C:\Program Files\BitLord\lang\lang_he_il.xml
      C:\Program Files\BitLord\lang\lang_hu_hu.xml
      C:\Program Files\BitLord\lang\lang_it_it.xml
      C:\Program Files\BitLord\lang\lang_jp_jp.xml
      C:\Program Files\BitLord\lang\lang_ko_kr.xml
      C:\Program Files\BitLord\lang\lang_nb_no.xml
      C:\Program Files\BitLord\lang\lang_nl_nl.xml
      C:\Program Files\BitLord\lang\lang_pl_pl.xml
      C:\Program Files\BitLord\lang\lang_pt_br.xml
      C:\Program Files\BitLord\lang\lang_pt_pt.xml
      C:\Program Files\BitLord\lang\lang_ro_ro.xml
      C:\Program Files\BitLord\lang\lang_ru_ru.xml
      C:\Program Files\BitLord\lang\lang_sk_sk.xml
      C:\Program Files\BitLord\lang\lang_sl_si.xml
      C:\Program Files\BitLord\lang\lang_sr_sr.xml
      C:\Program Files\BitLord\lang\lang_sv_se.xml
      C:\Program Files\BitLord\lang\lang_th_th.xml
      C:\Program Files\BitLord\lang\lang_tr_tr.xml
      C:\Program Files\BitLord\lang\lang_va_es.xml
      C:\Program Files\BitLord\lang\lang_zh_tw.xml
      C:\Program Files\BitLord\rules\ipfilter.dat
      C:\Program Files\BitLord\rules\tracker.dat
      C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
      C:\Program Files\Dealio
      C:\Program Files\Dealio\DealioAU.exe
      C:\Program Files\Dealio\kb125
      C:\Program Files\Dealio\SearchSettingsKit.exe
      C:\Program Files\Dealio\kb125\Dealio Deskbar.exe
      C:\Program Files\Dealio\kb125\res
      C:\Program Files\Dealio\kb125\rules
      C:\Program Files\Dealio\kb125\temp
      C:\Program Files\Dealio\kb125\res\blank.gif
      C:\Program Files\Dealio\kb125\res\DealioSearch.html
      C:\Program Files\Dealio\kb125\res\deals-endcap.gif
      C:\Program Files\Dealio\kb125\res\deals-leftcap.gif
      C:\Program Files\Dealio\kb125\res\deal_report.jpg
      C:\Program Files\Dealio\kb125\res\ebay_login.jpg
      C:\Program Files\Dealio\kb125\res\endcap22-bg.png
      C:\Program Files\Dealio\kb125\res\endcap22-left.png
      C:\Program Files\Dealio\kb125\res\endcap22-right-arrow.png
      C:\Program Files\Dealio\kb125\res\endcap22-right.png
      C:\Program Files\Dealio\kb125\res\err_mainwindow.html
      C:\Program Files\Dealio\kb125\res\err_toolbar.html
      C:\Program Files\Dealio\kb125\res\global_scripts.js
      C:\Program Files\Dealio\kb125\res\headerbgthin.jpg
      C:\Program Files\Dealio\kb125\res\logo.png
      C:\Program Files\Dealio\kb125\res\logo_over.png
      C:\Program Files\Dealio\kb125\res\man_toolbar.html
      C:\Program Files\Dealio\kb125\res\man_toolbar.js
      C:\Program Files\Dealio\kb125\res\pill_bg.gif
      C:\Program Files\Dealio\kb125\res\post-this-deal.gif
      C:\Program Files\Dealio\kb125\res\post-this-deal_over.gif
      C:\Program Files\Dealio\kb125\res\scripts.js
      C:\Program Files\Dealio\kb125\res\scroller.js
      C:\Program Files\Dealio\kb125\res\search-chevron.gif
      C:\Program Files\Dealio\kb125\res\search_bg_blink.gif
      C:\Program Files\Dealio\kb125\res\separator.gif
      C:\Program Files\Dealio\kb125\res\settings.gif
      C:\Program Files\Dealio\kb125\res\settings_over.gif
      C:\Program Files\Dealio\kb125\res\steals_bg.gif
      C:\Program Files\Dealio\kb125\res\toolbar_background.gif
      C:\Program Files\Dealio\kb125\res\yahoo_search.gif
      C:\Program Files\Dealio\kb125\rules\index.76.35
      C:\Program Files\Dealio\kb125\rules\rules.1.10.76
      C:\Program Files\Dealio\kb125\rules\rules.1.109.43
      C:\Program Files\Dealio\kb125\rules\rules.1.110.43
      C:\Program Files\Dealio\kb125\rules\rules.1.12.52
      C:\Program Files\Dealio\kb125\rules\rules.1.13.58
      C:\Program Files\Dealio\kb125\rules\rules.1.130.58
      C:\Program Files\Dealio\kb125\rules\rules.1.135.50
      C:\Program Files\Dealio\kb125\rules\rules.1.153.44
      C:\Program Files\Dealio\kb125\rules\rules.1.155.43
      C:\Program Files\Dealio\kb125\rules\rules.1.156.49
      C:\Program Files\Dealio\kb125\rules\rules.1.16.60
      C:\Program Files\Dealio\kb125\rules\rules.1.161.52
      C:\Program Files\Dealio\kb125\rules\rules.1.178.66
      C:\Program Files\Dealio\kb125\rules\rules.1.184.55
      C:\Program Files\Dealio\kb125\rules\rules.1.188.52
      C:\Program Files\Dealio\kb125\rules\rules.1.189.45
      C:\Program Files\Dealio\kb125\rules\rules.1.196.43
      C:\Program Files\Dealio\kb125\rules\rules.1.198.56
      C:\Program Files\Dealio\kb125\rules\rules.1.199.43
      C:\Program Files\Dealio\kb125\rules\rules.1.200.53
      C:\Program Files\Dealio\kb125\rules\rules.1.201.43
      C:\Program Files\Dealio\kb125\rules\rules.1.202.43
      C:\Program Files\Dealio\kb125\rules\rules.1.203.71
      C:\Program Files\Dealio\kb125\rules\rules.1.205.62
      C:\Program Files\Dealio\kb125\rules\rules.1.213.71
      C:\Program Files\Dealio\kb125\rules\rules.1.214.49
      C:\Program Files\Dealio\kb125\rules\rules.1.215.43
      C:\Program Files\Dealio\kb125\rules\rules.1.216.67
      C:\Program Files\Dealio\kb125\rules\rules.1.217.67
      C:\Program Files\Dealio\kb125\rules\rules.1.218.52
      C:\Program Files\Dealio\kb125\rules\rules.1.219.43
      C:\Program Files\Dealio\kb125\rules\rules.1.220.43
      C:\Program Files\Dealio\kb125\rules\rules.1.221.57
      C:\Program Files\Dealio\kb125\rules\rules.1.222.43
      C:\Program Files\Dealio\kb125\rules\rules.1.223.68
      C:\Program Files\Dealio\kb125\rules\rules.1.226.68
      C:\Program Files\Dealio\kb125\rules\rules.1.227.43
      C:\Program Files\Dealio\kb125\rules\rules.1.228.62
      C:\Program Files\Dealio\kb125\rules\rules.1.229.76
      C:\Program Files\Dealio\kb125\rules\rules.1.23.63
      C:\Program Files\Dealio\kb125\rules\rules.1.239.43
      C:\Program Files\Dealio\kb125\rules\rules.1.24.43
      C:\Program Files\Dealio\kb125\rules\rules.1.240.43
      C:\Program Files\Dealio\kb125\rules\rules.1.241.43
      C:\Program Files\Dealio\kb125\rules\rules.1.242.43
      C:\Program Files\Dealio\kb125\rules\rules.1.243.43
      C:\Program Files\Dealio\kb125\rules\rules.1.244.63
      C:\Program Files\Dealio\kb125\rules\rules.1.245.43
      C:\Program Files\Dealio\kb125\rules\rules.1.247.43
      C:\Program Files\Dealio\kb125\rules\rules.1.248.43
      C:\Program Files\Dealio\kb125\rules\rules.1.249.43
      C:\Program Files\Dealio\kb125\rules\rules.1.250.43
      C:\Program Files\Dealio\kb125\rules\rules.1.251.43
      C:\Program Files\Dealio\kb125\rules\rules.1.252.43
      C:\Program Files\Dealio\kb125\rules\rules.1.253.43
      C:\Program Files\Dealio\kb125\rules\rules.1.254.43
      C:\Program Files\Dealio\kb125\rules\rules.1.255.43
      C:\Program Files\Dealio\kb125\rules\rules.1.256.43
      C:\Program Files\Dealio\kb125\rules\rules.1.257.43
      C:\Program Files\Dealio\kb125\rules\rules.1.279.43
      C:\Program Files\Dealio\kb125\rules\rules.1.28.58
      C:\Program Files\Dealio\kb125\rules\rules.1.282.75
      C:\Program Files\Dealio\kb125\rules\rules.1.283.43
      C:\Program Files\Dealio\kb125\rules\rules.1.284.43
      C:\Program Files\Dealio\kb125\rules\rules.1.289.67
      C:\Program Files\Dealio\kb125\rules\rules.1.290.62
      C:\Program Files\Dealio\kb125\rules\rules.1.291.61
      C:\Program Files\Dealio\kb125\rules\rules.1.296.43
      C:\Program Files\Dealio\kb125\rules\rules.1.297.43
      C:\Program Files\Dealio\kb125\rules\rules.1.304.43
      C:\Program Files\Dealio\kb125\rules\rules.1.307.43
      C:\Program Files\Dealio\kb125\rules\rules.1.308.75
      C:\Program Files\Dealio\kb125\rules\rules.1.31.47
      C:\Program Files\Dealio\kb125\rules\rules.1.310.46
      C:\Program Files\Dealio\kb125\rules\rules.1.311.43
      C:\Program Files\Dealio\kb125\rules\rules.1.315.43
      C:\Program Files\Dealio\kb125\rules\rules.1.316.43
      C:\Program Files\Dealio\kb125\rules\rules.1.317.43
      C:\Program Files\Dealio\kb125\rules\rules.1.318.43
      C:\Program Files\Dealio\kb125\rules\rules.1.319.49
      C:\Program Files\Dealio\kb125\rules\rules.1.32.48
      C:\Program Files\Dealio\kb125\rules\rules.1.334.44
      C:\Program Files\Dealio\kb125\rules\rules.1.335.60
      C:\Program Files\Dealio\kb125\rules\rules.1.336.44
      C:\Program Files\Dealio\kb125\rules\rules.1.337.44
      C:\Program Files\Dealio\kb125\rules\rules.1.338.75
      C:\Program Files\Dealio\kb125\rules\rules.1.339.47
      C:\Program Files\Dealio\kb125\rules\rules.1.34.43
      C:\Program Files\Dealio\kb125\rules\rules.1.340.47
      C:\Program Files\Dealio\kb125\rules\rules.1.341.47
      C:\Program Files\Dealio\kb125\rules\rules.1.349.50
      C:\Program Files\Dealio\kb125\rules\rules.1.35.48
      C:\Program Files\Dealio\kb125\rules\rules.1.350.50
      C:\Program Files\Dealio\kb125\rules\rules.1.351.51
      C:\Program Files\Dealio\kb125\rules\rules.1.352.54
      C:\Program Files\Dealio\kb125\rules\rules.1.353.51
      C:\Program Files\Dealio\kb125\rules\rules.1.354.51
      C:\Program Files\Dealio\kb125\rules\rules.1.357.62
      C:\Program Files\Dealio\kb125\rules\rules.1.358.52
      C:\Program Files\Dealio\kb125\rules\rules.1.359.52
      C:\Program Files\Dealio\kb125\rules\rules.1.360.53
      C:\Program Files\Dealio\kb125\rules\rules.1.361.54
      C:\Program Files\Dealio\kb125\rules\rules.1.362.68
      C:\Program Files\Dealio\kb125\rules\rules.1.363.58
      C:\Program Files\Dealio\kb125\rules\rules.1.364.54
      C:\Program Files\Dealio\kb125\rules\rules.1.365.53
      C:\Program Files\Dealio\kb125\rules\rules.1.367.56
      C:\Program Files\Dealio\kb125\rules\rules.1.368.58
      C:\Program Files\Dealio\kb125\rules\rules.1.369.55
      C:\Program Files\Dealio\kb125\rules\rules.1.370.56
      C:\Program Files\Dealio\kb125\rules\rules.1.371.56
      C:\Program Files\Dealio\kb125\rules\rules.1.372.57
      C:\Program Files\Dealio\kb125\rules\rules.1.373.55
      C:\Program Files\Dealio\kb125\rules\rules.1.375.56
      C:\Program Files\Dealio\kb125\rules\rules.1.376.57
      C:\Program Files\Dealio\kb125\rules\rules.1.377.55
      C:\Program Files\Dealio\kb125\rules\rules.1.378.65
      C:\Program Files\Dealio\kb125\rules\rules.1.384.58
      C:\Program Files\Dealio\kb125\rules\rules.1.386.71
      C:\Program Files\Dealio\kb125\rules\rules.1.387.59
      C:\Program Files\Dealio\kb125\rules\rules.1.388.59
      C:\Program Files\Dealio\kb125\rules\rules.1.389.59
      C:\Program Files\Dealio\kb125\rules\rules.1.390.60
      C:\Program Files\Dealio\kb125\rules\rules.1.391.60
      C:\Program Files\Dealio\kb125\rules\rules.1.392.60
      C:\Program Files\Dealio\kb125\rules\rules.1.393.60
      C:\Program Files\Dealio\kb125\rules\rules.1.394.60
      C:\Program Files\Dealio\kb125\rules\rules.1.396.61
      C:\Program Files\Dealio\kb125\rules\rules.1.397.61
      C:\Program Files\Dealio\kb125\rules\rules.1.398.60
      C:\Program Files\Dealio\kb125\rules\rules.1.399.60
      C:\Program Files\Dealio\kb125\rules\rules.1.403.61
      C:\Program Files\Dealio\kb125\rules\rules.1.404.63
      C:\Program Files\Dealio\kb125\rules\rules.1.405.61
      C:\Program Files\Dealio\kb125\rules\rules.1.406.61
      C:\Program Files\Dealio\kb125\rules\rules.1.407.76
      C:\Program Files\Dealio\kb125\rules\rules.1.408.63
      C:\Program Files\Dealio\kb125\rules\rules.1.409.61
      C:\Program Files\Dealio\kb125\rules\rules.1.412.62
      C:\Program Files\Dealio\kb125\rules\rules.1.413.62
      C:\Program Files\Dealio\kb125\rules\rules.1.414.62
      C:\Program Files\Dealio\kb125\rules\rules.1.415.62
      C:\Program Files\Dealio\kb125\rules\rules.1.416.62
      C:\Program Files\Dealio\kb125\rules\rules.1.417.62
      C:\Program Files\Dealio\kb125\rules\rules.1.418.62
      C:\Program Files\Dealio\kb125\rules\rules.1.419.62
      C:\Program Files\Dealio\kb125\rules\rules.1.420.62
      C:\Program Files\Dealio\kb125\rules\rules.1.421.62
      C:\Program Files\Dealio\kb125\rules\rules.1.423.63
      C:\Program Files\Dealio\kb125\rules\rules.1.424.63
      C:\Program Files\Dealio\kb125\rules\rules.1.425.63
      C:\Program Files\Dealio\kb125\rules\rules.1.426.63
      C:\Program Files\Dealio\kb125\rules\rules.1.427.63
      C:\Program Files\Dealio\kb125\rules\rules.1.428.65
      C:\Program Files\Dealio\kb125\rules\rules.1.429.63
      C:\Program Files\Dealio\kb125\rules\rules.1.430.63
      C:\Program Files\Dealio\kb125\rules\rules.1.432.65
      C:\Program Files\Dealio\kb125\rules\rules.1.433.64
      C:\Program Files\Dealio\kb125\rules\rules.1.434.65
      C:\Program Files\Dealio\kb125\rules\rules.1.435.64
      C:\Program Files\Dealio\kb125\rules\rules.1.436.76
      C:\Program Files\Dealio\kb125\rules\rules.1.437.64
      C:\Program Files\Dealio\kb125\rules\rules.1.438.71
      C:\Program Files\Dealio\kb125\rules\rules.1.439.71
      C:\Program Files\Dealio\kb125\rules\rules.1.440.75
      C:\Program Files\Dealio\kb125\rules\rules.1.442.73
      C:\Program Files\Dealio\kb125\rules\rules.1.443.73
      C:\Program Files\Dealio\kb125\rules\rules.1.444.73
      C:\Program Files\Dealio\kb125\rules\rules.1.445.68
      C:\Program Files\Dealio\kb125\rules\rules.1.446.69
      C:\Program Files\Dealio\kb125\rules\rules.1.450.67
      C:\Program Files\Dealio\kb125\rules\rules.1.451.67
      C:\Program Files\Dealio\kb125\rules\rules.1.452.68
      C:\Program Files\Dealio\kb125\rules\rules.1.453.68
      C:\Program Files\Dealio\kb125\rules\rules.1.454.69
      C:\Program Files\Dealio\kb125\rules\rules.1.456.69
      C:\Program Files\Dealio\kb125\rules\rules.1.457.75
      C:\Program Files\Dealio\kb125\rules\rules.1.458.70
      C:\Program Files\Dealio\kb125\rules\rules.1.459.70
      C:\Program Files\Dealio\kb125\rules\rules.1.460.69
      C:\Program Files\Dealio\kb125\rules\rules.1.462.74
      C:\Program Files\Dealio\kb125\rules\rules.1.463.69
      C:\Program Files\Dealio\kb125\rules\rules.1.464.70
      C:\Program Files\Dealio\kb125\rules\rules.1.465.68
      C:\Program Files\Dealio\kb125\rules\rules.1.468.70
      C:\Program Files\Dealio\kb125\rules\rules.1.469.70
      C:\Program Files\Dealio\kb125\rules\rules.1.470.70
      C:\Program Files\Dealio\kb125\rules\rules.1.471.73
      C:\Program Files\Dealio\kb125\rules\rules.1.472.70
      C:\Program Files\Dealio\kb125\rules\rules.1.478.74
      C:\Program Files\Dealio\kb125\rules\rules.1.479.73
      C:\Program Files\Dealio\kb125\rules\rules.1.480.68
      C:\Program Files\Dealio\kb125\rules\rules.1.481.71
      C:\Program Files\Dealio\kb125\rules\rules.1.482.74
      C:\Program Files\Dealio\kb125\rules\rules.1.49.67
      C:\Program Files\Dealio\kb125\rules\rules.1.50.43
      C:\Program Files\Dealio\kb125\rules\rules.1.500.71
      C:\Program Files\Dealio\kb125\rules\rules.1.501.74
      C:\Program Files\Dealio\kb125\rules\rules.1.502.71
      C:\Program Files\Dealio\kb125\rules\rules.1.51.69
      C:\Program Files\Dealio\kb125\rules\rules.1.52.72
      C:\Program Files\Dealio\kb125\rules\rules.1.520.76
      C:\Program Files\Dealio\kb125\rules\rules.1.521.76
      C:\Program Files\Dealio\kb125\rules\rules.1.522.76
      C:\Program Files\Dealio\kb125\rules\rules.1.53.51
      C:\Program Files\Dealio\kb125\rules\rules.1.531.76
      C:\Program Files\Dealio\kb125\rules\rules.1.532.75
      C:\Program Files\Dealio\kb125\rules\rules.1.534.75
      C:\Program Files\Dealio\kb125\rules\rules.1.54.47
      C:\Program Files\Dealio\kb125\rules\rules.1.55.45
      C:\Program Files\Dealio\kb125\rules\rules.1.56.69
      C:\Program Files\Dealio\kb125\rules\rules.1.57.43
      C:\Program Files\Dealio\kb125\rules\rules.1.58.47
      C:\Program Files\Dealio\kb125\rules\rules.1.593.76
      C:\Program Files\Dealio\kb125\rules\rules.1.595.76
      C:\Program Files\Dealio\kb125\rules\rules.1.63.57
      C:\Program Files\Dealio\kb125\rules\rules.1.66.47
      C:\Program Files\Dealio\kb125\rules\rules.1.70.75
      C:\Program Files\Dealio\kb125\rules\rules.1.71.43
      C:\Program Files\Search Settings
      C:\Program Files\Search Settings\kb125
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\Program Files\Search Settings\kb125\res
      C:\Program Files\Search Settings\kb125\SearchSettings.dll
      C:\Program Files\Search Settings\kb125\temp
      C:\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
      C:\Program Files\Search Settings\kb125\res\help.gif
      C:\Program Files\Search Settings\kb125\res\pixel.gif
      C:\Program Files\Search Settings\kb125\res\tabdata.js
      C:\Program Files\Search Settings\kb125\res\tablib.js
      C:\Program Files\Search Settings\kb125\res\tabwelcome_en.html
      C:\Program Files\Search Settings\kb125\res\tab_icon.png
      C:\Program Files\Search Settings\kb125\res\toolbar_background.gif
      C:\Program Files\Search Settings\kb125\res\vista_directions.png
      C:\Program Files\Search Settings\kb125\res\xp_directions.png
      C:\Program Files\Search Settings\kb125\res\yahoo_search.gif

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\Windows\\system32\\blank.htm"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Start Page"="https://www.google.be/?gws_rd=ssl"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Url"="https://www.msn.com/fr-fr/actualite/"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


      --------------------\\ Recherche d'autres infections

      --------------------\\ KoobFace !

      C:\Program Files\TinyProxy



      [ UAC => 1 ]


      1 - "C:\ToolBar SD\TB_1.txt" - lun. 12/01/2009|21:03 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - lun. 12/01/2009|21:12 - Option : [1]

      -----------\\ Fin du rapport a 21:12:45,32
      0
  3. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Nettoyage avec ToolBar S&D :

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipulation !!

    Relance Toolbar-S&D en double-cliquant sur le raccourci.
    * Tape l’option 2 (Nettoyage) puis tapes sur Entrée.
    Notes :
    Ne touche à rien lors de la suppression !
    Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
    accompagné d’un nouveau rapport Hijackthis pour analyse ...
    0
    1. helraiser
       
      voici le rapport apres nettoyage:
      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
      BIOS : Default System BIOS
      USER : francois ( Administrator )
      BOOT : Normal boot
      Antivirus : Norton Internet Security 2007 (Activated)
      Firewall : Norton Internet Security 2007 (Activated)
      C:\ (Local Disk) - NTFS - Total:141 Go (Free:22 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [2] ( lun. 12/01/2009|22:08 )

      [ UAC => 1 ]

      -----------\\ SUPPRESSION

      Supprime! - C:\Program Files\AskTBar\SrchAstt
      Supprime! - C:\Users\francois\Desktop\BitLord.lnk
      Supprime! - C:\Users\francois\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\BitLord
      Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BitLord
      Supprime! - C:\Program Files\BitLord\BitLord.exe
      Supprime! - C:\Program Files\BitLord\BitLord.url
      Supprime! - C:\Program Files\BitLord\BitLord.xml
      Supprime! - C:\Program Files\BitLord\BitLord_Win9x.exe
      Supprime! - C:\Program Files\BitLord\Downloads
      Supprime! - C:\Program Files\BitLord\Downloads.xml
      Supprime! - C:\Program Files\BitLord\lang
      Supprime! - C:\Program Files\BitLord\License.txt
      Supprime! - C:\Program Files\BitLord\rules
      Supprime! - C:\Program Files\BitLord\uninst.exe
      Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
      Supprime! - C:\Program Files\Dealio\DealioAU.exe
      Supprime! - C:\Program Files\Dealio\kb125
      Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
      Supprime! - C:\Program Files\Search Settings\kb125
      Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
      Supprime! - C:\Program Files\AskTBar
      Supprime! - C:\Program Files\BitLord
      Supprime! - C:\Program Files\Dealio
      Supprime! - C:\Program Files\Search Settings

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\Windows\\system32\\blank.htm"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Start Page"="https://www.google.be/?gws_rd=ssl"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Url"="https://www.msn.com/fr-fr/actualite/"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://www.msn.com/fr-fr/"
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


      --------------------\\ Recherche d'autres infections

      --------------------\\ KoobFace !

      C:\Program Files\TinyProxy



      [ UAC => 1 ]


      1 - "C:\ToolBar SD\TB_1.txt" - lun. 12/01/2009|21:03 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - lun. 12/01/2009|21:12 - Option : [1]
      3 - "C:\ToolBar SD\TB_3.txt" - lun. 12/01/2009|22:14 - Option : [2]

      -----------\\ Fin du rapport a 22:14:35,73

      et voici le rapport de hijackthis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:16:52, on 12/01/2009
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16764)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\AVG\AVG8\avgtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\System32\mobsync.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: CCC.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    = = = = >>> En cliquant ici <<< = = = =

    Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.

    Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    * Redémarre ton ordinateur
    * Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

    Déroule la liste des instructions ci-dessous :
    * Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le processus de nettoyage.
    * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.

    * Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
    * Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
    * Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    Si t’as besoin d’un tuto, clic ICI
    0
    1. hellraiser
       
      il ne c est rien passer qd j ai cliquer sur run this bat.
      par contre qd j ai cliquer sur catch me il m a prosposer de scanner chose que j ai faite!puis j ai du redémarer manuellement car il ne me le proposait pas!
      voici ce qu'il y a dans xp virusalert_repair

      ; This .inf file will remove Policy restrictions added by the VirusAlert
      ; infection and restore the default start menu icons and drive settings

      [Version]
      Signature="$Windows NT$"

      [DefaultInstall]
      DelReg=RemoveRestrictions
      AddReg=ResetRegChanges

      [ResetRegChanges]
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowControlPanel,0x10001,0x00000002
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowHelp,0x10001,0x00000001
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowMyComputer,0x10001,0x00000002
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowMyDocs,0x10001,0x00000001
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowMyMusic,0x10001,0x00000001
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowMyPics,0x10001,0x00000001
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowNetPlaces,0x10001,0x00000001
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowRun,0x10001,0x00000001
      HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,Start_ShowSearch,0x10001,0x00000001
      HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDrives,0x10001,0x00000000

      [RemoveRestrictions]
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoSetFolders"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoSetFolders"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoStartMenuMorePrograms"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoStartMenuMorePrograms"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoToolbarCustomize"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoToolbarCustomize"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","StartMenuLogoff"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","StartMenuLogoff"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableCMD"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableCMD"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableRegistryTools"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableRegistryTools"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableTaskMgr"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableTaskMgr"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispCPL"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispCPL"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispBackgroundPage"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispBackgroundPage"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispScrSavPage"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispScrSavPage"
      HKCU, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
      HKLM, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
      HKCU, "Software\Policies\Microsoft\Windows\system","DisableCMD"
      HKLM, "Software\Policies\Microsoft\Windows\system","DisableCMD"


      et voici ce qu il y a dans w2k_virusalert_repair

      ; This .inf file will remove Policy restrictions added by the VirusAlert infection

      [Version]
      Signature="$Windows NT$"

      [DefaultInstall]
      DelReg=RemoveRestrictions

      [RemoveRestrictions]
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoSetFolders"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoSetFolders"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoStartMenuMorePrograms"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoStartMenuMorePrograms"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoToolbarCustomize"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoToolbarCustomize"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","StartMenuLogoff"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","StartMenuLogoff"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableCMD"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableCMD"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableRegistryTools"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableRegistryTools"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableTaskMgr"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableTaskMgr"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispCPL"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispCPL"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispBackgroundPage"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispBackgroundPage"
      HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispScrSavPage"
      HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\System","NoDispScrSavPage"
      HKCU, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
      HKLM, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
      HKCU, "Software\Policies\Microsoft\Windows\system","DisableCMD"
      HKLM, "Software\Policies\Microsoft\Windows\system","DisableCMD"
      0
  6. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Autant pour moi, c'est normal, supprime SDFix.

    Télécharge Malwarebytes’ Anti-Malware
    = = = = >>> En cliquant ici <<< = = = =

    - Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
    - Enregistres le sur le bureau
    - Double cliques sur le fichier téléchargé pour lancer le processus d’installation
    - Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
    - Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
    - Une fois la mise à jour terminée, ferme Malwarebytes
    - Double-cliques sur l’icône de malwarebytes pour le relancer
    - Dans l’onglet, Recherche, probablement ouvert par défaut,
    - Sélectionne Exécuter un examen complet
    - Clique sur Rechercher
    - Le scan démarre
    - A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
    - Cliques sur Ok pour poursuivre.
    - Si des malwares ont été détectés, cliques sur Afficher les résultats
    - Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    - Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
    - Rends toi dans l’onglet rapport/log
    - Tu cliques dessus pour l’afficher une fois affiché
    - Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
    - Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
    - Tu cliques droit dans le cadre de la réponse et coller

    Si tu as besoin d’aide regarde ce tutorial ICI
    0
    1. hellraiser
       
      voivi le rapport:
      Malwarebytes' Anti-Malware 1.32
      Version de la base de données: 1647
      Windows 6.0.6000

      13/01/2009 1:42:57
      mbam-log-2009-01-13 (01-42-57).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 157891
      Temps écoulé: 1 hour(s), 57 minute(s), 0 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 2
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  7. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Parfait.
    Vide la quarantaine de Malwarebytes anti malware et poste un nouveau rapport hijackthis stp.
    0
    1. hellraiser
       
      ok voici le rapport:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:16:52, on 12/01/2009
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16764)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\AVG\AVG8\avgtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\System32\mobsync.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: CCC.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      0
      1. hellraiser > hellraiser
         
        voila j ai re scanner mon pc avec spyboot sd et il a denouveau trouver my web search, par contre cette fois ci j ai su le supprimer!
        alors j ai rescanner encore une fois avec spyboot sd etj e n ai rien trouver
        j ai ensuite essayer de rescanner mon pc avec hijack et impossible de le lancer...
        0
      2. hellraiser > hellraiser
         
        j ai reussi a scanner avec hijack this et voici le rapport:
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 22:16:52, on 12/01/2009
        Platform: Windows Vista (WinNT 6.00.1904)
        MSIE: Internet Explorer v7.00 (7.00.6000.16764)
        Boot mode: Normal

        Running processes:
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\AVG\AVG8\avgtray.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Windows Media Player\wmpnscfg.exe
        C:\Windows\System32\mobsync.exe
        C:\Windows\system32\wbem\unsecapp.exe
        C:\Windows\system32\conime.exe
        C:\Windows\system32\NOTEPAD.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Windows Live\Toolbar\wltuser.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        R3 - Default URLSearchHook is missing
        O1 - Hosts: ::1 localhost
        O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
        O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
        O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
        O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
        O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
        O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Startup: CCC.lnk = ?
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
        O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
        O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
        O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
        O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
        0
  8. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Suis cette procédure pour supprimer toutes les traces de Norton :
    = = = =>>> En cliquant ici <<<= = = =
    Tu ne fais bien entendu pas l'étape 3 de la réinstallation.

    ************

    Relance l'option 1 de Toolbar SD et poste le rapport généré pour vérification stp.
    0
    1. hellraiser
       
      voici le rapport:

      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
      BIOS : Default System BIOS
      USER : francois ( Administrator )
      BOOT : Normal boot
      Antivirus : AVG Anti-Virus Free 8.0 (Activated)
      C:\ (Local Disk) - NTFS - Total:141 Go (Free:27 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( mar. 13/01/2009|19:46 )

      [ UAC => 1 ]

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\Windows\\system32\\blank.htm"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Start Page"="https://www.google.be/?gws_rd=ssl"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Url"="https://www.msn.com/fr-fr/actualite/"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://www.msn.com/fr-fr/"
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !
      0
    2. hellraiser
       
      est ce bon comme ca???
      0
  9. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.

    = = = = >>> En cliquant ici <<< = = = =

    * Double-clique sur RSIT.exe pour le lancer.

    * Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).

    * Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.

    * Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).

    * Poste le contenu de log.txt (c’est celui qui apparaît à l’écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
    0
    1. hellraiser
       
      voici le log txt:
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by francois at 2009-01-13 20:20:05
      Microsoft® Windows Vista™ Édition Familiale Basique
      System drive C: has 29 GB (20%) free of 144 GB
      Total RAM: 767 MB (21% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:20:50, on 13/01/2009
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16764)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\AVG\AVG8\avgtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Internet Explorer\IEUser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
      C:\Windows\system32\taskeng.exe
      C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6YM0ICI\RSIT[1].exe
      C:\Program Files\Trend Micro\HijackThis\francois.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: CCC.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      0
  10. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    C'est toi qui a installé RegCure ??

    Télécharge UsbFix sur ton bureau :
    = = = = >>> En cliquant ici <<< = = = =

    => Lance l’installation avec les paramètres par défaut

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d’avoir été infectés sans les ouvrir

    => Double clic sur le raccourci UsbFix sur ton bureau

    => Sélectionne l’option 1 : Nettoyage

    => Le PC va redémarrer

    =>Après redémarrage poste le rapport UsbFix.txt

    Notes :
    * Le rapport UsbFix.txt est sauvegardé a la racine du disque
    * Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche", tape explorer.exe et valide.
    0
    1. hellraiser
       
      est ce possible que ca soit ca?:
      ;
      ; CANON INC. Scanner driver
      ;
      ; MP160SC.INF -- Windows Setup File for the MP160
      ; Scanner driver
      ; Copyright (c) CANON INC. 2006
      ;
      ;
      ; Last Modified: 12-Sep-2006

      [Version]
      Signature="$CHICAGO$"
      Class=Image
      ClassGUID={6bdd1fc6-810f-11d0-bec7-08002be2092f}
      ; The above GUID is the class GUID for all scanners and MUST NOT change
      Provider=%Msft%
      CatalogFile.NTx86=MP160SCa.CAT
      CatalogFile.NTamd64=MP160SCb.CAT
      DriverVer=09/12/2006,12.1.0.0

      [DestinationDirs]
      DefaultDestDir=11
      Sys32Files.WIN = 10,system32\drivers
      CNCDsFiles=10,"twain_32\"%CNCRFN%
      CNCDsResFiles=10,"twain_32\"%CNCRFN%
      CNCDsResFiles_XP64=10,"twain_32\"%CNCRFN%
      CNCMediaFiles=10,media
      ColorFiles.WIN=11,Color
      ColorFiles.NT=11,spool\drivers\Color
      TwainDsmFiles = 10

      [ControlFlags]
      ExcludeFromSelect=*

      [Manufacturer]
      %Mfg%=Models,NTx86.5.1,NTamd64.5.1

      [Models]
      %CNC.DeviceDesc%=CNCInstall,USB\VID_04A9&PID_1714&MI_00

      [Models.NTx86.5.1]
      %CNC.DeviceDesc%=CNCInstall_XP,USB\VID_04A9&PID_1714&MI_00

      [Models.NTamd64.5.1]
      %CNC.DeviceDesc%=CNCInstall_XP64,USB\VID_04A9&PID_1714&MI_00

      ;.......................................... Win98 and Me section
      [CNCInstall]
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=MPAddReg,CNCAddreg,CNCUSDAddreg
      CopyFiles=StiFiles,CNCDsFiles,CNCDsResFiles,ColorFiles.WIN,CNCMediaFiles,Sys32Files.WIN,TwainDsmFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=1
      Events=PushButton.Events
      DriverVer=09/12/2006,12.1.0.0

      [MPAddReg]
      HKR,,HardwareConfig,1,4
      HKR,,DevLoader,,*NTKERN
      HKR,,NTMPDriver,,MpUsbScn.sys

      [Sys32Files.WIN]
      MpUsbScn.sys,,,0x20

      ;........................................ Win2000 section
      [CNCInstall.NT]
      Include=sti.inf
      Needs=STI.USBSection
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=CNCAddreg,CNCUSDAddreg
      CopyFiles=StiFiles,CNCDsFiles,CNCDsResFiles,ColorFiles.NT,CNCMediaFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=1
      Events=PushButton.Events
      DriverVer=09/12/2006,12.1.0.0

      [CNCInstall.NT.Services]
      Include=sti.inf
      Needs=STI.USBSection.Services

      ;........................................ WinXP section
      [CNCInstall_XP.NT]
      Include=sti.inf
      Needs=STI.USBSection
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=CNCAddreg,CNCUSDAddreg_XP
      CopyFiles=WiaFiles,CNCDsFiles,CNCDsResFiles,ColorFiles.NT,CNCMediaFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=0x11
      Events=PushButton.Events_XP
      DriverVer=09/12/2006,12.1.0.0
      FriendlyName=%CNC.FriendlyName%

      [CNCInstall_XP.NT.Services]
      Include=sti.inf
      Needs=STI.USBSection.Services

      [CNCInstall_XP.NT.CoInstallers]
      CopyFiles = ScanCoInstaller_CopyFiles
      AddReg = ScanCoInstaller_AddReg

      [ScanCoInstaller_CopyFiles]
      cnco160.dll,cncisco.dll

      [ScanCoInstaller_AddReg]
      HKR,,CoInstallers32,0x00010000,"cnco160.dll,Coinstaller_EntryPoint"

      ;........................................ WinXP64 section
      [CNCInstall_XP64.NT]
      Include=sti.inf
      Needs=STI.USBSection
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=CNCAddreg64,CNCUSDAddreg_XP
      CopyFiles=WiaFiles,CNCDsFiles,CNCDsResFiles_XP64,ColorFiles.NT,CNCMediaFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=0x11
      Events=PushButton.Events_XP
      DriverVer=09/12/2006,12.1.0.0
      FriendlyName=%CNC.FriendlyName%

      [CNCInstall_XP64.NT.Services]
      Include=sti.inf
      Needs=STI.USBSection.Services

      [CNCInstall_XP64.NT.CoInstallers]
      CopyFiles = ScanCoInstaller_CopyFiles_x64
      AddReg = ScanCoInstaller_AddReg_x64

      [ScanCoInstaller_CopyFiles_x64]
      cnco160.dll,cncisco.dll

      [ScanCoInstaller_AddReg_x64]
      HKR,,CoInstallers32,0x00010000,"cnco160.dll,Coinstaller_EntryPoint"

      [TwainDsmFiles]
      Twain.dll,,,0x20
      Twain_32.dll,,,0x20
      Twunk_16.exe,,,0x20
      Twunk_32.exe,,,0x20

      ;.......................................... Win98 and Me
      [ColorFiles.WIN]
      CNZ005.ICC
      CNFRA0.ICC

      ;........................................ Win2000 and WinXP and WinXP64
      [ColorFiles.NT]
      CNZ005.ICC
      CNFRA0.ICC

      ;.......................................... Common Section
      [PushButton.Events]
      PushButtonPushed1=%PushButtonPushed1%,{593F4658-BDD1-4b2b-9847-AEC60D2CA91D},%ButtonApp%

      [PushButton.Events_XP]
      PushButtonPushed1=%PushButtonPushed1%,{AD93F4DB-031F-4654-9CBE-569ED03F8CD1},%ButtonApp%

      [CNCDeviceData]
      TwainDS=%CNC.TwainDS%
      SpecialInfo=%CNC.SPInfo%
      DeviceKey=%CNCRFN%
      InstallDirectory="\TWAIN_32\%CNCRFN%\"
      ; PUSH BUTTON 1 RESOURCE ID
      IDPushButton1=213

      [CNCAddreg]
      HKLM,"%SGDKEY%","DeviceName",,%CNC.MDL%
      HKLM,"%SGDKEY%","Manufacturer",,"Canon Inc."
      HKLM,"%SGDKEY%","ProductFamily",,"TWAIN Scanners"
      HKLM,"%SGDKEY%","ProductName",,%CNC.MDL%
      HKLM,"%SGDKEY%","InstallDirectory",,"%10%\TWAIN_32\%CNCRFN%\"
      HKLM,"%SGDKEY%","ProductId",,"MP160 "
      HKLM,"%SGDKEY%","TextEnhance",0x00010001,0
      HKLM,"%SGDKEY%","HiDefinitionMode",0x00010001,0
      HKLM,"%SGDKEY%","DriverDate",,"09 2006"
      HKLM,"%SGDKEY%","DriverVersion",,"12.1.0.0"
      HKLM,"%SGDKEY%","ColorMatch Platen",,"CNFRA0.ICC"
      HKLM,"%SGDKEY%","SGIPPDEF",,"CNC160.DAT"
      HKLM,"%SGDKEY%","Descreen",0x00010001,0
      HKLM,"%SGDKEY%","Unsharp",0x00010001,3
      HKLM,"%SGDKEY%","CardPhotoDistThr",0x00010001,30
      HKLM,"%SGDKEY%","PhotoTrimThr",0x00010001,210
      HKLM,"%SGDKEY%","PhotoRThr",0x00010001,210
      HKLM,"%SGDKEY%","PhotoGThr",0x00010001,210
      HKLM,"%SGDKEY%","PhotoBThr",0x00010001,210
      HKLM,"%SGDKEY%","CardTrimThr",0x00010001,30
      HKLM,"%SGDKEY%","CardRThr",0x00010001,30
      HKLM,"%SGDKEY%","CardGThr",0x00010001,30
      HKLM,"%SGDKEY%","CardBThr",0x00010001,30
      HKLM,"%SGDKEY%","ParWhiteBlackEth",0x00010001,5
      HKLM,"%SGDKEY%","ParWhiteBlackEthDG",0x00010001,5
      HKLM,"%SGDKEY%","ParWhiteBlackSth",0x00010001,35
      HKLM,"%SGDKEY%","ParWhiteBlackVth",0x00010001,10
      HKLM,"%SGDKEY%","ParLabelingHth",0x00010001,30
      HKLM,"%SGDKEY%","ParLabelingLeft",0x00010001,1
      HKLM,"%SGDKEY%","ParLabelingTop",0x00010001,1
      HKLM,"%SGDKEY%","ParLabelingRight",0x00010001,1
      HKLM,"%SGDKEY%","ParLabelingBottom",0x00010001,1
      HKLM,"%SGDKEY%","ButtonNum",0x00010001,1
      HKLM,"%SGDKEY%","AvailableDriver",0x00010001,1
      HKLM,"%STIKEY%","MP160",0x00010001,1

      [CNCAddreg64]
      HKLM,"%SGDKEY64%","DeviceName",,%CNC.MDL%
      HKLM,"%SGDKEY64%","Manufacturer",,"Canon Inc."
      HKLM,"%SGDKEY64%","ProductFamily",,"TWAIN Scanners"
      HKLM,"%SGDKEY64%","ProductName",,%CNC.MDL%
      HKLM,"%SGDKEY64%","InstallDirectory",,"%10%\TWAIN_32\%CNCRFN%\"
      HKLM,"%SGDKEY64%","ProductId",,"MP160 "
      HKLM,"%SGDKEY64%","TextEnhance",0x00010001,0
      HKLM,"%SGDKEY64%","HiDefinitionMode",0x00010001,0
      HKLM,"%SGDKEY64%","DriverDate",,"09 2006"
      HKLM,"%SGDKEY64%","DriverVersion",,"12.1.0.0"
      HKLM,"%SGDKEY64%","ColorMatch Platen",,"CNFRA0.ICC"
      HKLM,"%SGDKEY64%","SGIPPDEF",,"CNC160.DAT"
      HKLM,"%SGDKEY64%","Descreen",0x00010001,0
      HKLM,"%SGDKEY64%","Unsharp",0x00010001,3
      HKLM,"%SGDKEY64%","CardPhotoDistThr",0x00010001,30
      HKLM,"%SGDKEY64%","PhotoTrimThr",0x00010001,210
      HKLM,"%SGDKEY64%","PhotoRThr",0x00010001,210
      HKLM,"%SGDKEY64%","PhotoGThr",0x00010001,210
      HKLM,"%SGDKEY64%","PhotoBThr",0x00010001,210
      HKLM,"%SGDKEY64%","CardTrimThr",0x00010001,30
      HKLM,"%SGDKEY64%","CardRThr",0x00010001,30
      HKLM,"%SGDKEY64%","CardGThr",0x00010001,30
      HKLM,"%SGDKEY64%","CardBThr",0x00010001,30
      HKLM,"%SGDKEY64%","ParWhiteBlackEth",0x00010001,5
      HKLM,"%SGDKEY64%","ParWhiteBlackEthDG",0x00010001,5
      HKLM,"%SGDKEY64%","ParWhiteBlackSth",0x00010001,35
      HKLM,"%SGDKEY64%","ParWhiteBlackVth",0x00010001,10
      HKLM,"%SGDKEY64%","ParLabelingHth",0x00010001,30
      HKLM,"%SGDKEY64%","ParLabelingLeft",0x00010001,1
      HKLM,"%SGDKEY64%","ParLabelingTop",0x00010001,1
      HKLM,"%SGDKEY64%","ParLabelingRight",0x00010001,1
      HKLM,"%SGDKEY64%","ParLabelingBottom",0x00010001,1
      HKLM,"%SGDKEY64%","ButtonNum",0x00010001,1
      HKLM,"%SGDKEY64%","AvailableDriver",0x00010001,1
      HKLM,"%STIKEY64%","MP160",0x00010001,1

      [CNCUSDAddreg]
      HKR,,USDClass,,"{85CCD822-692A-4b20-8ED8-7E42CFF45C18}"
      HKCR,CLSID\{85CCD822-692A-4b20-8ED8-7E42CFF45C18},,,"Canon USD"
      HKCR,CLSID\{85CCD822-692A-4b20-8ED8-7E42CFF45C18}\InProcServer32,,,%11%\CNCU160.DLL
      HKCR,CLSID\{85CCD822-692A-4b20-8ED8-7E42CFF45C18}\InProcServer32,ThreadingModel,,"Both"
      ; The above GUID is specific to MP160 and MUST change for a different model.

      [CNCUSDAddreg_XP]
      HKLM,"%WIASGDKEY%","ColorMatch",0x00010001,1
      HKLM,"%WIASGDKEY%","ColorGear",,"%CNC.ColorGear%"
      HKLM,"%WIASGDKEY%","TextEnhance",0x00010001,0
      HKLM,"%WIASGDKEY%","Descreen",0x00010001,0
      HKLM,"%WIASGDKEY%","UnsharpMask",0x00010001,0
      HKLM,"%WIASGDKEY%","HiDefinitionMode",0x00010001,0
      HKLM,"%WIASGDKEY%","ProductId",,"MP160 "
      HKLM,"%WIASGDKEY%","ButtonNum",0x00010001,1
      HKLM,"%WIASGDKEY%","DspGamma",0x00010001,0
      HKLM,"%WIASTIKEY%","MP160",0x00010001,1
      HKR,,USDClass,,"{6E94122A-B04E-4441-B590-36680CD8998C}"
      HKCR,CLSID\{6E94122A-B04E-4441-B590-36680CD8998C},,,"Canon USD"
      HKCR,CLSID\{6E94122A-B04E-4441-B590-36680CD8998C}\InProcServer32,,,%11%\CNCC160.DLL
      HKCR,CLSID\{6E94122A-B04E-4441-B590-36680CD8998C}\InProcServer32,ThreadingModel,,"Both"
      ; The above GUID is specific to MP160 and MUST change for a different model.

      [StiFiles]
      CNCU160.DLL
      CNCL160.DLL

      [WiaFiles]
      CNCC160.DLL
      CNCI160.DLL
      CNCL160.DLL

      [CNCDsFiles]
      CISDS.DS
      SGUI.DLL
      IOP.DLL
      ITLIB32.DLL
      SCANINTF.DLL
      SCRPRMV.DLL
      TPM.DLL
      IPM.DLL
      CNC160.DAT
      IPM.DAT
      MC2.TXT
      RSTCOL.DLL
      BaLCo.dll
      CFine2.dll
      libBLC.dll
      MC2.DLL
      CAPS.DLL
      CUBS.DLL
      HSL.DLL
      AG.DLL
      USIP.DLL
      SGCFLTR.DLL

      [CNCDsResFiles]
      SGRES_US.DLL
      SGRES_JP.DLL
      SGRES_CZ.DLL
      SGRES_DE.DLL
      SGRES_ES.DLL
      SGRES_FR.DLL
      SGRES_HU.DLL
      SGRES_IT.DLL
      SGRES_KR.DLL
      SGRES_NL.DLL
      SGRES_PL.DLL
      SGRES_PT.DLL
      SGRES_RU.DLL
      SGRES_CN.DLL
      SGRES_TW.DLL
      SGRES_DK.DLL
      SGRES_NO.DLL
      SGRES_SE.DLL
      SGRES_FI.DLL
      SGRES_GR.DLL
      SGRES_TR.DLL
      SGRES_AR.DLL
      SGRES_TH.DLL
      USDRESUS.DLL
      USDRESJP.DLL
      USDRESCZ.DLL
      USDRESDE.DLL
      USDRESES.DLL
      USDRESFR.DLL
      USDRESHU.DLL
      USDRESIT.DLL
      USDRESKR.DLL
      USDRESNL.DLL
      USDRESPL.DLL
      USDRESPT.DLL
      USDRESRU.DLL
      USDRESCN.DLL
      USDRESTW.DLL
      USDRESDK.DLL
      USDRESNO.DLL
      USDRESSE.DLL
      USDRESFI.DLL
      USDRESGR.DLL
      USDRESTR.DLL
      USDRESAR.DLL
      USDRESTH.DLL

      [CNCDsResFiles_XP64]
      SGRES_US.DLL
      SGRES_JP.DLL
      SGRES_CZ.DLL
      SGRES_DE.DLL
      SGRES_ES.DLL
      SGRES_FR.DLL
      SGRES_HU.DLL
      SGRES_IT.DLL
      SGRES_KR.DLL
      SGRES_NL.DLL
      SGRES_PL.DLL
      SGRES_PT.DLL
      SGRES_RU.DLL
      SGRES_CN.DLL
      SGRES_TW.DLL
      SGRES_DK.DLL
      SGRES_NO.DLL
      SGRES_SE.DLL
      SGRES_FI.DLL
      SGRES_GR.DLL
      SGRES_TR.DLL
      SGRES_AR.DLL
      SGRES_TH.DLL
      USDRESUS.DLL
      USDRESJP.DLL
      USDRESCZ.DLL
      USDRESDE.DLL
      USDRESES.DLL
      USDRESFR.DLL
      USDRESHU.DLL
      USDRESIT.DLL
      USDRESKR.DLL
      USDRESNL.DLL
      USDRESPL.DLL
      USDRESPT.DLL
      USDRESRU.DLL
      USDRESCN.DLL
      USDRESTW.DLL
      USDRESDK.DLL
      USDRESNO.DLL
      USDRESSE.DLL
      USDRESFI.DLL
      USDRESGR.DLL
      USDRESTR.DLL
      USDRESAR.DLL
      USDRESTH.DLL

      [CNCMediaFiles]
      CSSAMP1.MID

      ;-------------------------------Source Index
      [SourceDisksFiles]
      cncisco.dll=1,SCN\SGCOMMON\x86
      ITLIB32.DLL=1,SCN\SGCOMMON\x86
      MSVCRT.DLL=1,SCN\SGCOMMON\x86
      RSTCOL.DLL=1,SCN\SGCOMMON\x86
      BaLCo.dll=1,SCN\SGCOMMON\x86
      CFine2.dll=1,SCN\SGCOMMON\x86
      libBLC.dll=1,SCN\SGCOMMON\x86
      MC2.DLL=1,SCN\SGCOMMON\x86
      CAPS.DLL=1,SCN\SGCOMMON\x86
      CUBS.DLL=1,SCN\SGCOMMON\x86
      HSL.DLL=1,SCN\SGCOMMON\x86
      AG.DLL=1,SCN\SGCOMMON\x86
      USIP.DLL=1,SCN\SGCOMMON\x86
      SGCFLTR.DLL=1,SCN\SGCOMMON\x86

      CISDS.DS=1,SCN\SGCOMMON\x86
      SGUI.DLL=1,SCN\SGCOMMON\x86
      IOP.DLL=1,SCN\SGCOMMON\x86
      SCANINTF.DLL=1,SCN\SGCOMMON\x86
      TPM.DLL=1,SCN\SGCOMMON\x86
      IPM.DLL=1,SCN\SGCOMMON\x86

      SGRES_US.DLL=1,SCN\SGCOMMON\x86
      SGRES_JP.DLL=1,SCN\SGCOMMON\x86
      SGRES_CZ.DLL=1,SCN\SGCOMMON\x86
      SGRES_DE.DLL=1,SCN\SGCOMMON\x86
      SGRES_ES.DLL=1,SCN\SGCOMMON\x86
      SGRES_FR.DLL=1,SCN\SGCOMMON\x86
      SGRES_HU.DLL=1,SCN\SGCOMMON\x86
      SGRES_IT.DLL=1,SCN\SGCOMMON\x86
      SGRES_KR.DLL=1,SCN\SGCOMMON\x86
      SGRES_NL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PT.DLL=1,SCN\SGCOMMON\x86
      SGRES_RU.DLL=1,SCN\SGCOMMON\x86
      SGRES_CN.DLL=1,SCN\SGCOMMON\x86
      SGRES_TW.DLL=1,SCN\SGCOMMON\x86
      SGRES_DK.DLL=1,SCN\SGCOMMON\x86
      SGRES_NO.DLL=1,SCN\SGCOMMON\x86
      SGRES_SE.DLL=1,SCN\SGCOMMON\x86
      SGRES_FI.DLL=1,SCN\SGCOMMON\x86
      SGRES_GR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TR.DLL=1,SCN\SGCOMMON\x86
      SGRES_AR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TH.DLL=1,SCN\SGCOMMON\x86

      CSSAMP1.MID=1,SCN\SGCOMMON
      CNZ005.ICC=1,SCN\SGCOMMON
      IPM.DAT=1,SCN\MP160
      CNC160.DAT=1,SCN\MP160
      CNFRA0.ICC=1,SCN\MP160
      MC2.TXT=1,SCN\MP160

      SCRPRMV.DLL=1,SCN\MP160\x86

      TWUNK_16.EXE=1,SCN\SGCOMMON\x86
      TWUNK_32.EXE=1,SCN\SGCOMMON\x86
      TWAIN_32.DLL=1,SCN\SGCOMMON\x86
      TWAIN.DLL =1,SCN\SGCOMMON\x86

      MpUsbScn.sys=1,SCN\SGCOMMON\x86

      CNCU160.DLL=1,SCN\MP160\x86
      CNCC160.DLL=1,SCN\MP160\x86
      CNCI160.DLL=1,SCN\MP160\x86
      CNCL160.DLL=1,SCN\MP160\x86
      USDRESUS.DLL=1,SCN\MP160\x86
      USDRESJP.DLL=1,SCN\MP160\x86
      USDRESCZ.DLL=1,SCN\MP160\x86
      USDRESDE.DLL=1,SCN\MP160\x86
      USDRESES.DLL=1,SCN\MP160\x86
      USDRESFR.DLL=1,SCN\MP160\x86
      USDRESHU.DLL=1,SCN\MP160\x86
      USDRESIT.DLL=1,SCN\MP160\x86
      USDRESKR.DLL=1,SCN\MP160\x86
      USDRESNL.DLL=1,SCN\MP160\x86
      USDRESPL.DLL=1,SCN\MP160\x86
      USDRESPT.DLL=1,SCN\MP160\x86
      USDRESRU.DLL=1,SCN\MP160\x86
      USDRESCN.DLL=1,SCN\MP160\x86
      USDRESTW.DLL=1,SCN\MP160\x86
      USDRESDK.DLL=1,SCN\MP160\x86
      USDRESNO.DLL=1,SCN\MP160\x86
      USDRESSE.DLL=1,SCN\MP160\x86
      USDRESFI.DLL=1,SCN\MP160\x86
      USDRESGR.DLL=1,SCN\MP160\x86
      USDRESTR.DLL=1,SCN\MP160\x86
      USDRESAR.DLL=1,SCN\MP160\x86
      USDRESTH.DLL=1,SCN\MP160\x86

      [SourceDisksFiles.amd64]
      cncisco.dll=1,SCN\SGCOMMON\x64
      CNCC160.DLL=1,SCN\MP160\x64
      CNCI160.DLL=1,SCN\MP160\x64
      CNCL160.DLL=1,SCN\MP160\x64
      SGRES_US.DLL=1,SCN\SGCOMMON\x86
      SGRES_JP.DLL=1,SCN\SGCOMMON\x86
      SGRES_CZ.DLL=1,SCN\SGCOMMON\x86
      SGRES_DE.DLL=1,SCN\SGCOMMON\x86
      SGRES_ES.DLL=1,SCN\SGCOMMON\x86
      SGRES_FR.DLL=1,SCN\SGCOMMON\x86
      SGRES_HU.DLL=1,SCN\SGCOMMON\x86
      SGRES_IT.DLL=1,SCN\SGCOMMON\x86
      SGRES_KR.DLL=1,SCN\SGCOMMON\x86
      SGRES_NL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PT.DLL=1,SCN\SGCOMMON\x86
      SGRES_RU.DLL=1,SCN\SGCOMMON\x86
      SGRES_CN.DLL=1,SCN\SGCOMMON\x86
      SGRES_TW.DLL=1,SCN\SGCOMMON\x86
      SGRES_DK.DLL=1,SCN\SGCOMMON\x86
      SGRES_NO.DLL=1,SCN\SGCOMMON\x86
      SGRES_SE.DLL=1,SCN\SGCOMMON\x86
      SGRES_FI.DLL=1,SCN\SGCOMMON\x86
      SGRES_GR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TR.DLL=1,SCN\SGCOMMON\x86
      SGRES_AR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TH.DLL=1,SCN\SGCOMMON\x86
      USDRESUS.DLL=1,SCN\MP160\x64
      USDRESJP.DLL=1,SCN\MP160\x64
      USDRESCZ.DLL=1,SCN\MP160\x64
      USDRESDE.DLL=1,SCN\MP160\x64
      USDRESES.DLL=1,SCN\MP160\x64
      USDRESFR.DLL=1,SCN\MP160\x64
      USDRESHU.DLL=1,SCN\MP160\x64
      USDRESIT.DLL=1,SCN\MP160\x64
      USDRESKR.DLL=1,SCN\MP160\x64
      USDRESNL.DLL=1,SCN\MP160\x64
      USDRESPL.DLL=1,SCN\MP160\x64
      USDRESPT.DLL=1,SCN\MP160\x64
      USDRESRU.DLL=1,SCN\MP160\x64
      USDRESCN.DLL=1,SCN\MP160\x64
      USDRESTW.DLL=1,SCN\MP160\x64
      USDRESDK.DLL=1,SCN\MP160\x64
      USDRESNO.DLL=1,SCN\MP160\x64
      USDRESSE.DLL=1,SCN\MP160\x64
      USDRESFI.DLL=1,SCN\MP160\x64
      USDRESGR.DLL=1,SCN\MP160\x64
      USDRESTR.DLL=1,SCN\MP160\x64
      USDRESAR.DLL=1,SCN\MP160\x64
      USDRESTH.DLL=1,SCN\MP160\x64

      [SourceDisksNames]
      1=%D1%,,

      ;-------------------------------String Aliases
      [Strings]
      Msft="Canon"
      Mfg="Canon"
      SGDKEY="Software\Canon\ScanGear\12.1\Devices\MP160"
      STIKEY="Software\Canon\ScanGear\STI"
      SGDKEY64="Software\Wow6432Node\Canon\ScanGear\12.1\Devices\MP160"
      STIKEY64="Software\Wow6432Node\Canon\ScanGear\STI"
      WIASGDKEY="Software\Canon\WIA\1.2\Devices\MP160"
      WIASTIKEY="Software\Canon\WIA\STI"
      D1="Canon MP160 Setup Disk"
      ButtonApp = "MP Navigator Ver3.0"
      CNCRFN = "MP160"
      CNC.MDL = "Canon MP160"
      CNC.DeviceDesc = "Canon MP160"
      CNC.SPInfo = "Canon MP160 Scanner"
      CNC.TwainDS = "Canon MP160"
      CNC.ColorGear = "FRA0"
      PushButtonPushed1= "SCAN button"
      CNC.FriendlyName = "WIA Canon MP160"
      quand a rg cure oui je l avais installer mais il n est plus sur mon pc...normalement
      0
  11. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Pour Regcure, supprime alors :
    C:\Program Files\Regcure
    Supprime le de la corbeille également.

    Pour USB Fix, redésactive le teatimer de spybot (procédure donnée plus haut), UAC toujours désactivé, et relance le.
    0
    1. hellraiser
       
      Rg cure est supprimer mais je ne trouve plus la corbeil sur mon bureau ....
      qd a spyboot c est fait aussi....
      0
    2. hellraiser
       
      corbeil retrouvée.Rg cur supprimer
      0
  12. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Passe à USB Fix.
    0
    1. hellraiser
       
      fait mais je ne trouve pas les rapport usbfix:
      est ce ceci?:

      SDFix has been extracted to %systemdrive%\SDFix\
      (Drive that contains the Windows directory - typically C:\SDFix)

      Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
      If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed

      Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder

      Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html





      SDFix a été extrait dans %systemdrive%\SDFix\
      (Le disque qui contient le répertoire Windows - typiquement C:\SDFix)

      Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil.
      Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées

      Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix

      Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html






      SDFix wurde nach %systemdrive%\SDFix\ entpackt
      (Das ist das laufwerk welches den Windows Ordner enthält - normalerweise c:\SDFix)

      Öffe den SDFix Ordner im Abgesicherten Modus und doppelklicke zum starten die RunThis.bat Datei
      Sollte die RunThis.bat im normalen Modus gestartet werden, wird einem die Möglichkeiten geboten Antivirenscanner für die Kommandozeile
      (Dosbox) downzuloaden.

      Das Programm Catchme Malware Detector von Gmer ist auch im SDFix Ordner enthalten.

      Zusätzliche SDFix Anleitungen und Screen Shots können hier nach geschaut werden: [url="http://www.bleepingcomputer.com/forums/topic131299.html"]http://www.bleepingcomputer.com/forums/topic131299.html/url


      ou ca??


      ; CANON INC. Scanner driver
      ;
      ; MP160SC.INF -- Windows Setup File for the MP160
      ; Scanner driver
      ; Copyright (c) CANON INC. 2006
      ;
      ;
      ; Last Modified: 12-Sep-2006

      [Version]
      Signature="$CHICAGO$"
      Class=Image
      ClassGUID={6bdd1fc6-810f-11d0-bec7-08002be2092f}
      ; The above GUID is the class GUID for all scanners and MUST NOT change
      Provider=%Msft%
      CatalogFile.NTx86=MP160SCa.CAT
      CatalogFile.NTamd64=MP160SCb.CAT
      DriverVer=09/12/2006,12.1.0.0

      [DestinationDirs]
      DefaultDestDir=11
      Sys32Files.WIN = 10,system32\drivers
      CNCDsFiles=10,"twain_32\"%CNCRFN%
      CNCDsResFiles=10,"twain_32\"%CNCRFN%
      CNCDsResFiles_XP64=10,"twain_32\"%CNCRFN%
      CNCMediaFiles=10,media
      ColorFiles.WIN=11,Color
      ColorFiles.NT=11,spool\drivers\Color
      TwainDsmFiles = 10

      [ControlFlags]
      ExcludeFromSelect=*

      [Manufacturer]
      %Mfg%=Models,NTx86.5.1,NTamd64.5.1

      [Models]
      %CNC.DeviceDesc%=CNCInstall,USB\VID_04A9&PID_1714&MI_00

      [Models.NTx86.5.1]
      %CNC.DeviceDesc%=CNCInstall_XP,USB\VID_04A9&PID_1714&MI_00

      [Models.NTamd64.5.1]
      %CNC.DeviceDesc%=CNCInstall_XP64,USB\VID_04A9&PID_1714&MI_00

      ;.......................................... Win98 and Me section
      [CNCInstall]
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=MPAddReg,CNCAddreg,CNCUSDAddreg
      CopyFiles=StiFiles,CNCDsFiles,CNCDsResFiles,ColorFiles.WIN,CNCMediaFiles,Sys32Files.WIN,TwainDsmFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=1
      Events=PushButton.Events
      DriverVer=09/12/2006,12.1.0.0

      [MPAddReg]
      HKR,,HardwareConfig,1,4
      HKR,,DevLoader,,*NTKERN
      HKR,,NTMPDriver,,MpUsbScn.sys

      [Sys32Files.WIN]
      MpUsbScn.sys,,,0x20

      ;........................................ Win2000 section
      [CNCInstall.NT]
      Include=sti.inf
      Needs=STI.USBSection
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=CNCAddreg,CNCUSDAddreg
      CopyFiles=StiFiles,CNCDsFiles,CNCDsResFiles,ColorFiles.NT,CNCMediaFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=1
      Events=PushButton.Events
      DriverVer=09/12/2006,12.1.0.0

      [CNCInstall.NT.Services]
      Include=sti.inf
      Needs=STI.USBSection.Services

      ;........................................ WinXP section
      [CNCInstall_XP.NT]
      Include=sti.inf
      Needs=STI.USBSection
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=CNCAddreg,CNCUSDAddreg_XP
      CopyFiles=WiaFiles,CNCDsFiles,CNCDsResFiles,ColorFiles.NT,CNCMediaFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=0x11
      Events=PushButton.Events_XP
      DriverVer=09/12/2006,12.1.0.0
      FriendlyName=%CNC.FriendlyName%

      [CNCInstall_XP.NT.Services]
      Include=sti.inf
      Needs=STI.USBSection.Services

      [CNCInstall_XP.NT.CoInstallers]
      CopyFiles = ScanCoInstaller_CopyFiles
      AddReg = ScanCoInstaller_AddReg

      [ScanCoInstaller_CopyFiles]
      cnco160.dll,cncisco.dll

      [ScanCoInstaller_AddReg]
      HKR,,CoInstallers32,0x00010000,"cnco160.dll,Coinstaller_EntryPoint"

      ;........................................ WinXP64 section
      [CNCInstall_XP64.NT]
      Include=sti.inf
      Needs=STI.USBSection
      SubClass=StillImage
      DeviceType=1
      DeviceSubType=0x1
      DeviceData=CNCDeviceData
      AddReg=CNCAddreg64,CNCUSDAddreg_XP
      CopyFiles=WiaFiles,CNCDsFiles,CNCDsResFiles_XP64,ColorFiles.NT,CNCMediaFiles
      ICMProfiles="sRGB Color Space Profile.icm"
      ; used for push button event
      Capabilities=0x11
      Events=PushButton.Events_XP
      DriverVer=09/12/2006,12.1.0.0
      FriendlyName=%CNC.FriendlyName%

      [CNCInstall_XP64.NT.Services]
      Include=sti.inf
      Needs=STI.USBSection.Services

      [CNCInstall_XP64.NT.CoInstallers]
      CopyFiles = ScanCoInstaller_CopyFiles_x64
      AddReg = ScanCoInstaller_AddReg_x64

      [ScanCoInstaller_CopyFiles_x64]
      cnco160.dll,cncisco.dll

      [ScanCoInstaller_AddReg_x64]
      HKR,,CoInstallers32,0x00010000,"cnco160.dll,Coinstaller_EntryPoint"

      [TwainDsmFiles]
      Twain.dll,,,0x20
      Twain_32.dll,,,0x20
      Twunk_16.exe,,,0x20
      Twunk_32.exe,,,0x20

      ;.......................................... Win98 and Me
      [ColorFiles.WIN]
      CNZ005.ICC
      CNFRA0.ICC

      ;........................................ Win2000 and WinXP and WinXP64
      [ColorFiles.NT]
      CNZ005.ICC
      CNFRA0.ICC

      ;.......................................... Common Section
      [PushButton.Events]
      PushButtonPushed1=%PushButtonPushed1%,{593F4658-BDD1-4b2b-9847-AEC60D2CA91D},%ButtonApp%

      [PushButton.Events_XP]
      PushButtonPushed1=%PushButtonPushed1%,{AD93F4DB-031F-4654-9CBE-569ED03F8CD1},%ButtonApp%

      [CNCDeviceData]
      TwainDS=%CNC.TwainDS%
      SpecialInfo=%CNC.SPInfo%
      DeviceKey=%CNCRFN%
      InstallDirectory="\TWAIN_32\%CNCRFN%\"
      ; PUSH BUTTON 1 RESOURCE ID
      IDPushButton1=213

      [CNCAddreg]
      HKLM,"%SGDKEY%","DeviceName",,%CNC.MDL%
      HKLM,"%SGDKEY%","Manufacturer",,"Canon Inc."
      HKLM,"%SGDKEY%","ProductFamily",,"TWAIN Scanners"
      HKLM,"%SGDKEY%","ProductName",,%CNC.MDL%
      HKLM,"%SGDKEY%","InstallDirectory",,"%10%\TWAIN_32\%CNCRFN%\"
      HKLM,"%SGDKEY%","ProductId",,"MP160 "
      HKLM,"%SGDKEY%","TextEnhance",0x00010001,0
      HKLM,"%SGDKEY%","HiDefinitionMode",0x00010001,0
      HKLM,"%SGDKEY%","DriverDate",,"09 2006"
      HKLM,"%SGDKEY%","DriverVersion",,"12.1.0.0"
      HKLM,"%SGDKEY%","ColorMatch Platen",,"CNFRA0.ICC"
      HKLM,"%SGDKEY%","SGIPPDEF",,"CNC160.DAT"
      HKLM,"%SGDKEY%","Descreen",0x00010001,0
      HKLM,"%SGDKEY%","Unsharp",0x00010001,3
      HKLM,"%SGDKEY%","CardPhotoDistThr",0x00010001,30
      HKLM,"%SGDKEY%","PhotoTrimThr",0x00010001,210
      HKLM,"%SGDKEY%","PhotoRThr",0x00010001,210
      HKLM,"%SGDKEY%","PhotoGThr",0x00010001,210
      HKLM,"%SGDKEY%","PhotoBThr",0x00010001,210
      HKLM,"%SGDKEY%","CardTrimThr",0x00010001,30
      HKLM,"%SGDKEY%","CardRThr",0x00010001,30
      HKLM,"%SGDKEY%","CardGThr",0x00010001,30
      HKLM,"%SGDKEY%","CardBThr",0x00010001,30
      HKLM,"%SGDKEY%","ParWhiteBlackEth",0x00010001,5
      HKLM,"%SGDKEY%","ParWhiteBlackEthDG",0x00010001,5
      HKLM,"%SGDKEY%","ParWhiteBlackSth",0x00010001,35
      HKLM,"%SGDKEY%","ParWhiteBlackVth",0x00010001,10
      HKLM,"%SGDKEY%","ParLabelingHth",0x00010001,30
      HKLM,"%SGDKEY%","ParLabelingLeft",0x00010001,1
      HKLM,"%SGDKEY%","ParLabelingTop",0x00010001,1
      HKLM,"%SGDKEY%","ParLabelingRight",0x00010001,1
      HKLM,"%SGDKEY%","ParLabelingBottom",0x00010001,1
      HKLM,"%SGDKEY%","ButtonNum",0x00010001,1
      HKLM,"%SGDKEY%","AvailableDriver",0x00010001,1
      HKLM,"%STIKEY%","MP160",0x00010001,1

      [CNCAddreg64]
      HKLM,"%SGDKEY64%","DeviceName",,%CNC.MDL%
      HKLM,"%SGDKEY64%","Manufacturer",,"Canon Inc."
      HKLM,"%SGDKEY64%","ProductFamily",,"TWAIN Scanners"
      HKLM,"%SGDKEY64%","ProductName",,%CNC.MDL%
      HKLM,"%SGDKEY64%","InstallDirectory",,"%10%\TWAIN_32\%CNCRFN%\"
      HKLM,"%SGDKEY64%","ProductId",,"MP160 "
      HKLM,"%SGDKEY64%","TextEnhance",0x00010001,0
      HKLM,"%SGDKEY64%","HiDefinitionMode",0x00010001,0
      HKLM,"%SGDKEY64%","DriverDate",,"09 2006"
      HKLM,"%SGDKEY64%","DriverVersion",,"12.1.0.0"
      HKLM,"%SGDKEY64%","ColorMatch Platen",,"CNFRA0.ICC"
      HKLM,"%SGDKEY64%","SGIPPDEF",,"CNC160.DAT"
      HKLM,"%SGDKEY64%","Descreen",0x00010001,0
      HKLM,"%SGDKEY64%","Unsharp",0x00010001,3
      HKLM,"%SGDKEY64%","CardPhotoDistThr",0x00010001,30
      HKLM,"%SGDKEY64%","PhotoTrimThr",0x00010001,210
      HKLM,"%SGDKEY64%","PhotoRThr",0x00010001,210
      HKLM,"%SGDKEY64%","PhotoGThr",0x00010001,210
      HKLM,"%SGDKEY64%","PhotoBThr",0x00010001,210
      HKLM,"%SGDKEY64%","CardTrimThr",0x00010001,30
      HKLM,"%SGDKEY64%","CardRThr",0x00010001,30
      HKLM,"%SGDKEY64%","CardGThr",0x00010001,30
      HKLM,"%SGDKEY64%","CardBThr",0x00010001,30
      HKLM,"%SGDKEY64%","ParWhiteBlackEth",0x00010001,5
      HKLM,"%SGDKEY64%","ParWhiteBlackEthDG",0x00010001,5
      HKLM,"%SGDKEY64%","ParWhiteBlackSth",0x00010001,35
      HKLM,"%SGDKEY64%","ParWhiteBlackVth",0x00010001,10
      HKLM,"%SGDKEY64%","ParLabelingHth",0x00010001,30
      HKLM,"%SGDKEY64%","ParLabelingLeft",0x00010001,1
      HKLM,"%SGDKEY64%","ParLabelingTop",0x00010001,1
      HKLM,"%SGDKEY64%","ParLabelingRight",0x00010001,1
      HKLM,"%SGDKEY64%","ParLabelingBottom",0x00010001,1
      HKLM,"%SGDKEY64%","ButtonNum",0x00010001,1
      HKLM,"%SGDKEY64%","AvailableDriver",0x00010001,1
      HKLM,"%STIKEY64%","MP160",0x00010001,1

      [CNCUSDAddreg]
      HKR,,USDClass,,"{85CCD822-692A-4b20-8ED8-7E42CFF45C18}"
      HKCR,CLSID\{85CCD822-692A-4b20-8ED8-7E42CFF45C18},,,"Canon USD"
      HKCR,CLSID\{85CCD822-692A-4b20-8ED8-7E42CFF45C18}\InProcServer32,,,%11%\CNCU160.DLL
      HKCR,CLSID\{85CCD822-692A-4b20-8ED8-7E42CFF45C18}\InProcServer32,ThreadingModel,,"Both"
      ; The above GUID is specific to MP160 and MUST change for a different model.

      [CNCUSDAddreg_XP]
      HKLM,"%WIASGDKEY%","ColorMatch",0x00010001,1
      HKLM,"%WIASGDKEY%","ColorGear",,"%CNC.ColorGear%"
      HKLM,"%WIASGDKEY%","TextEnhance",0x00010001,0
      HKLM,"%WIASGDKEY%","Descreen",0x00010001,0
      HKLM,"%WIASGDKEY%","UnsharpMask",0x00010001,0
      HKLM,"%WIASGDKEY%","HiDefinitionMode",0x00010001,0
      HKLM,"%WIASGDKEY%","ProductId",,"MP160 "
      HKLM,"%WIASGDKEY%","ButtonNum",0x00010001,1
      HKLM,"%WIASGDKEY%","DspGamma",0x00010001,0
      HKLM,"%WIASTIKEY%","MP160",0x00010001,1
      HKR,,USDClass,,"{6E94122A-B04E-4441-B590-36680CD8998C}"
      HKCR,CLSID\{6E94122A-B04E-4441-B590-36680CD8998C},,,"Canon USD"
      HKCR,CLSID\{6E94122A-B04E-4441-B590-36680CD8998C}\InProcServer32,,,%11%\CNCC160.DLL
      HKCR,CLSID\{6E94122A-B04E-4441-B590-36680CD8998C}\InProcServer32,ThreadingModel,,"Both"
      ; The above GUID is specific to MP160 and MUST change for a different model.

      [StiFiles]
      CNCU160.DLL
      CNCL160.DLL

      [WiaFiles]
      CNCC160.DLL
      CNCI160.DLL
      CNCL160.DLL

      [CNCDsFiles]
      CISDS.DS
      SGUI.DLL
      IOP.DLL
      ITLIB32.DLL
      SCANINTF.DLL
      SCRPRMV.DLL
      TPM.DLL
      IPM.DLL
      CNC160.DAT
      IPM.DAT
      MC2.TXT
      RSTCOL.DLL
      BaLCo.dll
      CFine2.dll
      libBLC.dll
      MC2.DLL
      CAPS.DLL
      CUBS.DLL
      HSL.DLL
      AG.DLL
      USIP.DLL
      SGCFLTR.DLL

      [CNCDsResFiles]
      SGRES_US.DLL
      SGRES_JP.DLL
      SGRES_CZ.DLL
      SGRES_DE.DLL
      SGRES_ES.DLL
      SGRES_FR.DLL
      SGRES_HU.DLL
      SGRES_IT.DLL
      SGRES_KR.DLL
      SGRES_NL.DLL
      SGRES_PL.DLL
      SGRES_PT.DLL
      SGRES_RU.DLL
      SGRES_CN.DLL
      SGRES_TW.DLL
      SGRES_DK.DLL
      SGRES_NO.DLL
      SGRES_SE.DLL
      SGRES_FI.DLL
      SGRES_GR.DLL
      SGRES_TR.DLL
      SGRES_AR.DLL
      SGRES_TH.DLL
      USDRESUS.DLL
      USDRESJP.DLL
      USDRESCZ.DLL
      USDRESDE.DLL
      USDRESES.DLL
      USDRESFR.DLL
      USDRESHU.DLL
      USDRESIT.DLL
      USDRESKR.DLL
      USDRESNL.DLL
      USDRESPL.DLL
      USDRESPT.DLL
      USDRESRU.DLL
      USDRESCN.DLL
      USDRESTW.DLL
      USDRESDK.DLL
      USDRESNO.DLL
      USDRESSE.DLL
      USDRESFI.DLL
      USDRESGR.DLL
      USDRESTR.DLL
      USDRESAR.DLL
      USDRESTH.DLL

      [CNCDsResFiles_XP64]
      SGRES_US.DLL
      SGRES_JP.DLL
      SGRES_CZ.DLL
      SGRES_DE.DLL
      SGRES_ES.DLL
      SGRES_FR.DLL
      SGRES_HU.DLL
      SGRES_IT.DLL
      SGRES_KR.DLL
      SGRES_NL.DLL
      SGRES_PL.DLL
      SGRES_PT.DLL
      SGRES_RU.DLL
      SGRES_CN.DLL
      SGRES_TW.DLL
      SGRES_DK.DLL
      SGRES_NO.DLL
      SGRES_SE.DLL
      SGRES_FI.DLL
      SGRES_GR.DLL
      SGRES_TR.DLL
      SGRES_AR.DLL
      SGRES_TH.DLL
      USDRESUS.DLL
      USDRESJP.DLL
      USDRESCZ.DLL
      USDRESDE.DLL
      USDRESES.DLL
      USDRESFR.DLL
      USDRESHU.DLL
      USDRESIT.DLL
      USDRESKR.DLL
      USDRESNL.DLL
      USDRESPL.DLL
      USDRESPT.DLL
      USDRESRU.DLL
      USDRESCN.DLL
      USDRESTW.DLL
      USDRESDK.DLL
      USDRESNO.DLL
      USDRESSE.DLL
      USDRESFI.DLL
      USDRESGR.DLL
      USDRESTR.DLL
      USDRESAR.DLL
      USDRESTH.DLL

      [CNCMediaFiles]
      CSSAMP1.MID

      ;-------------------------------Source Index
      [SourceDisksFiles]
      cncisco.dll=1,SCN\SGCOMMON\x86
      ITLIB32.DLL=1,SCN\SGCOMMON\x86
      MSVCRT.DLL=1,SCN\SGCOMMON\x86
      RSTCOL.DLL=1,SCN\SGCOMMON\x86
      BaLCo.dll=1,SCN\SGCOMMON\x86
      CFine2.dll=1,SCN\SGCOMMON\x86
      libBLC.dll=1,SCN\SGCOMMON\x86
      MC2.DLL=1,SCN\SGCOMMON\x86
      CAPS.DLL=1,SCN\SGCOMMON\x86
      CUBS.DLL=1,SCN\SGCOMMON\x86
      HSL.DLL=1,SCN\SGCOMMON\x86
      AG.DLL=1,SCN\SGCOMMON\x86
      USIP.DLL=1,SCN\SGCOMMON\x86
      SGCFLTR.DLL=1,SCN\SGCOMMON\x86

      CISDS.DS=1,SCN\SGCOMMON\x86
      SGUI.DLL=1,SCN\SGCOMMON\x86
      IOP.DLL=1,SCN\SGCOMMON\x86
      SCANINTF.DLL=1,SCN\SGCOMMON\x86
      TPM.DLL=1,SCN\SGCOMMON\x86
      IPM.DLL=1,SCN\SGCOMMON\x86

      SGRES_US.DLL=1,SCN\SGCOMMON\x86
      SGRES_JP.DLL=1,SCN\SGCOMMON\x86
      SGRES_CZ.DLL=1,SCN\SGCOMMON\x86
      SGRES_DE.DLL=1,SCN\SGCOMMON\x86
      SGRES_ES.DLL=1,SCN\SGCOMMON\x86
      SGRES_FR.DLL=1,SCN\SGCOMMON\x86
      SGRES_HU.DLL=1,SCN\SGCOMMON\x86
      SGRES_IT.DLL=1,SCN\SGCOMMON\x86
      SGRES_KR.DLL=1,SCN\SGCOMMON\x86
      SGRES_NL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PT.DLL=1,SCN\SGCOMMON\x86
      SGRES_RU.DLL=1,SCN\SGCOMMON\x86
      SGRES_CN.DLL=1,SCN\SGCOMMON\x86
      SGRES_TW.DLL=1,SCN\SGCOMMON\x86
      SGRES_DK.DLL=1,SCN\SGCOMMON\x86
      SGRES_NO.DLL=1,SCN\SGCOMMON\x86
      SGRES_SE.DLL=1,SCN\SGCOMMON\x86
      SGRES_FI.DLL=1,SCN\SGCOMMON\x86
      SGRES_GR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TR.DLL=1,SCN\SGCOMMON\x86
      SGRES_AR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TH.DLL=1,SCN\SGCOMMON\x86

      CSSAMP1.MID=1,SCN\SGCOMMON
      CNZ005.ICC=1,SCN\SGCOMMON
      IPM.DAT=1,SCN\MP160
      CNC160.DAT=1,SCN\MP160
      CNFRA0.ICC=1,SCN\MP160
      MC2.TXT=1,SCN\MP160

      SCRPRMV.DLL=1,SCN\MP160\x86

      TWUNK_16.EXE=1,SCN\SGCOMMON\x86
      TWUNK_32.EXE=1,SCN\SGCOMMON\x86
      TWAIN_32.DLL=1,SCN\SGCOMMON\x86
      TWAIN.DLL =1,SCN\SGCOMMON\x86

      MpUsbScn.sys=1,SCN\SGCOMMON\x86

      CNCU160.DLL=1,SCN\MP160\x86
      CNCC160.DLL=1,SCN\MP160\x86
      CNCI160.DLL=1,SCN\MP160\x86
      CNCL160.DLL=1,SCN\MP160\x86
      USDRESUS.DLL=1,SCN\MP160\x86
      USDRESJP.DLL=1,SCN\MP160\x86
      USDRESCZ.DLL=1,SCN\MP160\x86
      USDRESDE.DLL=1,SCN\MP160\x86
      USDRESES.DLL=1,SCN\MP160\x86
      USDRESFR.DLL=1,SCN\MP160\x86
      USDRESHU.DLL=1,SCN\MP160\x86
      USDRESIT.DLL=1,SCN\MP160\x86
      USDRESKR.DLL=1,SCN\MP160\x86
      USDRESNL.DLL=1,SCN\MP160\x86
      USDRESPL.DLL=1,SCN\MP160\x86
      USDRESPT.DLL=1,SCN\MP160\x86
      USDRESRU.DLL=1,SCN\MP160\x86
      USDRESCN.DLL=1,SCN\MP160\x86
      USDRESTW.DLL=1,SCN\MP160\x86
      USDRESDK.DLL=1,SCN\MP160\x86
      USDRESNO.DLL=1,SCN\MP160\x86
      USDRESSE.DLL=1,SCN\MP160\x86
      USDRESFI.DLL=1,SCN\MP160\x86
      USDRESGR.DLL=1,SCN\MP160\x86
      USDRESTR.DLL=1,SCN\MP160\x86
      USDRESAR.DLL=1,SCN\MP160\x86
      USDRESTH.DLL=1,SCN\MP160\x86

      [SourceDisksFiles.amd64]
      cncisco.dll=1,SCN\SGCOMMON\x64
      CNCC160.DLL=1,SCN\MP160\x64
      CNCI160.DLL=1,SCN\MP160\x64
      CNCL160.DLL=1,SCN\MP160\x64
      SGRES_US.DLL=1,SCN\SGCOMMON\x86
      SGRES_JP.DLL=1,SCN\SGCOMMON\x86
      SGRES_CZ.DLL=1,SCN\SGCOMMON\x86
      SGRES_DE.DLL=1,SCN\SGCOMMON\x86
      SGRES_ES.DLL=1,SCN\SGCOMMON\x86
      SGRES_FR.DLL=1,SCN\SGCOMMON\x86
      SGRES_HU.DLL=1,SCN\SGCOMMON\x86
      SGRES_IT.DLL=1,SCN\SGCOMMON\x86
      SGRES_KR.DLL=1,SCN\SGCOMMON\x86
      SGRES_NL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PL.DLL=1,SCN\SGCOMMON\x86
      SGRES_PT.DLL=1,SCN\SGCOMMON\x86
      SGRES_RU.DLL=1,SCN\SGCOMMON\x86
      SGRES_CN.DLL=1,SCN\SGCOMMON\x86
      SGRES_TW.DLL=1,SCN\SGCOMMON\x86
      SGRES_DK.DLL=1,SCN\SGCOMMON\x86
      SGRES_NO.DLL=1,SCN\SGCOMMON\x86
      SGRES_SE.DLL=1,SCN\SGCOMMON\x86
      SGRES_FI.DLL=1,SCN\SGCOMMON\x86
      SGRES_GR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TR.DLL=1,SCN\SGCOMMON\x86
      SGRES_AR.DLL=1,SCN\SGCOMMON\x86
      SGRES_TH.DLL=1,SCN\SGCOMMON\x86
      USDRESUS.DLL=1,SCN\MP160\x64
      USDRESJP.DLL=1,SCN\MP160\x64
      USDRESCZ.DLL=1,SCN\MP160\x64
      USDRESDE.DLL=1,SCN\MP160\x64
      USDRESES.DLL=1,SCN\MP160\x64
      USDRESFR.DLL=1,SCN\MP160\x64
      USDRESHU.DLL=1,SCN\MP160\x64
      USDRESIT.DLL=1,SCN\MP160\x64
      USDRESKR.DLL=1,SCN\MP160\x64
      USDRESNL.DLL=1,SCN\MP160\x64
      USDRESPL.DLL=1,SCN\MP160\x64
      USDRESPT.DLL=1,SCN\MP160\x64
      USDRESRU.DLL=1,SCN\MP160\x64
      USDRESCN.DLL=1,SCN\MP160\x64
      USDRESTW.DLL=1,SCN\MP160\x64
      USDRESDK.DLL=1,SCN\MP160\x64
      USDRESNO.DLL=1,SCN\MP160\x64
      USDRESSE.DLL=1,SCN\MP160\x64
      USDRESFI.DLL=1,SCN\MP160\x64
      USDRESGR.DLL=1,SCN\MP160\x64
      USDRESTR.DLL=1,SCN\MP160\x64
      USDRESAR.DLL=1,SCN\MP160\x64
      USDRESTH.DLL=1,SCN\MP160\x64

      [SourceDisksNames]
      1=%D1%,,

      ;-------------------------------String Aliases
      [Strings]
      Msft="Canon"
      Mfg="Canon"
      SGDKEY="Software\Canon\ScanGear\12.1\Devices\MP160"
      STIKEY="Software\Canon\ScanGear\STI"
      SGDKEY64="Software\Wow6432Node\Canon\ScanGear\12.1\Devices\MP160"
      STIKEY64="Software\Wow6432Node\Canon\ScanGear\STI"
      WIASGDKEY="Software\Canon\WIA\1.2\Devices\MP160"
      WIASTIKEY="Software\Canon\WIA\STI"
      D1="Canon MP160 Setup Disk"
      ButtonApp = "MP Navigator Ver3.0"
      CNCRFN = "MP160"
      CNC.MDL = "Canon MP160"
      CNC.DeviceDesc = "Canon MP160"
      CNC.SPInfo = "Canon MP160 Scanner"
      CNC.TwainDS = "Canon MP160"
      CNC.ColorGear = "FRA0"
      PushButtonPushed1= "SCAN button"
      CNC.FriendlyName = "WIA Canon MP160"
      0
  13. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    J'ai bien dit USB Fix !!! pas SDFIX !

    Si tu as bien lancé USB Fix, le rapport est ici :
    C:\Usbfix.txt
    S'il n'y est pas, relance le.
    0
    1. hellraiser
       
      je le relance mais il n y est toujours pas!quand je lance usbfix l ordi je taper 1 puis entrer
      puis l ordi redémare
      et dans tout les fichier y a rien sous la forme bloc note
      je réessaye encore une fois mais bon...
      0
    2. hellraiser
       
      je l ai relancer, tjrs rien
      desinstaller puis reinstaller et tjrs rien....
      0
  14. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Poste un nouvel RSIT stp, peut-être qu'il a quand même travaillé.
    0
    1. hellraiser
       
      qu est ce qu un rsit????ou ca se trouve ca?
      0
  15. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.

    = = = = >>> En cliquant ici <<< = = = =

    * Double-clique sur RSIT.exe pour le lancer.

    * Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).

    * Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.

    * Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).

    * Poste le contenu de log.txt (c’est celui qui apparaît à l’écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
    0
    1. hellraiser
       
      voici le log:
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by francois at 2009-01-14 19:08:07
      Microsoft® Windows Vista™ Édition Familiale Basique
      System drive C: has 28 GB (20%) free of 144 GB
      Total RAM: 767 MB (17% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:08:51, on 14/01/2009
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16764)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\AVG\AVG8\avgtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\francois\Documents\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\francois.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: CCC.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      0
  16. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
    = = = = >>> En cliquant ici <<< = = = =
    Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
    Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
    Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    :Processes
    explorer.exe

    :services
    CyberLink Background Capture Service

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b1b2ca9-17a9-11dd-9bd1-001921c3feaf}]
    shell\AutoRun\command
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58789ae7-2811-11dc-8f42-001921c3feaf}]
    shell\AutoRun\command

    :files
    C:\Program Files\tinyproxy
    E:\kinza.exe
    E:\90imhpnc.exe
    E:\autorun.inf

    :Commands
    [emptytemp]
    [Reboot]


    Clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    Clique sur Exit pour fermer.
    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    *************

    Télécharge sur ton bureau RogueRemover (Merci à RubbeR DuckY)
    = = = =>>> En cliquant ici <<<= = = =

    * Créé le dossier C:\RogueRemover. (Important !)
    Pour cela :
    => Ouvre le poste de travail
    => Ouvre le disque C
    => Clic sur le menu Fichier puis Nouveau puis Nouveau Dossier
    => Nomme-le RogueRemover
    * Décompresse RogueRemover.zip dans C:\RogueRemover
    - Rends-toi dans le dossier C:\RogueRemover et double-clic sur le fichier RogueRemover.exe.
    * Clic sur le bouton Scan et laisse toi guider.
    * Lorsque le scan est terminé.
    * Clic sur le bouton Save Log Files en bas, un fichier texte de type RRLogs1236.txt sera créé dans le dossier C:\RogueRemover.
    Poste le contenu de ce rapport ici ainsi qu'un nouveau rapport HijackThis.
    0
    1. hellraiser
       
      alors a chaque fois que je lance otmove avec les instructions le programme se plante (le programme ne repond pas)
      quand a RogueRemover la page est introuvable.
      0
  17. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    tu copies bien les deux points avant processes ?
    Désactive tes logiciels de sécurité, vérifie que l'UAC soit bien désactvé.
    Réessaye ensuite.
    0
  18. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Pas de nouvelle, bonne nouvelle ??!
    0