Sujet Précédent Sujet Suivant

Tentative de modif du registre continuelle ..

Bjornbjorn Messages postés 13 Statut Membre -
afideg Messages postés 10970 Statut Contributeur sécurité - 28 mars 2007 à 19:13

Bonsoir, mon problème est le suivant :
Tout d'abord, des pages internet se lancent toutes seules et vont vers des sites de peuso-nettoyage de virus, ou encore vers des sites de casino...
J'ai alors installé Spybot qui m'a immédiatement averti d'une tentative de modification du registre à savoir "lbfezxnsqg" et il s'avère que Spybot m'affiche sans arret des alertes depuis que j'ai bloqué cette tentative, ce qui est très genant. Les pop up des sites douteux apparaissent toujours.
J'ai alors décidé de faire un rapport Hijackthis, mais comme je ne sais pas l'analyser, je vous le montre en espérant que vous pourrez m'aider :

Logfile of HijackThis v1.99.1
Scan saved at 20:11:31, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\acovcnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

Merci de prendre un peu de temps pour mon cas ...

Olivier.

Afficher la suite

A voir également:

Tentative de modif du registre continuelle ..
Editeur de registre - Guide
Suivi de modification word - Guide
Modificateur de voix - Guide
Un mot est caché dans l’en-tête du document. pour le trouver, modifiez sa couleur. - Forum Word
Un mot est caché dans l'en-tête du document. pour le trouver, modifiez sa couleur. ✓ - Forum Word

25 réponses

Réponse 21 / 25

afideg Messages postés 10970 Statut Contributeur sécurité 602

Bonsoir BjornBjorn

Je suis perplexe.

1°- Il manque le rapport situé ici C:\egd.txt

2°- Ce rapport HJT me présente des anomalies sur 60% . ???

3°- Désinstalle le sponsor d'msn + en suivant les instructions de ce lien < https://1map.com/fr/astwindscom >

Fais démarrer>>panneau de configuration>>ajout/suppr de programme et clique une fois sur celui là:
MessengerPlus! 3
-Clique sur le bouton "Modifier/Supprimer"
-Sélectionne la 1ère option : "Désinstaller le sponsor uniquement".
-Clique ensuite sur "Désinstaller"
Comme ça tu peux toujours utiliser ton programme mais sans être pollué de tout un tas de cochonneries.

Vous serez sans doute amené à réinstaller WLM .
-Télécharger Windows Live Messenger Français 8 : < http://get.live.com/messenger/overview >
- Attention à ne pas cocher la case "J'accepte et j'installe le sponsor" lors de l'installation ! Ou si vous souhaitez encourager l'auteur (Patchou), vous pouvez mais bon, ça serait mieux de lui donner des euros directement...

4°- Accepterais-tu de refaire l'analyse Navipromo07H comme ceci, SVP ?

-Télécharge Navipromo07H.zip ici: - < http://perso.numericable.fr/~altshift/Info/Fichiers/Navipromo07H.zip > et décompresse-le sur le bureau.

Redémarrer en mode Sans Échec .

Lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.

Sélectionne l'option "Recherche et suppression automatique". Patiente.

S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé.

Lorsqu'il a terminé, copie le rapport dans un fichier texte ( que tu repères ) ; puis ferme le rapport qui s'est ouvert .

- Relance l'outil Navipromo.bat ,

Sélectionne l'option "Suppression Heuristique", et patiente quelques minutes.

Lorsqu'il a terminé, copie le rapport dans un fichier texte ( que tu repères ) ; puis ferme le rapport qui s'est ouvert .
Redémarrer en mode Normal

Poste-moi ces deux rapports.

5°- •- Télécharge Spyware Terminator 1.8.4.965 ici : < http://www.freewarefiles.com/program_9_206_18312.html >

Mettre à jour Update program&database file= mise à jour du programme et fichier de données de base

Choisir un scan déterminé en cliquant (clic gauche) une fois sur le petit rond > Full Spyware Scan = Scan complet

Puis on clique sur "start scan now"= démarrer le scan maintenant

Ensuite le programme va vous montrer les malwares qu'il aura trouvé(il se peut aussi qu'il n'y ait rien).
Mais dans le cas contraire vous aurez le choix, en allant sur "Move to"=déplacer vers > Destroy Parasites = Détruire les parasites

Sur le dernier onglet on peut lire: Last scan report = le rapport du dernier scan

À poster sur le forum SVP

6°- < Télécharge LopXPMH sur ton Bureau.
< http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2_Beta.zip
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier « lopxpMH.bat ».
Poste le contenu du rapport qui va s'ouvrir

Merci
Courage
Al.

Réponse 22 / 25

Bjornbjorn Messages postés 13 Statut Membre

JE N'AI PAS REUSSI A UTILISER NAVIPROMO ET FAIRE LA RECHERCHE ET SUPPRESSION AUTOMATIQUE : J'AI UN MESSAGE ME DISANT QUE LE FICHIER NAV.DAT EST INTROUVABLE DANS \SYSTEM32
JE N'AI DONC PAS PU FAIRE CETTE ETAPE.
DANS LE FICHIER LOG DE NAVIPROMO EST AFFICHE :
Fin du rapport de recherche
Adware Navipromo non trouvé avec cette méthode

----------

Rapport de Spyware Terminator :

Spyware Terminator Version: 1.8.4.965
Start time: 28/03/2007 00:40:48
System: Windows XP
User: Limited

Processes Scan
F:\WINDOWS\SYSTEM32\WINLOGON.EXE [Microsoft Corporation] F:\WINDOWS\SYSTEM32\ATI2EVXX.DLL [ATI Technologies Inc.],
F:\WINDOWS\SYSTEM32\ATI2EVXX.EXE [ATI Technologies Inc.] F:\WINDOWS\SYSTEM32\ATI2EDXX.DLL [ATI Technologies, Inc.], ATI2EDXX.DLL, F:\Program Files\McAfee.com\VSO\McVSSkt.Dll [McAfee, Inc.], F:\PROGRAM FILES\LOGITECH\SETPOINT\LGSCROLL.DLL [Logitech Inc.], F:\PROGRAM FILES\LOGITECH\SETPOINT\GAMEHOOK.DLL [Empty],
F:\WINDOWS\SYSTEM32\SPOOLSV.EXE [Microsoft Corporation] F:\WINDOWS\SYSTEM32\EBPMON24.DLL [SEIKO EPSON CORPORATION],
F:\WINDOWS\EXPLORER.EXE [Microsoft Corporation] McVSSkt.Dll, F:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll [McAfee Inc.], LGSCROLL.DLL, GAMEHOOK.DLL, F:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\SHELLEXECUTEHOOK.DLL [Anti-Malware Development a.s.], F:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated], F:\PROGRAM FILES\FICHIERS COMMUNS\AHEAD\LIB\NERODIGITALEXT.DLL [Nero AG], F:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL [Adobe Systems, Inc.], F:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM [CyberLink Corp.], F:\WINDOWS\SYSTEM32\MSDMO.DLL [Empty], F:\PROGRAM FILES\WINRAR\RAREXT.DLL [Empty], F:\PROGRAM FILES\NERO\NERO 7\NERO BACKITUP\NBSHELL.DLL [Nero AG], F:\Program Files\McAfee.com\VSO\mcvsshl.dll [McAfee, Inc.], F:\Program Files\McAfee.com\VSO\shlres.dll [McAfee, Inc.], F:\Program Files\PicaJet\PJExt.dll [Empty], F:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\CONTEXT.DLL [Anti-Malware Development a.s.], F:\WINDOWS\SYSTEM32\VSFILTER.DLL [Gabest], F:\WINDOWS\SYSTEM32\MPEG2DMX.AX [Moonlight Cordless Ltd.], F:\PROGRAM FILES\SATSUKI DECODER PACK\FILTRES\AVISPLITTER.AX [Gabest], F:\PROGRAM FILES\SAMSUNG\SAMSUNG PC STUDIO 3\FUNVIDEOCODECFILTER.AX [Mobile Leader], F:\PROGRAM FILES\SATSUKI DECODER PACK\FILTRES\FFDSHOW.AX [Empty], F:\WINDOWS\SYSTEM32\DIVXDEC.AX [DivXNetworks, Inc.],
F:\WINDOWS\SYSTEM32\ACS.EXE [Empty] F:\WINDOWS\SYSTEM32\ATHCFG11.DLL [Atheros], F:\WINDOWS\SYSTEM32\ATHCFG11RES.DLL [Atheros Communications, Inc.], F:\WINDOWS\SYSTEM32\AEGISE5.DLL [Meetinghouse Data Communications],
F:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE [Anti-Malware Development a.s.] ENGINE.DLL [Anti-Malware Development a.s.],
F:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE [Executive Software International, Inc.] F:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\TL32V20.DLL [Preview Software Inc], DKLIB.DLL [Executive Software International, Inc.], DKRES.DLL [Executive Software International, Inc.],
F:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDETECT.EXE [McAfee, Inc]
F:\Program Files\McAfee.com\VSO\McShield.exe [McAfee Inc.] McShield.dll [McAfee Inc.], ftl.dll [McAfee Inc.], F:\Program Files\McAfee.com\VSO\naiann.dll [McAfee, Inc.], mytilus.dll [McAfee Inc.], F:\PROGRAM FILES\MCAFEE.COM\VSO\MCSCAN32.DLL [McAfee, Inc.], F:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGNTPS.DLL [McAfee, Inc], F:\Program Files\McAfee.com\VSO\naiannps.dll [McAfee, Inc], F:\Program Files\McAfee.com\VSO\mcvsps.dll [McAfee, Inc],
F:\Program Files\McAfee.com\Agent\McTskshd.exe [McAfee, Inc]
F:\Program Files\McAfee.com\VSO\oasclnt.exe [McAfee, Inc.] MCAGNTPS.DLL, naiannps.dll, mcvsps.dll, McVSSkt.Dll, GAMEHOOK.DLL, LGSCROLL.DLL,
F:\Program Files\McAfee.com\VSO\mcvsshld.exe [McAfee, Inc.] VSCFGW32.DLL [McAfee, Inc.], ashldres.dll [McAfee, Inc.], f:\program files\mcafee.com\agent\submgr\6,0,0,16\mcsubmgr.dll [McAfee, Inc], MCAGNTPS.DLL, mcvsps.dll, McVSSkt.Dll, LGSCROLL.DLL, GAMEHOOK.DLL, f:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll [McAfee, Inc], MSKOEPlg.dll,
F:\Program Files\McAfee.com\Personal Firewall\MPFSERVICE.EXE [McAfee Corporation] F:\WINDOWS\SYSTEM32\MPFAPI.DLL [McAfee],
F:\Program Files\McAfee.com\VSO\McVSEscn.exe [McAfee, Inc.] ashldres.dll, emscnres.dll [McAfee, Inc.], vsoupd.dll [McAfee, Inc.], McVSSkt.Dll, mcvsworm.dll [McAfee, Inc.], VSCFGW32.DLL, wormres.dll [McAfee, Inc.], MCAGNTPS.DLL, GAMEHOOK.DLL, LGSCROLL.DLL,
F:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE [McAfee, Inc] SCRES.DLL [McAfee, Inc], MCAGNTPS.DLL, McVSSkt.Dll, LGSCROLL.DLL, GAMEHOOK.DLL,
F:\Program Files\McAfee\SpamKiller\MSKSrvr.exe [McAfee Inc.] F:\Program Files\McAfee\SpamKiller\borlndmm.dll [Borland Software Corporation], F:\Program Files\McAfee\SpamKiller\MSKRescs.dll [McAfee, Inc.], F:\Program Files\McAfee\SpamKiller\McABImp.dll [McAfee, Inc.], mcsubmgr.dll,
F:\WINDOWS\RTHDCPL.EXE [Realtek Semiconductor Corp.] MSKOEPlg.dll, LGSCROLL.DLL, GAMEHOOK.DLL, McVSSkt.Dll,
F:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE [ATI Technologies Inc.] F:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\MSCORLIB\1.0.5000.0__B77A5C561934E089_18F5A7B6\MSCORLIB.DLL [Empty], F:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.WINDOWS.FORMS\1.0.5000.0__B77A5C561934E089_D56BD228\SYSTEM.WINDOWS.FORMS.DLL [Empty], CLI.IMPLEMENTATION.DLL [ATI Technologies Inc.], LOG.FOUNDATION.DLL [ATI Technologies Inc.], CLI.FOUNDATION.DLL [ATI Technologies Inc.], LOG.FOUNDATION.SERVICE.DLL [ATI Technologies Inc.], LOG.FOUNDATION.SHARED.DLL [ATI Technologies Inc.], F:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM\1.0.5000.0__B77A5C561934E089_F8D46EAB\SYSTEM.DLL [Empty], CLI.FOUNDATION.XMANIFESTATION.DLL [ATI Technologies Inc.], F:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.XML\1.0.5000.0__B77A5C561934E089_A0EFFB32\SYSTEM.XML.DLL [Empty], CLI.COMPONENT.RUNTIME.DLL [ATI Technologies Inc.], ATICCCOM.DLL [ATI Technologies Inc.], AEM.FOUNDATION.DLL [ATI Technologies Inc.], F:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.DRAWING\1.0.5000.0__B03F5F7F11D50A3A_BBD4A141\SYSTEM.DRAWING.DLL [Empty], MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, CLI.CASTE.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.CASTE.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.COMPONENT.RUNTIME.SHARED.DLL [ATI Technologies Inc.], DEM.FOUNDATION.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMOSINFO.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMOSADAPTERINFO.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMATIADAPTERINFO.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDRIVERSETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DISPLAYSMANAGER.SHARED.DLL [ATI Technologies Inc.], ATIDEMGR.DLL [ATI Technologies Inc.], McVSSkt.Dll, DEM.GRAPHICS.DEMOSMODEINFO.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMATIDISPLAYSMANAGERSETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMVERYLARGEDESKTOPSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.MULTIVPU2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.MULTIVPU2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.MULTIVPU.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.MULTIVPU.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.VERYLARGEDESKTOP.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.VERYLARGEDESKTOP.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.RADEON3D.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.RADEON3DLEGACY.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSCOLOUR2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSCOLOUR2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDISPLAYSCOLOURSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSCOLOUR.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSCOLOUR.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.MMVIDEO.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.MMVIDEO.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.MMDEINTLACINGSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.VIDEOOVERLAY.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.VIDEOOVERLAY.GRAPHICS.RUNTIME.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.VIDEOOVERLAY.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.SMARTGART.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMSMARTGARTSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.VPURECOVER.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.VPURECOVER.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.WORKSTATIONCONFIG.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECRT.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECRT2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICELCD.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICELCD.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICELCD2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICELCD2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECV.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECV.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.CUSTOMFORMATS.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECV2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECV2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICETV2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICETV.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEDFP.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEDFP.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEDFP2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEDFP2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.OVERDRIVE3.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.OVERDRIVE3.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.OVERDRIVE2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMOVERDRIVESETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.POWERPLAY3.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.POWERPLAY3.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMPOWERPLAYSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSOPTIONS.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.INTEGRATEDUMAFRAMEBUFFER.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.INFOCENTRE.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.INFOCENTRE.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.HOTKEYSHANDLING.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], CLI.ASPECT.HOTKEYSHANDLING.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMMULTIVPUSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.RADEON3D.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.RADEON3DLEGACY.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.MMOVERLAYSETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMVIDEOTHEATERMODESETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.VIDEOOVERLAY.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMVIDEOOVERLAYSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.SMARTGART.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMVPURECOVERINFO.DLL [ATI Technologies Inc.], CLI.ASPECT.WORKSTATIONCONFIG.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.WORKSTATIONSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECRT.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEPROPERTY.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICECRTSETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICECOMMONSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECRT2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEPROPERTY2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICECOMMON2SETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEPROPERTY2.GRAPHICS.RUNTIME.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICELCDSETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICECOMPONENTVIDEOSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICETV2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICETV2SETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICETV.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICETVSETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICEDFPSETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDEVICEDFP2SETTINGS.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMOVERDRIVE3SETTINGS.DLL [ATI Technologies Inc.], ATI2EDXX.DLL, CLI.ASPECT.OVERDRIVE2.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSOPTIONS.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMDISPLAYSMANAGEROPTIONSSETTINGS.DLL [ATI Technologies Inc.], CLI.ASPECT.INTEGRATEDUMAFRAMEBUFFER.GRAPHICS.SHARED.DLL [ATI Technologies Inc.], DEM.GRAPHICS.DEMUMAFRAMEBUFFERSETTINGS.DLL [ATI Technologies Inc.], APM.FOUNDATION.DLL [ATI Technologies Inc.], SHELLEXECUTEHOOK.DLL, MSCORLIB.DLL, MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, SYSTEM.WINDOWS.FORMS.DLL, CLI.IMPLEMENTATION.DLL, LOG.FOUNDATION.DLL, CLI.FOUNDATION.DLL, LOG.FOUNDATION.SERVICE.DLL, LOG.FOUNDATION.SHARED.DLL, SYSTEM.DLL, CLI.FOUNDATION.XMANIFESTATION.DLL, SYSTEM.XML.DLL, CLI.COMPONENT.SYSTEMTRAY.DLL [ATI Technologies Inc.], CLI.CASTE.GRAPHICS.SHARED.DLL, CLI.COMPONENT.RUNTIME.DLL, ATICCCOM.DLL, DEM.GRAPHICS.DISPLAYSMANAGER.SHARED.DLL, AEM.FOUNDATION.DLL, APM.FOUNDATION.DLL, SYSTEM.DRAWING.DLL, CLI.COMPONENT.SYSTEMTRAY.RESOURCES.DLL [ATI Technologies Inc.], McVSSkt.Dll, MSCORLIB.DLL, MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, SYSTEM.WINDOWS.FORMS.DLL, CLI.IMPLEMENTATION.DLL, LOG.FOUNDATION.DLL, CLI.FOUNDATION.DLL, LOG.FOUNDATION.SERVICE.DLL, LOG.FOUNDATION.SHARED.DLL, SYSTEM.DLL, CLI.FOUNDATION.XMANIFESTATION.DLL, SYSTEM.XML.DLL, CLI.COMPONENT.DASHBOARD.DLL [ATI Technologies Inc.], CLI.FOUNDATION.CLIENTS.DLL [ATI Technologies Inc.], CLI.COMPONENT.DASHBOARD.SHARED.DLL [ATI Technologies Inc.], CLI.COMPONENT.RUNTIME.DLL, ATICCCOM.DLL, CLI.CASTE.GRAPHICS.SHARED.DLL, AEM.FOUNDATION.DLL, DEM.GRAPHICS.DISPLAYSMANAGER.SHARED.DLL, CLI.CASTE.LOCAL.DASHBOARD.DLL [ATI Technologies Inc.], CLI.CASTE.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.CASTE.GRAPHICS.DASHBOARD.SHARED.DLL [ATI Technologies Inc.], SYSTEM.DRAWING.DLL, CLI.ASPECT.WELCOME.LOCAL.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.INFOCENTRE.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSMANAGER.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.VERYLARGEDESKTOP.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSOPTIONS.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECRT.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECRT2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICELCD.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICELCD2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECV.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICECV2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICETV2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICETV.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEDFP.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DEVICEDFP2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.RADEON3D.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.RADEON3DLEGACY.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSCOLOUR2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.DISPLAYSCOLOUR.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.MMVIDEO.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.VIDEOOVERLAY.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.POWERPLAY3.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.SMARTGART.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.VPURECOVER.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.WORKSTATIONCONFIG.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.OVERDRIVE3.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.OVERDRIVE2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.INTEGRATEDUMAFRAMEBUFFER.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.MULTIVPU2.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.MULTIVPU.GRAPHICS.DASHBOARD.DLL [ATI Technologies Inc.], CLI.ASPECT.INFOCENTRE.GRAPHICS.SHARED.DLL, CLI.ASPECT.HOTKEYSHANDLING.GRAPHICS.SHARED.DLL, CLI.ASPECT.VERYLARGEDESKTOP.GRAPHICS.SHARED.DLL, CLI.ASPECT.DISPLAYSOPTIONS.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICECRT.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICEPROPERTY.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICECRT2.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICEPROPERTY2.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICELCD.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICELCD2.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICECV.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICECV2.GRAPHICS.SHARED.DLL, CLI.ASPECT.CUSTOMFORMATS.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICETV2.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICETV.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICEDFP.GRAPHICS.SHARED.DLL, CLI.ASPECT.DEVICEDFP2.GRAPHICS.SHARED.DLL, CLI.ASPECT.RADEON3D.GRAPHICS.SHARED.DLL, CLI.ASPECT.RADEON3DLEGACY.GRAPHICS.SHARED.DLL, CLI.ASPECT.DISPLAYSCOLOUR2.GRAPHICS.SHARED.DLL, CLI.ASPECT.DISPLAYSCOLOUR.GRAPHICS.SHARED.DLL, CLI.ASPECT.MMVIDEO.GRAPHICS.SHARED.DLL, CLI.ASPECT.VIDEOOVERLAY.GRAPHICS.SHARED.DLL, CLI.ASPECT.POWERPLAY3.GRAPHICS.SHARED.DLL, CLI.ASPECT.SMARTGART.GRAPHICS.SHARED.DLL, CLI.ASPECT.VPURECOVER.GRAPHICS.SHARED.DLL, CLI.ASPECT.WORKSTATIONCONFIG.GRAPHICS.SHARED.DLL, CLI.ASPECT.OVERDRIVE3.GRAPHICS.SHARED.DLL, CLI.ASPECT.OVERDRIVE2.GRAPHICS.SHARED.DLL, CLI.ASPECT.INTEGRATEDUMAFRAMEBUFFER.GRAPHICS.SHARED.DLL, CLI.ASPECT.MULTIVPU2.GRAPHICS.SHARED.DLL, CLI.ASPECT.MULTIVPU.GRAPHICS.SHARED.DLL, McVSSkt.Dll,
F:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe [McAfee Security] LOCALIZED.DLL [McAfee Security], MPFAPI.DLL, mcsubmgr.dll, MCAGNTPS.DLL, MSKOEPlg.dll, LGSCROLL.DLL, GAMEHOOK.DLL, McVSSkt.Dll,
F:\Program Files\McAfee\SpamKiller\MSKAgent.exe [McAfee Inc.] MCAGNTPS.DLL, MSKOEPlg.dll, LGSCROLL.DLL, McVSSkt.Dll, F:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUSLOADER1.DLL [Patchou], GAMEHOOK.DLL,
F:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE [Sun Microsystems, Inc.]
F:\PROGRAM FILES\ASUS\ASUS DH REMOTE\ASRC.EXE [Empty] MSKOEPlg.dll, AINAP.DLL [Empty], McVSSkt.Dll, GAMEHOOK.DLL, LGSCROLL.DLL,
F:\PROGRAM FILES\WINAMP\WINAMPA.EXE [Empty] F:\PROGRAM FILES\WINAMP\NSCRT.DLL [Nullsoft, Inc.], MSKOEPlg.dll, McVSSkt.Dll, GAMEHOOK.DLL, LGSCROLL.DLL,
F:\PROGRAM FILES\MESSENGER\MSMSGS.EXE [Microsoft Corporation] MSKOEPlg.dll, McVSSkt.Dll, LGSCROLL.DLL, GAMEHOOK.DLL,
F:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE [Safer Networking Limited] MSKOEPlg.dll, ADVCHECK.DLL [Safer Networking Limited], LGSCROLL.DLL, McVSSkt.Dll, GAMEHOOK.DLL,
F:\PROGRAM FILES\ASUS\ASUS DH REMOTE\ASDHREMOTE.EXE [T-wins] MSKOEPlg.dll, McVSSkt.Dll, GAMEHOOK.DLL, LGSCROLL.DLL,
F:\PROGRAM FILES\SERV-U\SERVUDAEMON.EXE [Cat Soft] F:\PROGRAM FILES\SERV-U\LIBEAY32.DLL [Empty], F:\PROGRAM FILES\SERV-U\SSLEAY32.DLL [Empty],
F:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICE.EXE [Rocket Division Software]
F:\PROGRAM FILES\GOOGLE\GOOGLE TALK\GOOGLETALK.EXE [Google] MSKOEPlg.dll, LGSCROLL.DLL, GAMEHOOK.DLL, McVSSkt.Dll,
F:\WINDOWS\SYSTEM32\CTFMON.EXE [Microsoft Corporation] MSKOEPlg.dll, McVSSkt.Dll, LGSCROLL.DLL, GAMEHOOK.DLL,
F:\Program Files\McAfee.com\VSO\mcvsftsn.exe [McAfee, Inc.] VSCFGW32.DLL, MSKOEPlg.dll, mcsubmgr.dll, McVSSkt.Dll, MCAGNTPS.DLL, GAMEHOOK.DLL, LGSCROLL.DLL, vsoupd.dll, mcuicfg.dll,
F:\PROGRAM FILES\WINTV\IR.EXE [Hauppauge Computer Works] HCWUTL32.DLL [Hauppauge Computer Works], MSKOEPlg.dll, IRREMOTE.DLL [Hauppauge Computer Works], McVSSkt.Dll, LGSCROLL.DLL, GAMEHOOK.DLL,
F:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE [Logitech Inc.] KEMUTIL.DLL [Logitech Inc.], SETPOINTCOM.DLL [Logitech Inc.], KEMUTB.DLL [Logitech Inc.], F:\PROGRAM FILES\LOGITECH\SETPOINT\KGAME.DLL [TODO: <Company name>], KEMWND.DLL [Logitech Inc.], GAMEHOOK.DLL, KEMXML.DLL [Logitech Inc.], LGSCROLL.DLL, MSKOEPlg.dll, MACROCORE.DLL [Logitech Inc.], KHALAPI.DLL [Logitech Inc.], McVSSkt.Dll, LCABHANDLER.DLL [Logitech Inc.], KEMHOOK.DLL [Logitech Inc.], WEBCOLPS.DLL [Logitech Inc.],
F:\PROGRAM FILES\NETGEAR\WPN311\WLANCFG5.EXE [Empty] WLANDLL.DLL [Empty], ATHCFG11.DLL, ATHCFG11RES.DLL, F:\PROGRAM FILES\NETGEAR\WPN311\WCAPI.DLL [Atheros], F:\PROGRAM FILES\NETGEAR\WPN311\WGAPI.DLL [Atheros],
F:\PROGRAM FILES\CASIO\PHOTO LOADER\PLAUTO.EXE [CASIO COMPUTER CO.,LTD.] MSKOEPlg.dll, LGSCROLL.DLL, McVSSkt.Dll, GAMEHOOK.DLL,
F:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\KHAL\KHALMNPR.EXE [Logitech Inc.] KHALAPI.DLL, MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, KHALITCH.DLL [Logitech Inc.], KHALMW.DLL [Logitech Inc.], KHALHPP.DLL [Logitech Inc.], McVSSkt.Dll,
F:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe [McAfee Security] MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, LOCALIZED.DLL, McVSSkt.Dll, MCAGNTPS.DLL,
F:\WINDOWS\SYSTEM32\WSCNTFY.EXE [Microsoft Corporation] MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, McVSSkt.Dll,
F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\FIREFOX.EXE [Mozilla Corporation] F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\JS3250.DLL [Netscape Communications Corporation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\NSPR4.DLL [Netscape Communications Corporation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\XPCOM_CORE.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\PLC4.DLL [Netscape Communications Corporation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\PLDS4.DLL [Netscape Communications Corporation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\SMIME3.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\NSS3.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\SOFTOKN3.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\SSL3.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\XPCOM_COMPAT.DLL [Mozilla Foundation], MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\COMPONENTS\MYSPELL.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\COMPONENTS\JAR50.DLL [Mozilla Foundation], McVSSkt.Dll, F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\FREEBL3.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\NSSCKBI.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\COMPONENTS\SPELLCHK.DLL [Mozilla Foundation], F:\PROGRAM FILES\MOZILLA FIREFOX 2 BETA 1\PLUGINS\NPSWF32.DLL [Empty], F:\WINDOWS\SYSTEM32\MACROMED\COMMON\SWSUPPORT.DLL [Adobe Systems, Inc.],
F:\DOCUMENTS AND SETTINGS\BJORN\BUREAU\PROJETQCMF.EXE [XPSP2] MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, McVSSkt.Dll,
F:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE [Microsoft Corporation] F:\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL [Patchou], F:\PROGRAM FILES\MESSENGER PLUS! LIVE\MSGPLUSLIVE.DLL [Patchou], F:\PROGRAM FILES\MESSENGER PLUS! LIVE\DETOURED.DLL [Empty], MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, F:\PROGRAM FILES\MESSENGER PLUS! LIVE\MSGPLUSLIVERES.DLL [Patchou], McVSSkt.Dll, F:\PROGRAM FILES\MESSENGER PLUS! LIVE\MPSCRIPTS.DLL [Empty], F:\Program Files\McAfee.com\VSO\mcvsscrp.dll [McAfee, Inc.], F:\Program Files\McAfee.com\VSO\scrpres.dll [McAfee, Inc.], mcuicfg.dll, MSDMO.DLL, F:\WINDOWS\SYSTEM32\HCWECP.AX [Hauppauge Computer Works, Inc.],
F:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATOR.EXE [Crawler.com] MSKOEPlg.dll, GAMEHOOK.DLL, LGSCROLL.DLL, McVSSkt.Dll, SHELLEXECUTEHOOK.DLL,

Startup Scan

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"MessengerPlus3" = "F:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE" [ Patchou ]
"MSMSGS" = "F:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" [ Microsoft Corporation ]
"SpybotSD TeaTimer" = "F:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE" [ Safer Networking Limited ]
"googletalk" = "F:\PROGRAM FILES\GOOGLE\GOOGLE TALK\GOOGLETALK.EXE" [ Google ]
"ctfmon.exe" = "F:\WINDOWS\SYSTEM32\CTFMON.EXE" [ Microsoft Corporation ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"RTHDCPL" = "F:\WINDOWS\RTHDCPL.EXE" [ Realtek Semiconductor Corp. ]
"JMB36X Configure" = "F:\WINDOWS\SYSTEM32\JMRAIDTOOL.EXE" [ JMicron Technology Corp. ]
"ATICCC" = "F:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE" [ ATI Technologies Inc. ]
"MPFExe" = "F:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe" [ McAfee Security ]
"MCAgentExe" = "F:\Program Files\McAfee.com\Agent\mcagent.exe" [ McAfee, Inc ]
"MCUpdateExe" = "F:\Program Files\McAfee.com\Agent\mcupdate.exe" [ McAfee, Inc ]
"VSOCheckTask" = "F:\Program Files\McAfee.com\VSO\mcmnhdlr.exe" [ McAfee, Inc. ]
"VirusScan Online" = "F:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE" [ McAfee, Inc. ]
"OASClnt" = "F:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE" [ McAfee, Inc. ]
"MSKAGENTEXE" = "F:\Program Files\McAfee\SpamKiller\MSKAgent.exe" [ McAfee Inc. ]
"MSKDetectorExe" = "F:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ McAfee, Inc. ]
"SunJavaUpdateSched" = "F:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE" [ Sun Microsystems, Inc. ]
"Ai Quicker Help" = "F:\PROGRAM FILES\ASUS\ASUS DH REMOTE\ASRC.EXE" [ Empty ]
"NeroFilterCheck" = "F:\WINDOWS\SYSTEM32\NEROCHECK.EXE" [ Ahead Software Gmbh ]
"msnsyslog" = "F:\WINDOWS\msnlogm.exe" [ file not found ]
"WinampAgent" = "F:\PROGRAM FILES\WINAMP\WINAMPA.EXE" [ Empty ]
"Logitech Hardware Abstraction Layer" = "F:\WINDOWS\KHALMNPR.EXE" [ Logitech Inc. ]

Toolbars Scan
McAfee VirusScan {BA52B914-B692-46c4-B683-905236F6F655} F:\Program Files\McAfee.com\VSO\mcvsshl.dll [McAfee, Inc.]

BHO Scan
AcroIEHlprObj Class {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} F:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated]
McAfee AntiPhishing Filter {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} F:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL [McAfee, Inc.]
SSVHelper Class {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} F:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL [Sun Microsystems, Inc.]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [file not found]
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [file not found]
{85d1f590-48f4-11d9-9669-0800200c9a66} [file not found]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [file not found]
{FB5F1910-F110-11d2-BB9E-00C04F795683} [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Extension Affichage Panorama du Panneau de configuration (deskpan.dll) [file not found]
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Extensions de l'environnement de compression de fichiers () [file not found]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu contextuel de cryptage () [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Extension icône HyperTerminal (F:\WINDOWS\SYSTEM32\HTICONS.DLL) [Hilgraeve, Inc.]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barre des tâches et menu Démarrer () [file not found]
{30D02401-6A81-11d0-8274-00C04FD5AE38} = IE Search Band (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} = Shell DocObject Viewer (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{FBF23B40-E3F0-101B-8488-00AA003E56F8} = InternetShortcut (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} = Microsoft Url History Service (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{FF393560-C2A7-11CF-BFF4-444553540000} = History (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} = Temporary Internet Files (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} = Temporary Internet Files (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = Microsoft Url Search Hook (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} = The Internet (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{871C5380-42A0-1069-A2EA-08002B30309D} = Internet Name Space (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Autoplay for SlideShow (F:\WINDOWS\SYSTEM32\SHIMGVW.DLL) [Microsoft Corporation]
{7A9D77BD-5403-11d2-8785-2E0420524153} = Comptes d'utilisateurs () [file not found]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension (F:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\ATIACMXX.DLL) [Empty]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension (F:\PROGRAM FILES\WINRAR\RAREXT.DLL) [Empty]
{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler (F:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL) [Microsoft Corporation]
{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler (F:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL) [Microsoft Corporation]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler (F:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL) [Microsoft Corporation]
{B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler (F:\PROGRAM FILES\FICHIERS COMMUNS\AHEAD\LIB\NERODIGITALEXT.DLL) [Nero AG]
{7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler (F:\PROGRAM FILES\FICHIERS COMMUNS\AHEAD\LIB\NERODIGITALEXT.DLL) [Nero AG]
{32020A01-506E-484D-A2A8-BE3CF17601C3} = AlcoholShellEx (F:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll) [Alcohol Soft Development Team]
{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices (F:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{cc86590a-b60a-48e6-996b-41d25ed39a1e} = Portable Media Devices Menu (F:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player (F:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL) [RealNetworks, Inc.]
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} = Messenger Sharing Folders (F:\PROGRAM FILES\MSN MESSENGER\FSSHEXT.8.1.0178.00.DLL) [Microsoft Corporation]
{07C45BB1-4A8C-4642-A1F5-237E7215FF66} = IE Microsoft BrowserBand (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{1C1EDB47-CE22-4bbb-B608-77B48F83C823} = IE Fade Task (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{205D7A97-F16D-4691-86EF-F3075DCCA57D} = IE Menu Desk Bar (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{3028902F-6374-48b2-8DC6-9725E775B926} = IE AutoComplete (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{43886CD5-6529-41c4-A707-7B3C92C05E68} = IE Navigation Bar (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{44C76ECD-F7FA-411c-9929-1B77BA77F524} = IE Menu Site (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{4B78D326-D922-44f9-AF2A-07805C2A3560} = IE Menu Band (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{6038EF75-ABFC-4e59-AB6F-12D397F6568D} = IE Microsoft History AutoComplete List (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} = IE Tracking Shell Menu (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{6CF48EF8-44CD-45d2-8832-A16EA016311B} = IE IShellFolderBand (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{73CFD649-CD48-4fd8-A272-2070EA56526B} = IE BandProxy (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} = IE MRU AutoComplete List (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} = IE RSS Feeder Folder (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} = IE Microsoft Shell Folder AutoComplete List (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{B31C5FAE-961F-415b-BAF0-E697A5178B94} = IE Microsoft Multiple AutoComplete List Container (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} = Microsoft Browser Architecture (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} = IE Shell Rebar BandSite (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{E6EE9AAC-F76B-4947-8260-A9F136138E11} = IE Shell Band Site Menu (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{F2CF5485-4E02-4f68-819C-B92DE9277049} = &Links (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} = IE Registry Tree Options Utility (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} = IE User Assist (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} = IE Custom MRU AutoCompleted List (F:\WINDOWS\SYSTEM32\IEFRAME.DLL) [Microsoft Corporation]
{BD88A479-9623-4897-8546-BC62B9628F44} = SPTHandler (F:\PROGRAM FILES\SPYWARE TERMINATOR\SPTCONTMENU.DLL) [Crawler.com]

Winlogon Notify Scan
AtiExtEvent = Ati2evxx.dll (F:\WINDOWS\system32\ATI2EVXX.DLL) [ATI Technologies Inc.]

Services Scan
"ACS" = F:\WINDOWS\SYSTEM32\ACS.EXE [Empty]
"AegisP" = F:\WINDOWS\SYSTEM32\DRIVERS\AEGISP.SYS [Meetinghouse Data Communications]
"AR5211" = F:\WINDOWS\SYSTEM32\DRIVERS\WPN311.SYS [Atheros Communications, Inc.]
"AsIO" = F:\WINDOWS\SYSTEM32\DRIVERS\ASIO.SYS [Empty]
"aslm75" = F:\WINDOWS\SYSTEM32\DRIVERS\ASLM75.SYS [Empty]
"Ati HotKey Poller" = F:\WINDOWS\SYSTEM32\ATI2EVXX.EXE [ATI Technologies Inc.]
"ATI Smart" = F:\WINDOWS\SYSTEM32\ATI2SGAG.EXE [Empty]
"ati2mtag" = F:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS [ATI Technologies Inc.]
"atinevxx" = F:\WINDOWS\SYSTEM32\DRIVERS\ATINEVXX.SYS [ATI Technologies Inc.]
"AVG Anti-Spyware Driver" = F:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS [Empty]
"AVG Anti-Spyware Guard" = F:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE [Anti-Malware Development a.s.]
"AvgAsCln" = F:\WINDOWS\SYSTEM32\DRIVERS\AVGASCLN.SYS [GRISOFT, s.r.o.]
"Diskeeper" = F:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE [Executive Software International, Inc.]
"dmboot" = F:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [Microsoft Corp., Veritas Software]
"dmio" = F:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [Microsoft Corp., Veritas Software]
"dmload" = F:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [Microsoft Corp., Veritas Software.]
"ElbyCDIO" = F:\WINDOWS\SYSTEM32\DRIVERS\ELBYCDIO.SYS [Elaborate Bytes AG]
"ElbyDelay" = F:\WINDOWS\SYSTEM32\DRIVERS\ELBYDELAY.SYS [Elaborate Bytes AG]
"ENTECH" = F:\WINDOWS\SYSTEM32\DRIVERS\ENTECH.SYS [EnTech Taiwan]
"giveio" = F:\WINDOWS\SYSTEM32\GIVEIO.SYS [Empty]
"hamachi" = F:\WINDOWS\SYSTEM32\DRIVERS\HAMACHI.SYS [Applied Networking Inc.]
"HCW88BDA" = F:\WINDOWS\SYSTEM32\DRIVERS\HCW88BDA.SYS [Hauppauge Computer Works, Inc]
"hcw88rc5" = F:\WINDOWS\SYSTEM32\DRIVERS\HCW88RC5.SYS [Hauppauge Computer Works, Inc.]
"HCW88TSE" = F:\WINDOWS\SYSTEM32\DRIVERS\HCW88TSE.SYS [Hauppauge Computer Works, Inc]
"hcw88vid" = F:\WINDOWS\SYSTEM32\DRIVERS\HCW88VID.SYS [Hauppauge Computer Works, Inc]
"HDAudBus" = F:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS [Windows (R) Server 2003 DDK provider]
"IDriverT" = F:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE [Macrovision Corporation]
"InCDFs" = system32\drivers\InCDFs.sys [file not found]
"InCDPass" = system32\drivers\InCDPass.sys [file not found]
"InCDRm" = system32\drivers\InCDRm.sys [file not found]
"IntcAzAudAddService" = F:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS [Realtek Semiconductor Corp.]
"JGOGO" = F:\WINDOWS\SYSTEM32\DRIVERS\JGOGO.SYS [JMicron ]
"JRAID" = F:\WINDOWS\SYSTEM32\DRIVERS\JRAID.SYS [JMicron Technology Corp.]
"L8042mou" = F:\WINDOWS\SYSTEM32\DRIVERS\L8042MOU.SYS [Logitech, Inc.]
"LHidKe" = F:\WINDOWS\SYSTEM32\DRIVERS\LHIDKE.SYS [Logitech, Inc.]
"LHidUsbK" = F:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSBK.SYS [Logitech, Inc.]
"LMouKE" = F:\WINDOWS\SYSTEM32\DRIVERS\LMOUKE.SYS [Logitech, Inc.]
"LUsbKbd" = F:\WINDOWS\SYSTEM32\DRIVERS\LUSBKBD.SYS [Logitech, Inc.]
"McDetect.exe" = F:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDETECT.EXE [McAfee, Inc]
"McShield" = F:\Program Files\McAfee.com\VSO\McShield.exe [McAfee Inc.]
"McTskshd.exe" = F:\Program Files\McAfee.com\Agent\McTskshd.exe [McAfee, Inc]
"mcupdmgr.exe" = F:\Program Files\McAfee.com\Agent\mcupdmgr.exe [McAfee, Inc]
"MPFIREWL" = F:\WINDOWS\SYSTEM32\DRIVERS\MPFIREWALL.SYS [McAfee]
"MpfService" = F:\Program Files\McAfee.com\Personal Firewall\MPFSERVICE.EXE [McAfee Corporation]
"MskService" = F:\Program Files\McAfee\SpamKiller\MSKSrvr.exe [McAfee Inc.]
"MTsensor" = F:\WINDOWS\SYSTEM32\DRIVERS\ASACPI.SYS [Empty]
"MVDCODEC" = F:\WINDOWS\SYSTEM32\DRIVERS\ATINMDXX.SYS [ATI Technologies Inc.]
"NaiAvFilter1" = F:\WINDOWS\SYSTEM32\DRIVERS\NAIAVF5X.SYS [McAfee Inc.]
"NPF" = F:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS [CACE Technologies]
"oreans32" = F:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS [Empty]
"Ptilink" = F:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [Parallel Technologies, Inc.]
"PxHelp20" = F:\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS [Sonic Solutions]
"rpcapd" = F:\PROGRAM FILES\WINPCAP\RPCAPD.EXE [CACE Technologies]
"RTLWUSB" = F:\WINDOWS\SYSTEM32\DRIVERS\RTL8187.SYS [Realtek Semiconductor Corporation ]
"Secdrv" = F:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.]
"Serv-U" = F:\PROGRAM FILES\SERV-U\SERVUDAEMON.EXE [Cat Soft]
"SjyPkt" = F:\WINDOWS\SYSTEM32\DRIVERS\SJYPKT.SYS [Windows (R) 2000 DDK provider]
"speedfan" = F:\WINDOWS\SYSTEM32\SPEEDFAN.SYS [Windows (R) 2000 DDK provider]
"ssm_bus" = F:\WINDOWS\SYSTEM32\DRIVERS\SSM_BUS.SYS [MCCI]
"ssm_mdfl" = F:\WINDOWS\SYSTEM32\DRIVERS\SSM_MDFL.SYS [MCCI]
"ssm_mdm" = F:\WINDOWS\SYSTEM32\DRIVERS\SSM_MDM.SYS [MCCI]
"StarWindService" = F:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICE.EXE [Rocket Division Software]
"Vax347b" = F:\WINDOWS\SYSTEM32\DRIVERS\VAX347B.SYS [Empty]
"Vax347s" = F:\WINDOWS\SYSTEM32\DRIVERS\VAX347S.SYS [Empty]
"yukonwxp" = F:\WINDOWS\SYSTEM32\DRIVERS\YK51X86.SYS [Marvell]

Protocol Filters Scan
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (F:\WINDOWS\SYSTEM32\URLMON.DLL) [Microsoft Corporation]
text/xml = {807553E5-5146-11D5-A672-00B0D022E945} (F:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL) [Microsoft Corporation]

Hosts Scan
LOCALHOST mapping = 1

IE Scan
IERESET.INF missing Signature="$CHICAGO$"
IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"
IERESET.INF missing AddReg=RestoreHomePage.reg
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89*"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"
IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
IERESET.INF missing AddReg=RestoreBrowserSettings.reg
IERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.reg
IERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=7&ar=msnhome" or START_PAGE_URL="https://www.msn.com/fr-fr/"
IERESET.INF missing SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f" or SAFESITE_VALUE="ie.search.msn.com"
IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=7&ar=msnhome" or MS_START_PAGE_URL="https://www.msn.com/fr-fr/"
NavigationFailure = res://ieframe.dll/navcancl.htm HIJACK WARNING!
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm HIJACK WARNING!
NavigationCanceled = res://ieframe.dll/navcancl.htm HIJACK WARNING!
OfflineInformation = res://ieframe.dll/offcancl.htm HIJACK WARNING!
PostNotCached = res://ieframe.dll/repost.htm HIJACK WARNING!
NoAdd-ons = res://ieframe.dll/noaddon.htm HIJACK WARNING!
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm HIJACK WARNING!
SecurityRisk = res://ieframe.dll/securityatrisk.htm HIJACK WARNING!
Tabs = res://ieframe.dll/tabswelcome.htm HIJACK WARNING!

WinSock2 Scan
Protocol Entry 000000000006 = F:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\AppToPort.dll [file not found]

------------------------------

Rapport LopXPMH :

Rapport fait à 1:04:36,20 le 28/03/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\All Users\Application Data

03/09/2006 02:07 <REP> .
03/09/2006 02:07 <REP> ..
03/09/2006 00:39 <REP> Adobe
06/11/2006 20:52 <REP> CyberLink
02/01/2007 18:59 <REP> DVD Shrink
03/09/2006 01:01 <REP> McAfee
03/09/2006 00:58 <REP> McAfee.com
03/09/2006 00:58 <REP> McAfee.com Personal Firewall
02/09/2006 19:49 <REP> Messenger Plus!
03/09/2006 02:07 <REP> Microsoft
21/10/2006 21:19 <REP> Spybot - Search & Destroy
28/03/2007 00:36 <REP> Spyware Terminator
23/01/2007 11:02 <REP> Windows Genuine Advantage
03/09/2006 02:09 62 desktop.ini
07/12/2006 19:15 0 LauncherAccess.dt
2 fichier(s) 62 octets
13 R‚p(s) 14 456 647 680 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\Bjorn\Application Data

03/09/2006 00:21 <REP> .
03/09/2006 00:21 <REP> ..
04/09/2006 18:38 <REP> Adobe
04/09/2006 18:49 <REP> AdobeUM
03/09/2006 19:38 <REP> Ahead
03/09/2006 00:50 <REP> ATI
31/12/2006 19:38 <REP> Azureus
07/12/2006 19:19 <REP> ConvertTemp
06/11/2006 19:39 <REP> CyberLink
20/10/2006 18:50 <REP> Dev-Cpp
20/03/2007 15:57 <REP> DVD Shrink
21/10/2006 13:12 <REP> FunWebProducts
05/11/2006 20:36 <REP> Help
03/09/2006 00:21 <REP> Identities
21/10/2006 20:57 <REP> Lavasoft
08/10/2006 01:10 <REP> Logitech
02/09/2006 19:39 <REP> Macromedia
03/09/2006 00:59 <REP> McAfee.com Personal Firewall
03/09/2006 10:20 <REP> Media Player Classic
03/09/2006 00:21 <REP> Microsoft
02/09/2006 19:09 <REP> Mozilla
27/12/2006 20:03 <REP> Musicmatch
02/11/2006 20:32 <REP> Picajet.com
02/12/2006 20:47 <REP> Real
07/12/2006 19:19 <REP> Samsung
08/11/2006 12:07 <REP> SecuROM
19/10/2006 21:54 <REP> Sports Interactive
28/03/2007 00:36 <REP> Spyware Terminator
02/09/2006 19:42 <REP> Sun
13/10/2006 16:05 <REP> teamspeak2
08/11/2006 12:10 <REP> temp
07/12/2006 19:19 <REP> Temporary
07/12/2006 19:19 <REP> TransRender
17/10/2006 20:13 <REP> vlc
02/11/2006 16:04 <REP> Wireshark
03/09/2006 00:21 62 desktop.ini
1 fichier(s) 62 octets
35 R‚p(s) 14 456 647 680 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\Bjorn\Local Settings\Application Data

03/09/2006 00:21 <REP> .
03/09/2006 00:21 <REP> ..
04/09/2006 18:38 <REP> Adobe
03/09/2006 20:55 <REP> Ahead
03/09/2006 00:50 <REP> ApplicationHistory
03/09/2006 00:50 <REP> ATI
10/09/2006 16:23 <REP> Google
05/11/2006 20:36 <REP> Help
06/09/2006 15:58 <REP> Identities
03/09/2006 00:21 <REP> Microsoft
02/09/2006 19:09 <REP> Mozilla
27/12/2006 20:03 <REP> Musicmatch
04/09/2006 00:17 <REP> Oblivion
12/09/2006 13:45 <REP> QuickPar
03/09/2006 00:51 238 592 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
03/09/2006 00:50 128 fusioncache.dat
03/09/2006 00:50 45 128 GDIPFONTCACHEV1.DAT
03/12/2006 23:02 2 648 162 IconCache.db
4 fichier(s) 2 932 010 octets
14 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\Default User\Application Data

03/09/2006 02:07 <REP> .
03/09/2006 02:07 <REP> ..
03/09/2006 02:07 <REP> Microsoft
03/09/2006 02:09 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\Default User\Local Settings\Application Data

03/09/2006 02:09 <REP> .
03/09/2006 02:09 <REP> ..
03/09/2006 00:17 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\LocalService\Application Data

03/09/2006 00:20 <REP> .
03/09/2006 00:20 <REP> ..
03/09/2006 00:59 <REP> McAfee.com Personal Firewall
03/09/2006 00:20 <REP> Microsoft
0 fichier(s) 0 octets
4 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\LocalService\Local Settings\Application Data

03/09/2006 00:20 <REP> .
03/09/2006 00:20 <REP> ..
03/09/2006 00:20 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\NetworkService\Application Data

03/09/2006 00:20 <REP> .
03/09/2006 00:20 <REP> ..
03/09/2006 00:20 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Documents and Settings\NetworkService\Local Settings\Application Data

03/09/2006 00:20 <REP> .
03/09/2006 00:20 <REP> ..
03/09/2006 00:20 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\WINDOWS\system32\config\systemprofile\Application Data

03/09/2006 00:19 <REP> .
03/09/2006 00:19 <REP> ..
03/09/2006 00:19 <REP> Microsoft
03/09/2006 00:19 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 14 456 643 584 octets libres
Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

03/09/2006 00:19 <REP> .
03/09/2006 00:19 <REP> ..
03/09/2006 00:19 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 14 456 643 584 octets libres

******************************************
Recherche des taches planifiées dans F:\WINDOWS\tasks

F:\WINDOWS\Tasks\Spybot
Spybot inexploitable

******************************************
## Répertoires de F:\Program Files

Le volume dans le lecteur F s'appelle DD1
Le num‚ro de s‚rie du volume est F0DD-BEDF

R‚pertoire de F:\Program Files

28/03/2007 01:01 <REP> .
28/03/2007 01:01 <REP> ..
03/09/2006 00:39 <REP> Adobe
03/09/2006 11:38 <REP> Ahead
04/09/2006 14:03 <REP> Alcohol Soft
20/09/2006 11:09 <REP> ASUS
02/09/2006 19:08 <REP> ASUS WiFi-AP Solo
03/09/2006 00:47 <REP> ATI Technologies
26/12/2006 14:33 <REP> AviSynth 2.5
26/01/2007 16:09 <REP> Azureus
03/09/2006 23:19 <REP> Bethesda Softworks
22/10/2006 08:20 <REP> BulletProofSoft.com
27/03/2007 19:10 <REP> Cain
23/12/2006 12:26 <REP> CASIO
01/01/2007 20:43 <REP> Combined Community Codec Pack
03/09/2006 00:14 <REP> ComPlus Applications
06/11/2006 19:39 <REP> CyberLink
21/11/2006 13:22 <REP> DirectVobSub
10/10/2006 19:16 <REP> directx
01/01/2007 20:42 <REP> DScaler5
02/01/2007 18:59 <REP> DVD Shrink
04/01/2007 19:47 <REP> DVDlabPro2
08/11/2006 12:03 <REP> EA SPORTS
01/02/2007 20:41 <REP> EasyPHP1-8
02/01/2007 19:30 <REP> Elaborate Bytes
08/11/2006 12:08 <REP> Electronic Arts
10/09/2006 23:45 <REP> Empire Interactive
28/03/2007 00:25 <REP> eMule
19/11/2006 21:57 <REP> EPSON
03/09/2006 00:05 <REP> Executive Software
06/12/2006 22:43 <REP> ExtracteurIcones
28/03/2007 00:59 <REP> Fichiers communs
03/11/2006 14:06 <REP> FileZilla
03/11/2006 02:23 <REP> FlashFXP
23/03/2007 17:09 <REP> Free
21/09/2006 19:19 <REP> Futuremark
29/12/2006 00:55 <REP> Gabest
10/09/2006 16:23 <REP> Google
26/12/2006 15:43 <REP> GordianKnot
10/09/2006 15:47 <REP> GrabIt
26/03/2007 22:08 <REP> Grisoft
22/10/2006 23:15 <REP> Guitar Pro 4
24/10/2006 13:48 <REP> Guitar Pro 5
11/10/2006 19:22 <REP> Hamachi
12/12/2006 20:57 <REP> Hooligans
03/09/2006 00:25 <REP> Intel
23/01/2007 21:47 <REP> Internet Explorer
03/01/2007 15:57 <REP> Java
28/11/2006 23:07 <REP> JufSoft
23/12/2006 12:27 <REP> KODAK
17/01/2007 20:30 <REP> KONAMI
21/10/2006 20:56 <REP> Lavasoft
21/11/2006 11:48 <REP> LD-Anime
08/10/2006 01:07 <REP> Logitech
03/09/2006 00:32 <REP> Marvell
03/09/2006 01:01 <REP> McAfee
03/09/2006 00:59 <REP> McAfee.com
14/11/2006 21:35 <REP> Media Player Classic
03/09/2006 00:13 <REP> Messenger
28/03/2007 00:33 <REP> Messenger Plus! Live
30/09/2006 20:11 <REP> MessengerPlus! 3
10/10/2006 19:12 <REP> Micro Application
03/09/2006 00:17 <REP> microsoft frontpage
02/09/2006 20:38 <REP> Microsoft Office
20/03/2007 16:36 <REP> Microsoft Visual Studio
02/09/2006 20:37 <REP> Microsoft.NET
26/11/2006 14:04 <REP> mIRC
03/09/2006 00:15 <REP> Movie Maker
26/03/2007 23:13 <REP> Mozilla Firefox 2 Beta 1
03/11/2006 00:34 <REP> MP3 CD Organizer
23/09/2006 11:31 <REP> MSN
03/09/2006 00:13 <REP> MSN Gaming Zone
28/03/2007 00:33 <REP> MSN Messenger
27/12/2006 20:03 <REP> Musicmatch
12/11/2006 13:08 <REP> Neodivx
03/09/2006 19:37 <REP> Nero
20/01/2007 16:27 <REP> NETGEAR
03/09/2006 00:15 <REP> NetMeeting
03/10/2006 21:06 <REP> NFO viewer
03/09/2006 00:13 <REP> Online Services
03/09/2006 00:15 <REP> Outlook Express
02/11/2006 20:32 <REP> PicaJet
22/10/2006 11:34 <REP> PowerQuest
20/03/2007 16:37 <REP> Publication Web
12/09/2006 13:44 <REP> QuickPar
03/11/2006 22:17 <REP> RaidenFTPD
03/12/2006 02:20 <REP> Real
03/09/2006 00:28 <REP> Realtek
07/12/2006 18:42 <REP> Samsung
07/03/2007 14:52 <REP> Satsuki Decoder Pack
01/11/2006 10:54 <REP> Secway
03/09/2006 00:16 <REP> Services en ligne
27/03/2007 17:34 <REP> Serv-U
02/09/2006 21:51 <REP> SLD Codec Pack
03/09/2006 00:55 <REP> Smart Projects
28/03/2007 00:31 <REP> Soulseek
13/09/2006 19:29 <REP> Soulseek-Test
29/12/2006 13:40 <REP> SpeedFan
02/02/2007 08:42 <REP> Spybot - Search & Destroy
28/03/2007 01:03 <REP> Spyware Terminator
10/01/2007 21:22 <REP> Starcraft
16/12/2006 17:06 <REP> SuperCopier2
13/03/2007 19:57 <REP> Teamspeak2_RC2
19/12/2006 22:37 <REP> Winamp
28/03/2007 00:39 <REP> WinClamAVShield
19/09/2006 15:53 <REP> Windows Media Components
19/09/2006 14:58 <REP> Windows Media Player
03/09/2006 00:13 <REP> Windows NT
04/02/2007 23:08 <REP> WinPcap
03/09/2006 00:57 <REP> WinRAR
05/10/2006 11:16 <REP> WinSCP3
26/03/2007 13:19 <REP> WinTV
02/11/2006 16:03 <REP> Wireshark
07/03/2007 10:10 <REP> World of Warcraft
03/09/2006 00:17 <REP> xerox
0 fichier(s) 0 octets
115 R‚p(s) 14 456 614 912 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ https://www.google.fr/?gws_rd=ssl

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche F:\WINDOWS\*.htm, "F:\WINDOWS\*.gif"

*************** Fin du rapport ****************

Réponse 23 / 25

afideg Messages postés 10970 Statut Contributeur sécurité 602

Bonjour BjornBjorn

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
1°- Télécharger OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
2°- Désactiver la restauration système.
( Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] )
3°- Redémarrer le PC
4°- Réactiver la restauration système
( Clic droit sur poste de travail puis,
propriétés, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et [appliquer]. )
5°- Double-cliquer sur OTMoveIt.exe pour le lancer.
-copier/coller le chemin exact du fichier que tu veux supprimer :

F:\Documents and Settings\Bjorn\Application Data\Azureus
F:\Program Files\Azureus
F:\Program Files\MessengerPlus! 3
F:\Program Files\MSN Messenger

-dans le cadre de gauche de OTMoveIt : " Paste List of Files/Folders to be moved ".
-clique sur MoveIt! pour lancer la suppression.
-le résultat apparaitra dans le cadre "Results".
-clique sur Exit pour fermer.
-un rapport est situé dans C:\_OTMoveIt\MovedFiles (tu ouvres le dossier).
Poste-le SVP, merci

Note : Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

J'attends des avis sur le rapport Spyware Terminator; mais avais-tu bien suivi ma procédure ?
Avais-tu lancé la mise à jour des signatures ( "Update program&database file" ) ? OUI ou NON ?
Avais-tu demandé "Full Spyware Scan" ? OUI ou NON ?
J'ai besoin de ces informations en retour SVP.

Comment se comporte le PC après ça ?
Merci
Al.

Réponse 24 / 25

Bjornbjorn Messages postés 13 Statut Membre

Rapport OTMoveIt :

F:\Documents and Settings\Bjorn\Application Data\Azureus\updates moved successfully.
F:\Documents and Settings\Bjorn\Application Data\Azureus\torrents moved successfully.
F:\Documents and Settings\Bjorn\Application Data\Azureus\tmp moved successfully.
F:\Documents and Settings\Bjorn\Application Data\Azureus\shares moved successfully.
F:\Documents and Settings\Bjorn\Application Data\Azureus\plugins moved successfully.
F:\Documents and Settings\Bjorn\Application Data\Azureus\logs\save moved successfully.
F:\Documents and Settings\Bjorn\Application Data\Azureus\logs moved successfully.
Folder move failed. F:\Documents and Settings\Bjorn\Application Data\Azureus\.lock scheduled to be moved on reboot.
Folder move failed. F:\Documents and Settings\Bjorn\Application Data\Azureus\.keystore scheduled to be moved on reboot.
F:\Documents and Settings\Bjorn\Application Data\Azureus\dht moved successfully.
Folder move failed. F:\Documents and Settings\Bjorn\Application Data\Azureus\.certs scheduled to be moved on reboot.
F:\Documents and Settings\Bjorn\Application Data\Azureus\active moved successfully.
F:\Documents and Settings\Bjorn\Application Data\Azureus moved successfully.
F:\Program Files\Azureus\plugins\azupdater moved successfully.
F:\Program Files\Azureus\plugins\azrating moved successfully.
F:\Program Files\Azureus\plugins\azplugins moved successfully.
F:\Program Files\Azureus\plugins moved successfully.
F:\Program Files\Azureus moved successfully.
F:\Program Files\MessengerPlus! 3\Resources moved successfully.
F:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG moved successfully.
F:\Program Files\MessengerPlus! 3\Plugins moved successfully.
F:\Program Files\MessengerPlus! 3 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\9 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\8 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\7 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\6 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\4 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\31 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\29 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\25 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\22 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\20 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\19 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\18 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\17 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\16 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\12 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\11 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\1046 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\1028 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc\10 moved successfully.
F:\Program Files\MSN Messenger\Device Manager\Loc moved successfully.
F:\Program Files\MSN Messenger\Device Manager moved successfully.
F:\Program Files\MSN Messenger\1033 moved successfully.
F:\Program Files\MSN Messenger moved successfully.

Created on 03/28/2007 17:51:21

--------------------

Concernant Spyware Terminator, j'ai bel et bien suivi la procédure à la lettre, j'ai bien mis à jour les signatures, et fait un scan complet des spyware.

Le PC se porte mieux pour l'instant, je n'ai pas signe d'infection par spyware ou virus.

J'espere que cela va durer.
Comment puis-je en être sûr ?

Reste-t-il des traces d'infection toujours présentes ?

Me conseillerez vous un anti-spyware, et meme antivius plus qu'un autre ?

J'attend votre avis sur la situation.
Je fais le nécessaire de mon côté en applicant ce que vous me demandez.

Olivier.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 25

afideg Messages postés 10970 Statut Contributeur sécurité 602

Olivier,

Confirme-moi d'ici qq jours si le PC semble rétabli.

Mais je t'ai dit que j'attendais des infos sur le scan par Spyware Terminator. Merci de m'avoir apporté les précisions en réponse.
Ce qui est étonnant, vois-tu, c'est qu'une analyse complète comporte généralement ces lignes :
Analyse en Progression (analyse complète)
Temps Démarré: 27/03/2007 09:13:11
Database: 1.0.642.396
***
Résumé de l'Analyse: ( par exemple )
Temps Total de l'Analyse : 2766,66 s
Objets Analysés : 114 463
Objets Identifiés : 364
Objets Ignorés : 0
Objets Critiques : 2
Or chez toi, comme chez plusieurs autres pour le moment, on ne voit que :
Spyware Terminator Version: 1.8.4.965
Start time: 27/03/2007 16:19:13
System: Windows XP
User: Limited
Et rien comme bilan d'analyse.
Il est là le problème actuel ( j'attends la version 2 de Spyware Terminator ).

Mais j'aimerais en savoir davantage .

1• Il manque le rapport BFU situé ici C:\egd.txt

2• Peux-tu trouver une explication à ceci :
F:\Documents and Settings\Bjorn\Bureau\1\-[Mes Documents]-\Setup\NWNK-iRC.rar
Echec de la mise à jour ?

3• Et toujours en BitDefender, peux-tu expliquer ceci :
F:\Program Files\Serv-U\ServUDaemon.exe
Infecté par: Trojan.Dropper.APX
Echec de la suppression ?
NON. Donc, il faut vérifier ce fichier ServUDaemon.exe avec VirusTotal !
Pour cela, vas là :< http://www.virustotal.com/en/virustotalx.html >

Procédure à suivre:

•- sur la page qui s'affiche tu cliques sur "parcourir"
•- ensuite sur la nouvelle page qui s'affiche, tu suis le chemin du fichier
( que Virustotal va analyser , à ta demande;
•- suivre le chemin, c'est-à-dire : en passant par "Poste de Travail" > F:\Program Files\Serv-U\ServUDaemon.exe
•- quand tu as trouvé le fichier ServUDaemon.exe ( mis en gras, ici volontairement pour l'exemple ) ,
tu fais "ouvrir" ( sur cette dernière page affichée)
•- le fichier se retrouve alors ainsi dans la fenêtre de Virustotal, pour l'analyse
•- là, tu cliques sur "send" ( au-dessus, à droite de la page de Virustotal )
•- et tu attends le résultat ( sois patient )
( il faut parfois attendre son tour - si tu reçois un message contenant "queued" )
•- que tu postes sur le forum, SVP

4• Mon problème est qu'à la même date, je retrouve l'installation du logiciel Cain. D'où ma question : « connais-tu et est-ce toi qui a installé Cain et Serv-U ? ». Si oui, il reste le problème que Bidefender signale le fichier ServUDaemon.exe infecté.

Nous allons y arriver.

Dernière question: « Qu'est cela : F:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\AppToPort.dll ? »

Merci à toi.
Al.

Discussions similaires

Changer la couleur de fond d'un en-tête

Nous avons détecté une tentative de connexion inhabituelle

Option de connexion est désactivé sur pc HP

Code source couleur de fond

La modification du Registre a été désactivée

Tentative de modif du registre continuelle ..

25 réponses

Votre réponse

Discussions similaires

Newsletters