Sujet Précédent Sujet Suivant

Virus msn : photo myspace

Fermé
remy - 19 déc. 2009 à 19:56
 cmarouf - 7 avril 2010 à 20:44
Bonjour,
je viens de recevoir un fichier nommé img9096_11.jpg-www.myspace.com.exe sur msn que j'ai malheureusement ouvert se qui a infecté mon pc et je n'arrive pas à enlever le virus.Pouvez vous m'aider ?
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
remy
22 déc. 2009 à 16:18
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/22/2009 at 04:15 PM

Application Version : 4.32.1000

Core Rules Database Version : 4396
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 01:53:13

Memory items scanned : 607
Memory threats detected : 0
Registry items scanned : 5984
Registry threats detected : 0
File items scanned : 26791
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Rémy\Cookies\rémy@bs.serving-sys[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@serving-sys[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@weborama[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@bouyguestelecom.solution.weborama[2].txt

Trojan.Agent/Gen-HackPatch
C:\DOCUMENTS AND SETTINGS\RéMY\MES DOCUMENTS\MES VIDéOS\SUPERANTISPYWARE.PROFESSIONAL.V4.32.1000.FINAL\PATCH\PATCH.EXE
C:\WINDOWS\Prefetch\PATCH.EXE-11A5A9F4.pf

Adware.Vundo/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP214\A0249770.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP214\A0249769.DLL

Adware.Vundo/Variant-MSFake
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP214\A0249765.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250823.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250816.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250819.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250820.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250821.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250822.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250824.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250825.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP215\A0250826.EXE
1
Réponse 2 / 22
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
19 déc. 2009 à 19:57
Salut,

-+-+-+-> ZHPDiag <-+-+-+-


[x] Télécharge ZHPDiag ( de Nicolas coolman ).

[x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

[x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau

[x] Clique sur l'icône en forme de loupe ( en haut à gauche ), puis laisse l'outil scanner.

[x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

[x] Rend toi sur Cijoint

[x] Clique sur " Parcourir "

[x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

[x] Clique ensuite sur " Cliquez ici pour déposer le fichier " puis copie/colle le lien qui est apparudans ton prochain message
0
44849
22 mars 2010 à 18:53
Et apres avoir fais copier/coller ? oO
0
cmarouf
7 avril 2010 à 20:44
Bonjour, j'en suis au même point que certains d'entre vous, que faire après avoir copier le lien, on le met où?
Merci d'avance
0
Réponse 3 / 22
nico du 94 Messages postés 92 Date d'inscription samedi 19 décembre 2009 Statut Membre Dernière intervention 21 juillet 2011 9
19 déc. 2009 à 21:57
salut rémy
moi aussi j' ai recu et télécharger ce lien !
pendant qqe temps ca m'a mis comme page d' acceil GLLOD
pour remettre google normal fait : propriété internet , général, page de démarrage puis colle le lien google: https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
voilà j' espere que cela va te servir
0
Réponse 4 / 22
Utilisateur anonyme
19 déc. 2009 à 22:04
Bonjour,
désolé pour ce message mais nous serions ravis de nous transmettre ces virus :
http://www.aranud.fr/soumettre-un-fichier/

Compresser en .rar :
http://www.6ma.fr/tuto/compression-et-decompression-avec-winrar/

Merci de votre participation !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
remy
20 déc. 2009 à 12:11
ok c'est bon
http://www.cijoint.fr/cjlink.php?file=cj200912/cijBFhvmQ3.txt
0
Réponse 6 / 22
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
20 déc. 2009 à 12:18
On a du boulot.

-+-+-+-> Navilog <-+-+-+-


Ton PC est infecté par l'ad-aware Navipromo/Magic Control qui affiche des publicités intempestives.
Il s'installe via certains programmes, dont ceux-ci :

● Funky Emoticons
● go-astro
● GoRecord
● HotTVPlayer / HotTVPlayer & Paris Hilton
● Live-Player
● MailSkinner
● Messenger Skinner
● Instant Access
● InternetGameBox
● Officiale Emule (Version d'Emule modifiée)
● Original Solitaire
● SuperSexPlayer
● Speed Downloading
● Sudoplanet
● Webmediaplayer

/!\ Fais attention de ne pas faire la même erreur, donc évite ces programmes /!\

[x] Télécharge Navilog ( de IL-MAFIOSO)

[x] Lance le en double cliquant dessus. ( Clic droit -> "Executer en tant qu'administrateur" sous vista )

[x] Laisse-toi guider par l'utilitaire. Choisis l'option n°1 puis valide.

[x] A l'écran principal, choisis l'option n°1 puis laisse l'outil scanner.

[x] Patiente jusqu'à l'apparition de ce message :

"*** Analyse Termine le ..... ***"

[x] Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste son contenu dans ton prochain message.

Nb : Le rapport se trouve également ici : C:\cleannavi.txt


-+-+-+-> AD-Remover <-+-+-+-


[x] Télécharge Ad-remover (de C_XX) sur ton bureau.

▶ Déconnecte toi et ferme toutes applications en cours !

[x] Double-clique sur le raccourci Ad-Remover sur ton Bureau. (Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista))

[x] A la fenêtre qui s'affiche clique sur " oui "

[x] Séléctionne l'option L

[x] Laisse l'outil travailler.

[x] Une fois le scan fini, appuie sur une touche, le rapport s'ouvre

[x] Copie/colle le dans ton prochain post


-+-+-+-> USBfix ( Infections USB ) <-+-+-+-


[x] Télécharge USBfix ( de Chiquitine29 )

[x] Un tutoriel est disponible ici

[x] Installe le

/!\ Branche tout tes médias amovibles ( clés USB, DD externe, Cartes SD ) /!\

[x] Lance USBfix en cliquant sur l'icône qui est sur ton bureau ( Clique droit -> Executer en tant qu'administrateur pour vista )

[x] Choisis l'option F ( pour français ) et valide en appuyant sur entrée.

[x] Au menu principal, choisis l'option 2

[x] Laisse l'outil travailler puis poste le rapport dans ton prochain message


-+-+-+-> SuperAntiSpyware <-+-+-+-


[x] Télécharge SuperAntiSpyware.

[x] Installe le avec les paramètres par défaut.

[x] A la fin de l'installation, il se lancera et te demandera de choisir la langue du programme, choisis français.

[x] Le programme te proposera ensuite de le mettre à jour, fait le.

[x] Un assistant de configuration s'ouvrira, fais suivant en laissant les paramètres par défaut

[x] SuperAntiSpyware s'ouvrira. Clique sur " Scanner votre ordinateur ".

[x] Coche " Executer scan complet " et clique sur " Suivant ".

[x] Laisse le scan s'opérer.

[x] A la fin du scan, vérifie que tout est coché puis clique sur " Suivant "

[x] Clique ensuite sur terminer, puis clique sur " Préférences ".

[x] Va à l'onglet " Statistiques/Journaux de bord " , séléctionne celui en date d'aujourd'hui puis clique sur " Voir le journal de bord "

[x] Copie/Colle son contenu dans ton prochain message.

[x] Note : tu peux vider la quarantaine ( " La gestion de la quarantaine " au menu principal )
0
Réponse 7 / 22
remy
20 déc. 2009 à 17:43
voila c'est fait
cleanavi

Fix Navipromo version 4.0.5 commencé le 20/12/2009 12:21:58,92

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686Y2 v2.06
USER : Rémy ( Administrator )
BOOT : Normal boot

Antivirus : AntiVirus Firewall 8.01 8.01 (Activated)
Firewall : AntiVirus Firewall 8.01 8.01 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:127 Go (Free:5 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


c:\docume~1\rmy~1\locals~1\applic~1\xyblmdh.dat supprimé !
c:\docume~1\rmy~1\locals~1\applic~1\xyblmdh_nav.dat supprimé !
c:\docume~1\rmy~1\locals~1\applic~1\xyblmdh_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\R‚my\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

C:\WINDOWS\system32\uvakusab.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\vDfNnUvw.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !



*** Scan terminé 20/12/2009 12:31:50,40 ***



ad-remover


.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 20.12.2009 à 12:28
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:35:00, 20/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FTR-9XXNTFBJMZD | Utilisateur actuel: R‚my
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.2 [fr] *
.
Nom du profil: 31x22uts.default (R‚my)
.
(RMY~1, prefs.js) Browser.download.dir, C:\Program Files\Adobe\Adobe Photoshop CS3\Presets\Brushes
(RMY~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Rémy\Mes documents\Mes vidéos
(RMY~1, prefs.js) Browser.search.defaultenginename, Yahoo
(RMY~1, prefs.js) Browser.search.selectedEngine, Yahoo
(RMY~1, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
(RMY~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
(RMY~1, prefs.js) Keyword.URL, hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
.
.
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\R‚my\Bureau\adobe-master-cs4-keygen.exe
C:\Documents and Settings\R‚my\Local Settings\Application Data\Microsoft\Messenger\R3MY-14@hotmail.fr\Sharing Folders\franck11@hotmail.fr\Rainbow Six Vegas 2 - 1.03 Crack - CALIBER.rar
C:\Documents and Settings\R‚my\Mes documents\avast\keygen.exe
C:\Documents and Settings\R‚my\Mes documents\Back track\code_de_la_route_patch.exe
C:\Documents and Settings\R‚my\Mes documents\guitar hero\FoFiX-3.100-PatchFrom3_0xx-Win32.rar
C:\Documents and Settings\R‚my\Mes documents\Jeux PC\Les Sims 3\The.Sims.3.Crackfix.Read.Nfo-Razor1911.Up.By.DarK-AleX.for.TeaM-Digital.rar
C:\Documents and Settings\R‚my\Mes documents\limewire\Incomplete\TDUHCVZZOHK2SMF3PFFRHURBSLIKVM5W\3D Studio Max 9 + Tutorials and Keygen\3dsmax9.exe
C:\Documents and Settings\R‚my\Mes documents\limewire\Incomplete\TDUHCVZZOHK2SMF3PFFRHURBSLIKVM5W\3D Studio Max 9 + Tutorials and Keygen\3dsmax9-keygen.zip
C:\Documents and Settings\R‚my\Mes documents\limewire\Incomplete\TDUHCVZZOHK2SMF3PFFRHURBSLIKVM5W\3D Studio Max 9 + Tutorials and Keygen\3dsmax9Tutorials.exe
C:\Documents and Settings\R‚my\Mes documents\limewire\Saved\Rainbow Six Vegas 2 - 1.03 Crack - CALIBER.rar
C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\discreet 3ds max 7 Fr_Activation Dll & Keygen.par.eMule-Paradise.com.rar
C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\Keygen.exe
C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\3D Studio Max 9 + Tutorials and Keygen\3dsmax9.exe
C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\3D Studio Max 9 + Tutorials and Keygen\3dsmax9Tutorials.exe
C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\3D Studio Max 9 + Tutorials and Keygen\max9keygen.exe
C:\Documents and Settings\R‚my\Mes documents\Logiciel\gta\debug\Patch_GTA_san_andreas.rar
C:\Documents and Settings\R‚my\Mes documents\Logiciel\gta\debug\patchgta.exe
C:\Documents and Settings\R‚my\Mes documents\Logiciel\gta\debug\Patch san andreas\unins000.exe
C:\Documents and Settings\R‚my\Mes documents\Logiciel\tag&rename\Tag & Rename 3.4.5\Crack\TagRename.exe
C:\Documents and Settings\R‚my\Mes documents\Maya\Maya2010_Win64\Crack\xf-maya2010-32bits.rar
C:\Documents and Settings\R‚my\Mes documents\Maya\Maya2010_Win64\Crack\xf-maya2010-64bits.rar
C:\Documents and Settings\R‚my\Mes documents\Maya\Maya2010_Win64\Crack\xf-maya2010-64bits\xf-maya2010-64.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\Setup.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\Crack\Photoshop.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\Patch FR\Traduction_Us-Fr.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\redist\WindowsInstaller-KB893803-v2-x86.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\redist\WindowsServer2003-KB898715-ia64-enu.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\redist\WindowsServer2003-KB898715-x64-enu.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\redist\WindowsServer2003-KB898715-x86-enu.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\redist\WindowsXP-KB898715-x64-enu.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\WinCS3Clean\CS3Clean.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\WinCS3Clean\MSIZap.exe
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Photoshop cs4 extended\Adobe Photoshop CS4\Keygen1\CS4MCLG.EXE
C:\Documents and Settings\R‚my\Mes documents\Photoshop\Photoshop cs4 extended\Adobe Photoshop CS4\Keygen2\Photoshop CS4.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\etherchange.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\ethereal-setup-0.99.0.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\iperf.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\airdecap.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\airodump.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\Updater.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\WinAircrack.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\wzcook.exe
C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\WlanDrv\WlanDrv.exe
C:\Documents and Settings\R‚my\Mes documents\PSP\bof3\Patch ISO.exe
C:\Documents and Settings\R‚my\Mes documents\PSP\jeux\Final Fantasy\Final Fantasy VIII\FF VIII\Protection Fix FFVIII\Chencrack.nfo
C:\Documents and Settings\R‚my\Mes documents\PSP\jeux\ps1\iso multi disques\patch ff7\CDCheckSetup.exe
C:\Documents and Settings\R‚my\Mes documents\PSP\jeux\ps1\iso multi disques\patch ff7\PatchFF7.zip
C:\Documents and Settings\R‚my\Mes documents\PSP\jeux\ps1\iso multi disques\patch ff7\Patch FF7\ppf-o-matic3.exe
.
===================================
.
8624 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\RMY~1\LOCALS~1\Temp
1 Fichier(s) - C:\WINDOWS\Temp
6 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 13:23:52 | 20/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.



USBFIX



############################## | UsbFix V6.066 |

User : Rémy (Administrateurs) # FTR-9XXNTFBJMZD
Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 13:34:56 | 20/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AntiVirus Firewall 8.01 8.01 [ Enabled | Updated ]
FW : AntiVirus Firewall 8.01[ Enabled ]8.01

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 127,99 Go (8,83 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque amovible # 491,02 Mo (465,47 Mo free) # FAT32
I:\ -> Disque amovible # 3,76 Go (753,69 Mo free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 632
C:\WINDOWS\system32\csrss.exe 680
C:\WINDOWS\system32\winlogon.exe 704
C:\WINDOWS\system32\services.exe 748
C:\WINDOWS\system32\lsass.exe 760
C:\WINDOWS\system32\svchost.exe 916
C:\WINDOWS\system32\svchost.exe 996
C:\WINDOWS\System32\svchost.exe 1112
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\System32\svchost.exe 1352
C:\WINDOWS\system32\LEXBCES.EXE 1484
C:\WINDOWS\system32\LEXPPS.EXE 1516
C:\WINDOWS\system32\spoolsv.exe 1524
C:\Program Files\Bonjour\mDNSResponder.exe 1676
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe 1716
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE 1828
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE 1832
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE 1880
C:\Program Files\Java\jre6\bin\jqs.exe 1928
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE 1972
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 200
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe 336
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE 340
C:\WINDOWS\system32\svchost.exe 452
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe 448
C:\WINDOWS\system32\svchost.exe 612
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 656
C:\WINDOWS\Explorer.EXE 1816
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe 2040
C:\WINDOWS\System32\wbem\wmiprvse.exe 252
C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe 272
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe 472
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe 348
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe 2336
C:\WINDOWS\system32\wuauclt.exe 2680
C:\WINDOWS\System32\wbem\wmiapsrv.exe 2788

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\cookies.ini
Supprimé ! C:\WINDOWS\pskt.ini
Supprimé ! C:\Recycler\S-1-5-21-1229272821-1647877149-839522115-1003
Supprimé ! C:\Recycler\S-1-5-21-1229272821-1647877149-839522115-1004
Supprimé ! C:\Recycler\S-1-5-21-1229272821-1647877149-839522115-1005
Supprimé ! C:\Recycler\S-1-5-21-1229272821-1647877149-839522115-1006
Supprimé ! I:\autorun.0nf
Supprimé ! I:\autorun.1nf
Supprimé ! I:\driver\usb

################## | Registre # Clés infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Firevall Administrating"

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{9941012c-f5d8-11dc-ac3a-00080220759a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ca5148be-9654-11de-b097-00080220759a}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[20/12/2009 13:23|--a------|8988] C:\Ad-Report-CLEAN[1].log
[25/07/2007 12:16|--a------|0] C:\AUTOEXEC.BAT
[30/05/2008 18:59|-rahs----|212] C:\boot.ini
[25/07/2007 13:08|--a------|212] C:\boot.ini.comodofirewall
[28/08/2001 15:00|-rahs----|4952] C:\Bootfont.bin
[20/12/2009 12:31|--a------|1599] C:\cleannavi.txt
[25/07/2007 12:16|--a------|0] C:\CONFIG.SYS
[30/12/2008 17:17|--a------|0] C:\Debug.QC6
[07/09/2007 07:41|--a------|59204] C:\devtree.txt
[?|?|?] C:\hiberfil.sys
[30/12/2008 17:17|--a------|140650] C:\Installer.log
[25/07/2007 12:16|-rahs----|0] C:\IO.SYS
[30/12/2008 16:41|--a------|183] C:\LogiSetup.log
[13/08/2009 16:47|--a------|58157] C:\MP4debug.log
[25/07/2007 12:16|-rahs----|0] C:\MSDOS.SYS
[30/12/2008 17:18|--a------|41546] C:\MSIInstall.log
[24/06/2002 20:07|--a------|18992] C:\NEON____.TTF
[25/04/2008 09:41|-rahs----|47564] C:\NTDETECT.COM
[03/06/2008 21:36|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[16/09/2007 15:41|--a------|168] C:\setupfax.log
[16/05/2009 09:52|--a------|0] C:\tok.txt
[20/12/2009 13:46|--a------|4818] C:\UsbFix.txt
[28/11/2009 19:58|--a------|2955776] H:\Bilan de stage.ppt
[12/12/2009 19:09|--a------|18030130] H:\vlc-1.0.3-win32.exe
[10/12/2005 04:37|-rah-----|9662] I:\DevIcon.fil
[10/12/2005 04:33|-rah-----|1493] I:\DevLogo.fil
[19/12/2009 20:46|-rahs----|139] I:\autorun.2nf

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
# I:\autorun.inf -> Dossier créé par UsbFix.

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\R‚my\Bureau\adobe-master-cs4-keygen.exe"
20/10/2008 11:43 |Size 94208 |Crc32 86ac7237 |Md5 4a0924ec5a96895ef65666a0cc97b48c

"C:\Documents and Settings\R‚my\Mes documents\avast\keygen.exe"
26/09/2006 17:52 |Size 136192 |Crc32 71c746d7 |Md5 5ceb868c80fc5f0027239feb8f9e64ac

"C:\Documents and Settings\R‚my\Mes documents\limewire\Incomplete\TDUHCVZZOHK2SMF3PFFRHURBSLIKVM5W\3D Studio Max 9 + Tutorials and Keygen\3dsmax9.exe"
12/01/2009 13:09 |Size 0 |Crc32 00000000 |Md5 d41d8cd98f00b204e9800998ecf8427e

"C:\Documents and Settings\R‚my\Mes documents\limewire\Incomplete\TDUHCVZZOHK2SMF3PFFRHURBSLIKVM5W\3D Studio Max 9 + Tutorials and Keygen\3dsmax9Tutorials.exe"
12/01/2009 13:09 |Size 0 |Crc32 00000000 |Md5 d41d8cd98f00b204e9800998ecf8427e

"C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\Keygen.exe"
21/10/2004 12:54 |Size 55296 |Crc32 e55679af |Md5 9d68f5164676db8fb8e46bfb3770c2ac

"C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\3D Studio Max 9 + Tutorials and Keygen\3dsmax9.exe"
03/12/2007 18:51 |Size 618317367 |Crc32 5b31f7f1 |Md5 71edd9c011c677ad7b0810accd1d0e21

"C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\3D Studio Max 9 + Tutorials and Keygen\3dsmax9Tutorials.exe"
03/12/2007 18:51 |Size 202266657 |Crc32 70b16f1b |Md5 cc89fdac642f452dd694afef48ae0db5

"C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\3D Studio Max 9 + Tutorials and Keygen\max9keygen.exe"
11/10/2006 17:19 |Size 94208 |Crc32 caf70f9a |Md5 236e0270cee6f33ffdfaf2489341521c

"C:\Documents and Settings\R‚my\Mes documents\Maya\Maya2010_Win64\Crack\xf-maya2010-64bits\xf-maya2010-64.exe"
12/08/2011 20:12 |Size 82432 |Crc32 ecb68c8f |Md5 2cba5ae35ef77411b030774f005eaa40

"C:\Documents and Settings\R‚my\Mes documents\Photoshop\Adobe Photoshop CS3 Extended + Patch FR\Crack\Photoshop.exe"
18/04/2007 01:24 |Size 44814336 |Crc32 8d075606 |Md5 d450729171238e2ea26b74099327d7aa

"C:\Documents and Settings\R‚my\Mes documents\Photoshop\Photoshop cs4 extended\Adobe Photoshop CS4\Keygen1\CS4MCLG.EXE"
19/10/2008 01:48 |Size 469268 |Crc32 bde1a9a0 |Md5 366480d909b7c917f73b27336ce86432

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\etherchange.exe"
09/05/2007 15:16 |Size 40960 |Crc32 1d1c9b30 |Md5 42b6736e08d9a48220f2aa3abbd02af4

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\ethereal-setup-0.99.0.exe"
09/05/2007 15:18 |Size 13053058 |Crc32 a7211181 |Md5 c61cd84500b60adc045e548dd1b2c228

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\iperf.exe"
09/05/2007 15:19 |Size 110592 |Crc32 15db90ce |Md5 624b6717901c90f3ca254f2f91ab15f3

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\airdecap.exe"
12/11/2005 12:00 |Size 81920 |Crc32 06401000 |Md5 8796dc015e92929565b2265d7b9acf49

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\airodump.exe"
12/11/2005 12:00 |Size 61440 |Crc32 17a50d57 |Md5 96a6a082a5378ed7125f86ac0e440e62

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\Updater.exe"
18/01/2006 11:58 |Size 973312 |Crc32 900b2a59 |Md5 369f984598f6384510b0a854c62d5889

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\WinAircrack.exe"
17/11/2005 15:17 |Size 1057280 |Crc32 5446d79c |Md5 5fe772f7942748fdce214147b43e1850

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\winaircrackpack\WinAircrackPack\WinAircrackPack\wzcook.exe"
12/11/2005 12:00 |Size 40960 |Crc32 49f7afce |Md5 7df6a570928d4ff01bec7e6ebb5a16e2

"C:\Documents and Settings\R‚my\Mes documents\piratwepwifi\PiratWepWiFi___\PiratWepWiFi\CrackWepWiFi\CrackWep\Tools\WlanDrv\WlanDrv.exe"
17/10/2005 20:12 |Size 440320 |Crc32 5fc44b14 |Md5 82d13d38f5acfbfcb562eef2bf585409

"C:\Program Files\Java\jdk1.6.0\bin\serialver.exe"
26/04/2008 09:17 |Size 25600 |Crc32 fcf3e40c |Md5 da7c7533f5f03186e196a654e99c3ac8

"C:\Documents and Settings\R‚my\Mes documents\Jeux PC\Les Sims 3\The.Sims.3.Crackfix.Read.Nfo-Razor1911.Up.By.DarK-AleX.for.TeaM-Digital.rar"
-> contain : *The_Sims_3_Crackfix_Read_Nfo-Razor1911\TS3.exe

"C:\Documents and Settings\R‚my\Mes documents\Logiciel\3d studio max\discreet 3ds max 7 Fr_Activation Dll & Keygen.par.eMule-Paradise.com.rar"
-> contain : Keygen.exe

"C:\Documents and Settings\R‚my\Mes documents\Maya\Maya2010_Win64\Crack\xf-maya2010-32bits.rar"
-> contain : xf-maya2010.exe

"C:\Documents and Settings\R‚my\Mes documents\Maya\Maya2010_Win64\Crack\xf-maya2010-64bits.rar"
-> contain : xf-maya2010-64.exe


################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\RMY~1\Bureau\UsbFix_Upload_Me_FTR-9XXNTFBJMZD.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .


super antispyware


SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/20/2009 at 04:07 PM

Application Version : 4.32.1000

Core Rules Database Version : 4396
Trace Rules Database Version: 2232

Scan type : Complete Scan
Total Scan Time : 01:12:10

Memory items scanned : 474
Memory threats detected : 0
Registry items scanned : 5991
Registry threats detected : 104
File items scanned : 26914
File threats detected : 259

Trojan.Unclassified/GTS
HKLM\Software\Classes\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}\InprocServer32
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}\InprocServer32#ThreadingModel
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}\ProgID
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}\Programmable
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}\TypeLib
HKCR\CLSID\{19188BC4-4E06-48E6-9C54-8E94425AEF02}\VersionIndependentProgID
HKCR\qvdntlmw.1
HKCR\qvdntlmw
HKCR\TypeLib\{9E15CBBA-A508-4838-AC11-8D44BE41CEA9}
HKCR\TypeLib\{9E15CBBA-A508-4838-AC11-8D44BE41CEA9}\1.0
HKCR\TypeLib\{9E15CBBA-A508-4838-AC11-8D44BE41CEA9}\1.0\0
HKCR\TypeLib\{9E15CBBA-A508-4838-AC11-8D44BE41CEA9}\1.0\0\win32
HKCR\TypeLib\{9E15CBBA-A508-4838-AC11-8D44BE41CEA9}\1.0\FLAGS
HKCR\TypeLib\{9E15CBBA-A508-4838-AC11-8D44BE41CEA9}\1.0\HELPDIR
C:\WINDOWS\QVDNTLMW.DLL
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19188BC4-4E06-48E6-9C54-8E94425AEF02}
HKU\S-1-5-21-1229272821-1647877149-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19188BC4-4E06-48E6-9C54-8E94425AEF02}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19188BC4-4E06-48E6-9C54-8E94425AEF02}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{19188BC4-4E06-48E6-9C54-8E94425AEF02}
HKCR\Interface\{841098DC-EEA3-4332-9C67-51CF88FE66A7}
HKCR\Interface\{841098DC-EEA3-4332-9C67-51CF88FE66A7}\ProxyStubClsid
HKCR\Interface\{841098DC-EEA3-4332-9C67-51CF88FE66A7}\ProxyStubClsid32
HKCR\Interface\{841098DC-EEA3-4332-9C67-51CF88FE66A7}\TypeLib
HKCR\Interface\{841098DC-EEA3-4332-9C67-51CF88FE66A7}\TypeLib#Version

Adware.Vundo/Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL

Adware.Tracking Cookie
C:\Documents and Settings\Rémy\Cookies\rémy@smartadserver[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@specificclick[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adv.surinter[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adserver.easyad[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@banner.cotedazurpalace[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adviva[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fr.sitestat[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www2.mystats[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ad1.clickhype[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@bs.serving-sys[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@data.coremetrics[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adserver.efficaweb[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@bluestreak[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@statse.webtrendslive[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@himedia.individuad[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@media303[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.rider-discount[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@banner.royalloungecasino[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@bonuspromooffer[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@zanox[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@media6degrees[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@zedo[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@clickintext[6].txt
C:\Documents and Settings\Rémy\Cookies\rémy@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.mediatis[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@sg10scanner[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@account.caesarcardclub[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www7.addfreestats[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@tracking.veille-referencement[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adv.bewebmedia[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@bubblestat[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@weborama[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@windowsmedia[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.sexyavenue[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@yourmedia[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@server.iad.liveperson[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adserving.favorit-network[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@uk.sitestat[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.tetesacl.streamtheworld[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adopt.euroclick[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@cdiscount[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@himedia.112.2o7[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@mediatis[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@media.webstore-internet[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@tacoda[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fr.sitestat[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.inteletrack[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ad3.clickhype[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ad.proxad[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@rm.piximedia[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@wysistat[4].txt
C:\Documents and Settings\Rémy\Cookies\rémy@counter.inkfrog[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@wysistat[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@click-fr[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@apmebf[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@a.websponsors[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@partypoker[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@vivelledop.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@mediafire[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@revsci[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@evenmorestats[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@redirectclicks[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.allotraffic[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adserver.adtechus[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@advertstream[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fr.sitestat[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@tns-counter[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fr.classic.clickintext[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@tracking.quisma[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@altimasa.112.2o7[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@cnam.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@virginmobile.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@projop.findworks[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@estat[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@sexyavenue[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@tracking.publicidees[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@blancheporte.solution.weborama[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@free.umainstat[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.onlinespywarescanner[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@247realmedia[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@track.webtrekk[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www3.smartadserver[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@orange3.solution.weborama[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fr.sitestat[4].txt
C:\Documents and Settings\Rémy\Cookies\rémy@d2.advertserve[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fr.sitestat[5].txt
C:\Documents and Settings\Rémy\Cookies\rémy@aq.2.cqcounter[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.fulldls[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@track.effiliation[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@lascad.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@mediatraffic[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@serving-sys[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ww57.smartadserver[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.addynamix[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.aedgency[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@int.sitestat[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@nestlecereals.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ad.ieurop[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@jaycoshop.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@stat.blogorama[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@int.sitestat[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@track.effiliation[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.xapads[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.burstnet[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@web-mediaplayer[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@trackers.1st-affiliation[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.ad4game[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.deenero[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ad.trackbar[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@creatives.commindo-media[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@in.bubblestat[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@track.webgains[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.generation-3d[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@windowslivemessenger.solution.weborama[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@eas.apm.emediate[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@partyaccount[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@banner.williamhillpoker[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@t.bbtrack[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.dvd-prix-discount[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@bouyguestelecom.solution.weborama[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@www.smartadserver[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@garnier2009.solution.weborama[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.widgetbucks[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@content.yieldmanager[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@a.websponsors[3].txt
C:\Documents and Settings\Rémy\Cookies\rémy@stats.gamestop[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adserver.aol[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@collective-media[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@adserver.adreactor[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@imrworldwide[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@fastclick[2].txt
C:\Documents and Settings\Rémy\Cookies\rémy@secure.partyaccount[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@ads.128b[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@myroitracking[1].txt
C:\Documents and Settings\Rémy\Cookies\rémy@burstnet[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@videoegg.adbureau[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@smartadserver[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.us.e-planning[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@becometrueclick[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@lascad.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@zedo[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@redirectclicks[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.widgetbucks[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@cnam.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adtrafficsolution[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@stats.searchtrack[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@windowslivemessenger.solution.weborama[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tracking.quisma[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ie8audience.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@web-stats[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@techfluencers-media[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.allotraffic[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@weboramapromotions.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.clicksor[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@account.caesarcardclub[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tracking.publicidees[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bluestreak[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@serw.clicksor[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@cgm.adbureau[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@banner.carnavalcasino[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@content.yieldmanager[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@dbainteractive.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adopt.euroclick[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.mktrack[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@content.yieldmanager[3].txt
C:\Documents and Settings\Daniel\Cookies\daniel@richmedia.yahoo[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.usenext[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@consolidationwindowsfrie8.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adv.surinter[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@apmebf[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@game-advertising-online[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@fastclick[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bouyguestelecom.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@myroitracking[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@banner.32vegas[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@track.webtrekk[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@bs.serving-sys[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adviva[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.googleadservices[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@www.smartadserver[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@himedia.individuad[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ww251.smartadserver[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@t.bbtrack[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tribalfusion[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@advertstream[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ad.ieurop[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@gotoyourclicks[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@serving-sys[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@interflora2.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@partypoker[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@track.profitistic[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@click-fr[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@serving-sys[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@stat.argentmania[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@banner.cotedazurpalace[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@overture[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@traffic-go[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@banner.joylandcasino[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@specificclick[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@boursoramabanque.solution.weborama[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@statse.webtrendslive[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@xml.trafficengine[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adclickdirect[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.128b[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tns-counter[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@virginmobile.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adultfriendfinder[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@lorealpariselseve.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@247realmedia[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ads.ad4game[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@ttbmanutan.solution.weborama[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@clickintext[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@fr.classic.clickintext[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@fr.powerfulvirusremover2008[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adserver.aol[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@adcentriconline[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tracking.veille-referencement[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@chitika[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@enhance[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@tacoda[2].txt
C:\Documents and Settings\Daniel\Cookies\daniel@cdn5.specificclick[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@weborama[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@server.iad.liveperson[1].txt
C:\Documents and Settings\Daniel\Cookies\daniel@yourmedia[1].txt
C:\Documents and Settings\Daniel\Local Settings\Temp\Cookies\daniel@smartadserver[2].txt
C:\Documents and Settings\Daniel\Local Settings\Temp\Cookies\daniel@zedo[1].txt
C:\Documents and Settings\Daniel\Local Settings\Temp\Cookies\daniel@tracking.quisma[2].txt
C:\Documents and Settings\Daniel\Local Settings\Temp\Cookies\daniel@www.rider-discount[2].txt
C:\Documents and Settings\Daniel\Local Settings\Temp\Cookies\daniel@apmebf[1].txt
C:\Documents and Settings\Daniel\Local Settings\Temp\Cookies\daniel@www.zanox-affiliate[1].txt

Rogue.MalWarrior
HKLM\Software\Adsl Software Limited
HKLM\Software\Adsl Software Limited\Installer
HKLM\Software\Adsl Software Limited\Installer#InstallDate
HKLM\Software\Adsl Software Limited\Installer#RegDate
HKLM\Software\Adsl Software Limited\Installer#Flag
HKU\S-1-5-21-1229272821-1647877149-839522115-1005\Software\Adsl Software Limited
C:\Documents and Settings\Rémy\Application Data\Adsl Software Limited

Trojan.Net-VBG/NMC
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#vbgtorfd [ {442F68B0-E936-4F33-AA77-3A245DD46C6E} ]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#dwnrpofk [ {74657259-610A-4ABF-B991-E34DCE03B5B7} ]

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKLM\SOFTWARE\Microsoft\MS Optimization
HKLM\SOFTWARE\Microsoft\MS Optimization\me
HKLM\SOFTWARE\Microsoft\MS Optimization\me#LTM
HKLM\SOFTWARE\Microsoft\MS Optimization\me#CDY
HKLM\SOFTWARE\Microsoft\MS Optimization\me#CNT
HKLM\SOFTWARE\Microsoft\MS Optimization\me#LBL
HKLM\SOFTWARE\Microsoft\MS Optimization\me#MN
HKLM\SOFTWARE\Microsoft\MS Optimization\mm
HKLM\SOFTWARE\Microsoft\MS Optimization\mm#LTM
HKLM\SOFTWARE\Microsoft\MS Optimization\mm#CDY
HKLM\SOFTWARE\Microsoft\MS Optimization\mm#CNT
HKLM\SOFTWARE\Microsoft\MS Optimization\s4
HKLM\SOFTWARE\Microsoft\MS Optimization\s4#LTM
HKLM\SOFTWARE\Microsoft\MS Optimization\s4#CDY
HKLM\SOFTWARE\Microsoft\MS Optimization\s4#CNT
HKLM\SOFTWARE\Microsoft\MS Optimization\se
HKLM\SOFTWARE\Microsoft\MS Optimization\se#LTM
HKLM\SOFTWARE\Microsoft\MS Optimization\se#CDY
HKLM\SOFTWARE\Microsoft\MS Optimization\se#CNT
HKLM\SOFTWARE\Microsoft\MS Optimization\tr
HKLM\SOFTWARE\Microsoft\MS Optimization\zz
HKLM\SOFTWARE\Microsoft\MS Optimization\zz#LTM
HKLM\SOFTWARE\Microsoft\MS Optimization\zz#CDY
HKLM\SOFTWARE\Microsoft\MS Optimization\zz#CNT
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKLM\Software\Microsoft\BCB3C8C0
HKLM\Software\Microsoft\BCB3C8C0#bcb3c8c0
HKLM\Software\Microsoft\BCB3C8C0#Version
HKLM\Software\Microsoft\BCB3C8C0#red_srv
HKLM\Software\Microsoft\BCB3C8C0#red_srv_bckp
HKLM\Software\Microsoft\BCB3C8C0#bcb36540
HKLM\Software\Microsoft\BCB3C8C0#bcb30ca5
HKU\S-1-5-21-1229272821-1647877149-839522115-1005\Software\Microsoft\FIAS4018
HKU\S-1-5-21-1229272821-1647877149-839522115-1005\Software\Microsoft\FIAS4051
HKU\S-1-5-21-1229272821-1647877149-839522115-1005\Software\Microsoft\FIAS4052N
HKU\S-1-5-21-1229272821-1647877149-839522115-1005\Software\Microsoft\FIAS4057

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-1229272821-1647877149-839522115-1005\SOFTWARE\Microsoft\fias4013

Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\NAVILOG1\REG.EXE
C:\WINDOWS\SYSTEM32\RAR.EXE

Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\2.TMP

Adware.Vundo/Variant-SR
C:\WINDOWS\SYSTEM32\BOHEMUKO.DLL
C:\WINDOWS\SYSTEM32\LIWIFINA.DLL

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\EFCBSQIG.DLL
C:\WINDOWS\SYSTEM32\MLJDVVML.DLL

Trojan.Dropper/Gen-SoftDev
C:\WINDOWS\SYSTEM32\FEYILOTO.DLL
C:\WINDOWS\SYSTEM32\FUZUHEFU.DLL.TMP
C:\WINDOWS\SYSTEM32\LIFUTEZA.DLL.TMP
C:\WINDOWS\SYSTEM32\WIYOYOVA.DLL.TMP
C:\WINDOWS\SYSTEM32\ZIKEWAPO.DLL

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\GOJIDISI.DLL
C:\WINDOWS\SYSTEM32\LEDANOZO.DLL
C:\WINDOWS\SYSTEM32\PISILUVU.DLL
C:\WINDOWS\SYSTEM32\VOPESIDE.DLL

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\PATAFUDI.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\YUJUKAKU.DLL
0
Réponse 8 / 22
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
20 déc. 2009 à 17:51
Bien !

Fais moi un nouveau rapport ZHPDiag maintenant.
0
Réponse 9 / 22
remy
20 déc. 2009 à 17:58
Le voila

Rapport de ZHPDiag v1.24.39 par Nicolas Coolman
Run by Rémy at 20/12/2009 17:55:27
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.5.2)

Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (52% free)
System drive C: has 9 GB (6%) free of 128 GB

---\\ Processus lancés
[MD5.748393EEE2E85357567DF4AD30D86397] - C:\WINDOWS\system32\NeroCheck.exe
[MD5.E4A7B1AA1E40676153A824AC00EC3450] - C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[MD5.622ED3A888A7C1FCADE04F4D095FCA76] - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[MD5.624B05CFE355595117DBFFE3E3B45AFE] - C:\Program Files\Real\RealPlayer\RealPlay.exe
[MD5.E43A851F7B12DE589424D6C656155CFC] - C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[MD5.A13E30A517235A507D63393C420BF9D2] - C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe
[MD5.452FA961163EF4AEE4815796A13AB2CF] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - C:\Program Files\Java\jre6\bin\jusched.exe
[MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - C:\WINDOWS\system32\ctfmon.exe
[MD5.D44EDC5D8E1933116C423120FB3B7140] - C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe
[MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[MD5.18B4B12358EFCF68D76812058A26181F] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[MD5.626A24ED1228580B9518C01930936DF9] - C:\Documents and Settings\Rémy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[MD5.EA0B99460FE002E8588808F297160548] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
[MD5.85F0744A53273F8E17599182E32D789F] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[MD5.03463803AE9386EB095FFFD8DD26B85B] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - C:\WINDOWS\System32\svchost.exe
[MD5.73686FE0B2E0469F89FD2075BE724704] - C:\Program Files\Bonjour\mDNSResponder.exe
[MD5.54CB50058851D95E56EC70D09F70857F] - C:\WINDOWS\system32\services.exe
[MD5.F46EEFE92C143BB9D0DF3F7D98EA7847] - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
[MD5.DF064E75259120BD6FB3677DEBAD7040] - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
[MD5.5467F1FF0AF264566740F67E8B810735] - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[MD5.39133291CB607BDD87CFC565A4A1E7A5] - C:\Program Files\Java\jre6\bin\jqs.exe
[MD5.027D03D9D8AB95194A115A999E960AC0] - C:\WINDOWS\system32\LEXBCES.EXE
[MD5.A80F0E7DC789150C3AE4F504E3B96B06] - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
[MD5.11F714F85530A2BD134074DC30E99FCA] - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
[MD5.00000000000000000000000000000000] - C:\WINDOWS\system32\1033g.exe
[MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - C:\WINDOWS\System32\lsass.exe
[MD5.460E4CE148BD07218DA0B6A3D31885A9] - C:\WINDOWS\system32\spoolsv.exe
[MD5.B1691AF4A072CB674D600DB16DD7308E] - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
[MD5.A8FD145F7C7CBEBC3E2AC1E72576F3BF] - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: Shell=explorer.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088

---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: anner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [OfficeScanNT Monitor] -HideWindow
O4 - HKLM\..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [F-Secure Manager] C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] C:\Documents and Settings\Rémy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File - C:\Program Files\Bonjour\mdnsNSP.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EFA3804-14DA-4142-AA14-3A26EC670853}: NameServer = 195.62.37.19,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EFA3804-14DA-4142-AA14-3A26EC670853}: NameServer = 195.62.37.19,192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{1EFA3804-14DA-4142-AA14-3A26EC670853}: NameServer = 195.62.37.19,192.168.1.1

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\System32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: pmnllkKD - C:\WINDOWS\System32\pmnllkKD.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Management Agent (FSMA) - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Software Updater (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: LexBce Server (LexBceS) - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Framework McAfee (McAfeeFramework) - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
O23 - Service: Machine Debug Manager (MDM) - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: Machine Debug Manager MDMstisvc (MDMstisvc) - C:\WINDOWS\system32\1033g.exe srv
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1647877149-839522115-1005Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1647877149-839522115-1005UA.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Lecteur Windows Media - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: IE7 Uninstall Stub - {1F1DDFDE-1410-086F-1094-7EC083F28BCA} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\msdxm.ocx
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\msdxm.ocx
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: Microsoft DirectX - {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Lecteur Windows Media - {47B43968-7128-194F-EF3B-B3D88D7F2286} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Hotfix for Microsoft .NET Framework 2.0 (KB918842) - {5FD48194-AD97-46A1-ABDB-12FC85916742} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Web Folders - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: IE7 Uninstall Stub - {8E5337A1-87DD-B2BC-168E-4536018FE9C4} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Internet Explorer - {A04E402F-565B-7853-A9FF-B4578D746BCE} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Environnement de prise en charge de réseau AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (Cdrom) - C:\WINDOWS\System32\DRIVERS\cdrom.sys
O41 - Driver: F-Secure HIPS Driver (F-Secure HIPS) - C:\Program Files\Orange\AntivirusFirewall\HIPS\drivers\fshs.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de filtre de gravure CD (Imapi) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\System32\DRIVERS\intelppm.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\System32\DRIVERS\ipsec.sys
O41 - Driver: Pilote de la classe Clavier (Kbdclass) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
O41 - Driver: VSCore mferkdk (mferkdk) - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
O41 - Driver: Pilote de la classe Souris (Mouclass) - C:\WINDOWS\System32\DRIVERS\mouclass.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\System32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\System32\DRIVERS\netbt.sys
O41 - Driver: Pilote processeur (Processor) - C:\WINDOWS\System32\DRIVERS\processr.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\System32\DRIVERS\rdbss.sys
O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\System32\DRIVERS\redbook.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: Pilote de port série (Serial) - C:\WINDOWS\System32\DRIVERS\serial.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\System32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\System32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: 3dsmax ancillary install
O42 - Logiciel: 7-Zip 4.65
O42 - Logiciel: Ad-Remover By C_XX
O42 - Logiciel: Adobe AIR
O42 - Logiciel: Adobe After Effects CS4
O42 - Logiciel: Adobe After Effects CS4 Presets
O42 - Logiciel: Adobe After Effects CS4 Third Party Content
O42 - Logiciel: Adobe Anchor Service CS3
O42 - Logiciel: Adobe Anchor Service CS4
O42 - Logiciel: Adobe Asset Services CS3
O42 - Logiciel: Adobe Bridge CS3
O42 - Logiciel: Adobe Bridge CS4
O42 - Logiciel: Adobe Bridge Start Meeting
O42 - Logiciel: Adobe CMaps CS4
O42 - Logiciel: Adobe CSI CS4
O42 - Logiciel: Adobe Camera Raw 4.0
O42 - Logiciel: Adobe Color - Photoshop Specific CS4
O42 - Logiciel: Adobe Color Common Settings
O42 - Logiciel: Adobe Color EU Extra Settings
O42 - Logiciel: Adobe Color EU Recommended Settings CS4
O42 - Logiciel: Adobe Color JA Extra Settings CS4
O42 - Logiciel: Adobe Color NA Extra Settings CS4
O42 - Logiciel: Adobe Color NA Recommended Settings
O42 - Logiciel: Adobe Color Video Profiles AE CS4
O42 - Logiciel: Adobe Color Video Profiles CS CS4
O42 - Logiciel: Adobe Default Language CS4
O42 - Logiciel: Adobe Device Central CS3
O42 - Logiciel: Adobe Device Central CS4
O42 - Logiciel: Adobe Drive CS4
O42 - Logiciel: Adobe Dynamiclink Support
O42 - Logiciel: Adobe ExtendScript Toolkit 2
O42 - Logiciel: Adobe Extension Manager CS4
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Help Viewer CS3
O42 - Logiciel: Adobe Linguistics CS3
O42 - Logiciel: Adobe Linguistics CS4
O42 - Logiciel: Adobe Media Encoder CS4 Exporter
O42 - Logiciel: Adobe Media Encoder CS4 Importer
O42 - Logiciel: Adobe MotionPicture Color Files CS4
O42 - Logiciel: Adobe Output Module
O42 - Logiciel: Adobe Photoshop CS3
O42 - Logiciel: Adobe Photoshop CS4
O42 - Logiciel: Adobe Photoshop CS4 Support
O42 - Logiciel: Adobe Reader 9.1 - Français
O42 - Logiciel: Adobe Search for Help
O42 - Logiciel: Adobe Service Manager Extension
O42 - Logiciel: Adobe Setup
O42 - Logiciel: Adobe Stock Photos CS3
O42 - Logiciel: Adobe Type Support CS4
O42 - Logiciel: Adobe Update Manager CS3
O42 - Logiciel: Adobe Update Manager CS4
O42 - Logiciel: Adobe Version Cue CS3 Client
O42 - Logiciel: Adobe WinSoft Linguistics Plugin
O42 - Logiciel: Adobe XMP Panels CS3
O42 - Logiciel: Adobe XMP Panels CS4
O42 - Logiciel: AdobeColorCommonSetCMYK
O42 - Logiciel: AdobeColorCommonSetRGB
O42 - Logiciel: Alteros 3D
O42 - Logiciel: AntiVirus Firewall
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Astrologie & Horoscope
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: Autodesk DWF Viewer 7
O42 - Logiciel: Backburner
O42 - Logiciel: CDCheck
O42 - Logiciel: CDex extraction audio
O42 - Logiciel: CSO-DAX Compressor V0.37
O42 - Logiciel: Cheat Engine 5.5
O42 - Logiciel: Code de la route
O42 - Logiciel: ColorUtility
O42 - Logiciel: Command & Conquer Soleil de Tiberium
O42 - Logiciel: CommentCaMarche 2.0.6
O42 - Logiciel: Conjugaison
O42 - Logiciel: Connect
O42 - Logiciel: Cycore FX 1.0.1 for After Effects
O42 - Logiciel: DivX Web Player
O42 - Logiciel: Dofus 1.27.0
O42 - Logiciel: Easy MP3 Converter 1.27
O42 - Logiciel: FBX Plugin 2006.08 for Max 9.0
O42 - Logiciel: GTA San Andreas
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Google Earth
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Guide Routier France et Europe
O42 - Logiciel: Half-Life
O42 - Logiciel: Heroes of Might and Magic® IV
O42 - Logiciel: Hotfix pour Microsoft .NET Framework 2.0 (KB918842)
O42 - Logiciel: Indeo® software
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: InterVideo WinDVD
O42 - Logiciel: Java 2 Runtime Environment Standard Edition v1.3
O42 - Logiciel: Java(TM) 6 Update 17
O42 - Logiciel: Java(TM) SE Development Kit 6
O42 - Logiciel: Java(TM) SE Runtime Environment 6
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: Le Grand Louvre - vol.1
O42 - Logiciel: Le réviseur grammatical démo
O42 - Logiciel: Lexmark X1100 Series
O42 - Logiciel: LimeWire PRO 4.14.9
O42 - Logiciel: Lizardtech DjVu Control
O42 - Logiciel: Logitech Desktop Messenger
O42 - Logiciel: Logitech Print Service
O42 - Logiciel: MSNFix 1.735
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Magic ISO Maker v5.3 (build 0214)
O42 - Logiciel: Magicbit 3GP Video Converter
O42 - Logiciel: Mega Manager
O42 - Logiciel: Megaupload Toolbar
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Micro Application - PrintAstro
O42 - Logiciel: Microsoft .NET Framework 2.0
O42 - Logiciel: Microsoft Choice Guard
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Live Add-in 1.3
O42 - Logiciel: Microsoft Office Outlook Connector
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft WinUsb 1.0
O42 - Logiciel: Mozilla Firefox (3.5.2)
O42 - Logiciel: Mp3tag v2.42
O42 - Logiciel: Nero - Burning Rom
O42 - Logiciel: No-Popup 1.0
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: PBP Unpacker v0.94
O42 - Logiciel: PDF Settings CS4
O42 - Logiciel: PS3Eye Camera v2.0b81111
O42 - Logiciel: PSP Brew 0.91
O42 - Logiciel: PSP Video Express(remove only)
O42 - Logiciel: PSPGen Personal Media Manager 2.94
O42 - Logiciel: Paramètres d'orthographe pour le français
O42 - Logiciel: Patch san andreas v 1.0
O42 - Logiciel: Personal Media Manager 1.5.0
O42 - Logiciel: PhotoFiltre
O42 - Logiciel: Photoshop Camera Raw
O42 - Logiciel: PiMPStreamer
O42 - Logiciel: Picasa 3
O42 - Logiciel: RealPlayer 7 Basic
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Segoe UI
O42 - Logiciel: Serif DrawPlus 4.0
O42 - Logiciel: Simulateur de conduite 3D
O42 - Logiciel: Suite Shared Configuration CS4
O42 - Logiciel: System Requirements Lab
O42 - Logiciel: TI-Black Link
O42 - Logiciel: TI-Graph Link 82 - Français
O42 - Logiciel: Tag&Rename 3.3.5
O42 - Logiciel: TomTom HOME 2.7.1.1812
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules
O42 - Logiciel: Tweak UI
O42 - Logiciel: Ultra TS Meteor http://www.tiberian.fr.st
O42 - Logiciel: Utilitaires Sierra
O42 - Logiciel: VLC media player 1.0.2
O42 - Logiciel: WARM UP !
O42 - Logiciel: WinISO 5.3
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live FolderShare
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: kuler
O42 - Logiciel: ubi.com

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip
O43 - CFD:Common File Directory ----D- C:\Program Files\ABBYY FineReader 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Ad-Remover
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Alcohol Soft
O43 - CFD:Common File Directory ----D- C:\Program Files\AlexP
O43 - CFD:Common File Directory ----D- C:\Program Files\Alteros 3D
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Anuman Interactive
O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity
O43 - CFD:Common File Directory ----D- C:\Program Files\Autodesk
O43 - CFD:Common File Directory ----D- C:\Program Files\AVS4YOU
O43 - CFD:Common File Directory ----D- C:\Program Files\backburner 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\Casperlab Software
O43 - CFD:Common File Directory ----D- C:\Program Files\CDCheck
O43 - CFD:Common File Directory ----D- C:\Program Files\CDex_150
O43 - CFD:Common File Directory ----D- C:\Program Files\Cheat Engine
O43 - CFD:Common File Directory ----D- C:\Program Files\ColorUtility
O43 - CFD:Common File Directory ----D- C:\Program Files\CommentCaMarche
O43 - CFD:Common File Directory ----D- C:\Program Files\Comodo
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\Conjugaison
O43 - CFD:Common File Directory ----D- C:\Program Files\CryptLoad_1.1.6
O43 - CFD:Common File Directory ----D- C:\Program Files\CSO-DAX Compressor
O43 - CFD:Common File Directory ----D- C:\Program Files\directx
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\Dofus
O43 - CFD:Common File Directory ----D- C:\Program Files\Easy MP3 Converter
O43 - CFD:Common File Directory ----D- C:\Program Files\ECCALCFT
O43 - CFD:Common File Directory ----D- C:\Program Files\Enigma Software Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FlashGet
O43 - CFD:Common File Directory ----D- C:\Program Files\Frets on Fire
O43 - CFD:Common File Directory ----D- C:\Program Files\FrRefFra
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\GSC Game World
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\JavaSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Lexmark X1100 Series
O43 - CFD:Common File Directory ----D- C:\Program Files\LimeWire
O43 - CFD:Common File Directory ----D- C:\Program Files\LizardTech
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Magicbit
O43 - CFD:Common File Directory ----D- C:\Program Files\MagicISO
O43 - CFD:Common File Directory ----D- C:\Program Files\Megaupload
O43 - CFD:Common File Directory ----D- C:\Program Files\MegauploadToolbar
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Plus! Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Outlook Connector
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Windows OneCare Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\Mp3tag
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\msn
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSNFix
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\MultiProxy
O43 - CFD:Common File Directory ----D- C:\Program Files\MYMA Decoder and Viewer
O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Network Associates
O43 - CFD:Common File Directory ----D- C:\Program Files\Orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\PBP Unpacker
O43 - CFD:Common File Directory ----D- C:\Program Files\Personal Media Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre
O43 - CFD:Common File Directory ----D- C:\Program Files\Picasa2
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\revdemo
O43 - CFD:Common File Directory ----D- C:\Program Files\Rockstar Games
O43 - CFD:Common File Directory ----D- C:\Program Files\Securitoo
O43 - CFD:Common File Directory ----D- C:\Program Files\Serif
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Sierra On-Line
O43 - CFD:Common File Directory ----D- C:\Program Files\SUPERAntiSpyware
O43 - CFD:Common File Directory ----D- C:\Program Files\SystemRequirementsLab
O43 - CFD:Common File Directory ----D- C:\Program Files\TI Education
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom HOME 2
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
O43 - CFD:Common File Directory ----D- C:\Program Files\Tux4kids
O43 - CFD:Common File Directory ----D- C:\Program Files\ubi.com
O43 - CFD:Common File Directory ----D- C:\Program Files\UltraISO
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Wanadoo
O43 - CFD:Common File Directory ----D- C:\Program Files\WinAVI MP4 Converter
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinISO
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\3DO Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe AIR
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe Systems Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Autodesk Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Cisco Systems
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\FotoWire
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macrovision Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Micro Application Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\PocketSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Softwin
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:Last File Created 20/12/2009 - 17:53:47 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:Last File Created 20/12/2009 - 17:25:24 ---A- C:\WINDOWS\0.log
O44 - LFC:Last File Created 20/12/2009 - 17:25:16 ---A- C:\WINDOWS\FSSTM.LOG
O44 - LFC:Last File Created 20/12/2009 - 17:25:06 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:Last File Created 20/12/2009 - 17:25:06 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:Last File Created 20/12/2009 - 17:24:58 -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:Last File Created 20/12/2009 - 17:23:45 ---A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:Last File Created 20/12/2009 - 13:48:53 ---A- C:\UsbFix.txt
O44 - LFC:Last File Created 20/12/2009 - 13:46:26 ---A- C:\WINDOWS\setupact.log
O44 - LFC:Last File Created 20/12/2009 - 13:23:52 ---A- C:\Ad-Report-CLEAN[1].log
O44 - LFC:Last File Created 20/12/2009 - 12:31:50 ---A- C:\cleannavi.txt
O44 - LFC:Last File Created 19/12/2009 - 19:53:02 ---A- C:\WINDOWS\msnfix.txt
O44 - LFC:Last File Created 19/12/2009 - 19:40:50 ---A- C:\WINDOWS\wininit.ini
O44 - LFC:Last File Created 14/12/2009 - 17:04:40 ---A- C:\WINDOWS\MEMORY.DMP
O44 - LFC:Last File Created 10/12/2009 - 20:07:34 ---A- C:\WINDOWS\lexstat.ini
O44 - LFC:Last File Created 10/12/2009 - 16:54:07 ---A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:Last File Created 25/11/2009 - 16:52:26 ---A- C:\WINDOWS\System32\jupdate-1.6.0_17-b04.log
O44 - LFC:Last File Created 23/11/2009 - 18:21:02 ---A- C:\WINDOWS\System32\d3d9caps.dat
O44 - LFC:Last File Created 23/11/2009 - 18:21:00 ---A- C:\WINDOWS\System32\d3d8caps.dat

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
O47 - AAKE:Key Export SP - "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
O47 - AAKE:Key Export SP - "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\cnedexnpa.exe"="C:\WINDOWS\system32\cnedexnpa.exe:*:Enabled:Log System"
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Rémy\Mes documents\Logiciel\emul\eMule\emule.exe"="C:\Documents and Settings\Rémy\Mes documents\Logiciel\emul\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\Winsos\winsos.exe"="C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos"
O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
O47 - AAKE:Key Export SP - "C:\DOCUME~1\RMY~1\LOCALS~1\Temp\IXP000.TMP\dfgdfgdf.exe"="C:\DOCUME~1\RMY~1\LOCALS~1\Temp\IXP000.TMP\dfgdfgdf.exe:*:Enabled:Firevall Administrating"
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - cli

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\Wdf01000.sys

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\System32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="serwvdrv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave2"="serwvdrv.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave4"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.voxacm160"="vct3216.acm"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave5"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave6"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer4"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.WMV3"="wmv9vcm.dll"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Périphérique audio USB"
O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio"
O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\System32\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.10"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"ir32_32.dll"="Indeo® video R3.2 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"serwvdrv.dll"="Pilote de porteuse modem"
O52 - TDSD:HKLM\...\drivers.desc\"mciavi32.dll"="mciavi32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mcicda.dll"="mcicda.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciseq.dll"="mciseq.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciwave.dll"="mciwave.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciqtz32.dll"="mciqtz32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"midimap.dll"="midimap.dll"
O52 - TDSD:HKLM\...\drivers.desc\"imaadp32.acm"="imaadp32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msadp32.acm"="msadp32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msg711.acm"="msg711.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msgsm32.acm"="msgsm32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"tssoft32.acm"="tssoft32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"iccvid.dll"="iccvid.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msh263.drv"="msh263"
O52 - TDSD:HKLM\...\drivers.desc\"ir41_32.ax"="Indeo® video interactive R4.3 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"iyuv_32.dll"="iyuv_32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msrle32.dll"="msrle32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msvidc32.dll"="msvidc32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msyuv.dll"="msyuv.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msacm32.drv"="msacm32"
O52 - TDSD:HKLM\...\drivers.desc\"msg723.acm"="msg723.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msh261.drv"="msh261"
O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="WDM Video For Windows Capture Driver (Win32)"
O52 - TDSD:HKLM\...\drivers.desc\"vct3216.acm"="Voxware Compression Toolkit"
O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"wmv9vcm.dll"="Microsoft Windows Media Video 9 VCM"

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55
0
Réponse 10 / 22
remy
20 déc. 2009 à 18:00
voila

http://www.cijoint.fr/cjlink.php?file=cj200912/cijpRf1JMC.txt
0
Réponse 11 / 22
remy
20 déc. 2009 à 18:09
je fai quoi ensuite
0
Réponse 12 / 22
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
20 déc. 2009 à 18:13
Ceci :

-+-+-+-> Malwarebyte's Anti-Malware <-+-+-+-


[x] Télécharge Malwarebyte's anti-malware

[x] Installe le en prenant soin de le mettre à jour à la fin de l'installation.

[x] Lance un scan complet.

[x] Coche bien tout les éléments trouvés et supprime les.

[x] A la fin du scan, copie/colle le contenu du rapport qui s'ouvrira. S'il ne s'ouvre pas, il se trouve dans la partie " Rapports/Logs " de malwarebyte's.

[x] N'oublie pas de vider la quarantaine de malwarebyte's.

Nb : Un tutoriel pour son utilisation est disponible à cette adresse
0
Réponse 13 / 22
remy
21 déc. 2009 à 17:37
c'est enfin terminé


Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3398
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

21/12/2009 17:14:50
mbam-log-2009-12-21 (17-14-50).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 362855
Temps écoulé: 6 hour(s), 48 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 38

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\colorutility.colorutility (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\colorutility.colorutility.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.bmsb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{903ad98d-8a91-4fbb-b5e1-4ffca9003e6a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\SystemDefender\logs (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Program Files\ColorUtility (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\badusuke.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\benituyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luyenofe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sekanawo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tadezuzu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\terovozo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vayuhowa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rémy\Bureau\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rémy\Mes documents\free\Debrider free megauplaod and rapidshare\Debrider free megauplaod rapidshare\petit plus\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rémy\Mes documents\Photoshop\Photoshop cs4 extended\Adobe Photoshop CS4\Keygen2\Photoshop CS4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Personal Media Manager\apps\YAAI.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP213\A0249673.exe (Worm.Messenger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{89378A45-3CF2-4F04-BDB9-8C18188D4BDF}\RP214\A0249766.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Program Files\ColorUtility\uninstall.dat (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\ColorUtility\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\127.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\129.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\129.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\130.music1.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\130.music1.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\131.music2.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\131.music2.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\132.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalSystemPolicy\132.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Menu Démarrer\Programmes\Démarrage\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10891.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\BMbf80e9d2.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMbf80e9d2.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 14 / 22
remy
21 déc. 2009 à 18:53
sa a l'air d'etre parti je te remerci beaucoup pour ton aide Xplode
0
Réponse 15 / 22
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
22 déc. 2009 à 12:45
Mais on a pas terminé, refais moi un rapport ZHPDiag.
0
Réponse 16 / 22
remy
22 déc. 2009 à 14:00
et voila
http://www.cijoint.fr/cjlink.php?file=cj200912/cijTvuhAfN.txt
0
Réponse 17 / 22
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
22 déc. 2009 à 14:02
-+-+-+-> SuperAntiSpyware <-+-+-+-


[x] Télécharge SuperAntiSpyware.

[x] Installe le avec les paramètres par défaut.

[x] A la fin de l'installation, il se lancera et te demandera de choisir la langue du programme, choisis français.

[x] Le programme te proposera ensuite de le mettre à jour, fait le.

[x] Un assistant de configuration s'ouvrira, fais suivant en laissant les paramètres par défaut

[x] SuperAntiSpyware s'ouvrira. Clique sur " Scanner votre ordinateur ".

[x] Coche " Executer scan complet " et clique sur " Suivant ".

[x] Laisse le scan s'opérer.

[x] A la fin du scan, vérifie que tout est coché puis clique sur " Suivant "

[x] Clique ensuite sur terminer, puis clique sur " Préférences ".

[x] Va à l'onglet " Statistiques/Journaux de bord " , séléctionne celui en date d'aujourd'hui puis clique sur " Voir le journal de bord "

[x] Copie/Colle son contenu dans ton prochain message.

[x] Note : tu peux vider la quarantaine ( " La gestion de la quarantaine " au menu principal )
0
Réponse 18 / 22
remy
22 déc. 2009 à 14:02
je l'ai deja fait avant ?
0
Réponse 19 / 22
diurnambule59 Messages postés 329 Date d'inscription mercredi 3 décembre 2008 Statut Membre Dernière intervention 1 juin 2012 67
22 déc. 2009 à 14:07
en resumer va dans ton antivirus pour ma part c avira, et fait des scans antivirus juska ske le resultat est de 0, sa va plus vite :/ a dire comme sa XD
0
Réponse 20 / 22
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
22 déc. 2009 à 14:17
Refais le.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
impossible de me connecter a msn hotmail
Regis -
marino_u -

4 réponses