Comment supprimer un virus backdoor.Win32

Résolu/Fermé
Signaler
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007
-
 dirdai 147 -
Bonsoir à tous,

Depuis vendredi dernier, lorsque je tape une recherche sur Google, tout se passe bien mais lorsque je clique sur le lien je suis systématiquement redirigée vers un site anglais ou pire un site porno !!!!
Le seul moyen que j'ai trouvé pour accéder au lien c'est de faire un copier coller de l'adresse du lien dans la barre d'adresse google.

Mon antivirus bitdefender a trouvé 2 virus : un appelé generic Malware et l'autre un trojan .agent.aok (ce dernier se trouvait dans C:\windows\system32\ ).

L'antivirus ne pouvait pas les supprimer il les a donc déplacé, par contre mon problème avec google reste toujours présent.

J'ai installé Ad aware et Spybot :
=> Ad aware a trouvé quelques cookies qu'il a supprimé,
et enfin Spybot a trouvé :

=> Backdoor.Win32.SdBot.gen (HKEY_USERS\S-1-5-21-57989841-329068152-682003330-1003\Software\Classes\XML2 ) , il l'a mis en quarantaine.

=> Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0) , celui là j'ai pas osé le supprimer.

=> Microsoft.WindowsSecurityCenter.FirewallDisableNotify (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0), celui là non plus j'ai pas osé le supprimer.

=> Microsoft.WindowsSecurityCenter.UpdateDisableNotify (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdateDisableNotify!=dword:0), celui là non plus j'ai pas osé le supprimer.

Par contre tout à l'heure, j'ai relancé Spybot et il m'a ressorti le backdoor.Win32.Sdbot.gen que théoriquement il avait déjà supprimé ???

Et donc j'ai toujours mon problème de recherches sur Google.

Je ne sais plus quoi faire, vu que je ne suis pas très douée en informatique si quelqu'un pouvait m'aider ça serait super suympa ? Merci beaucoup
Aryana35

18 réponses

Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut,

télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+

Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Salut Regis59,

Tout d'abord je te remercie beaucoup de prendre quelques minutes pour essayer de me dépanner.

Donc voici le compte rendu de hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 13:19:35, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Documents and Settings\Aryana\Mes documents\logiciels\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bitdefender.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mopk.dll
O2 - BHO: Image Helper - {646782DF-07D9-5816-C17D-32459D631863} - C:\WINDOWS\system\bpmdm32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MS_update_0612_KB74062.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Voilà en espérant que tu trouveras quelque chose. Merci , j'attends de tes nouvelles.
Aryana35
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Tu es infectée.

Installe AVG Anti-Spyware :

https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

¤ Lance AVG Anti-Spyware

Clique sur le bouton Analyse (de la barre d'outils)

Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Copie/colle le rapport sur le forum.
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Bonsoir Regis59,

J'ai installé AVG Anti-spyware et voici son rapport :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:50:51 28/03/2007

+ Résultat de l'analyse:



C:\Documents and Settings\Aryana\Local Settings\Temporary Internet Files\Content.IE5\MXOR6X01\mm[2].js -> Adware.Chitika : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temporary Internet Files\Content.IE5\MXOR6X01\mm[3].js -> Adware.Chitika : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temporary Internet Files\Content.IE5\MXOR6X01\mm[4].js -> Adware.Chitika : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temporary Internet Files\Content.IE5\MXOR6X01\mm[5].js -> Adware.Chitika : Nettoyé.
C:\WINDOWS\system32\saqaaaaa.exe -> Logger.Agent.ir : Nettoyé.
C:\WINDOWS\system\bpmdm32.dll -> Logger.Agent.ir : Nettoyé.
C:\WINDOWS\system32\ipv6mopk.dll -> Logger.BZub.hx : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temporary Internet Files\Content.IE5\O9QBSPYZ\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temporary Internet Files\Content.IE5\O9QBSPYZ\installdrivecleanerstart_fr[2].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\System Volume Information\_restore{9E14EBD0-EF7E-4ADA-80E3-7C7E98FFC1E8}\RP235\A0076009.sys -> Rootkit.Agent.dp : Nettoyé.
C:\System Volume Information\_restore{9E14EBD0-EF7E-4ADA-80E3-7C7E98FFC1E8}\RP237\A0076435.exe -> Rootkit.Agent.dq : Nettoyé.
C:\WINDOWS\system32\drivers\hflt_ipf.sys -> Rootkit.Agent.eg : Nettoyé.
C:\Documents and Settings\Aryana\Cookies\aryana@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temp\Cookies\aryana@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Aryana\Cookies\aryana@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Aryana\Cookies\aryana@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Aryana\Cookies\aryana@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temp\Cookies\aryana@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Aryana\Cookies\aryana@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Aryana\Local Settings\Temp\Cookies\aryana@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport

Voilà, faut il faire autre chose ? Merci beaucoup

Aryana35
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Oui par précaution:

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

A+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Bonsoir Regis59,

Voici le rapport SDFIX :


SDFix: Version 1.75

Run by Aryana - 29/03/2007 - 20:40:57,29

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\Aryana\Bureau\SDFIX

Safe Mode:
Checking Services:

Name:
Runtime

ImagePath:
\??\C:\WINDOWS\System32\drivers\runtime.sys

Runtime Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\Aryana\LOCALS~1\Temp\uninstall.exe - Deleted
C:\WINDOWS\system32\sysvx.exe - Deleted
C:\DOCUME~1\Aryana\LOCALS~1\Temp\tmp*.tmp - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\WINDOWS\\system32\\peilqsqs.exe"="C:\\WINDOWS\\system32\\peilqsqs.exe:*:Enabled:enable"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Aryana\Bureau\SDFIX\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\aka.fotovista.com\pixLogOp_140_fr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-11.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-3.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-7.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-8.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft525-15.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft525-2.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft560-3.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft585-3.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\casalemedia.com\becomingintl22112006.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\castorama.fr\communication\a4\2006\castorama_cat_deco\V312.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\centerparcs-visitesvirtuelles.com\brochures_interactives\K1013.centerparcs.General.230806.28p\catalogue\V312.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\directtrack.com\abeneathintl10102006.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\eveiletjeux.com\CataInteractif\Catalogue_Jouets\V313.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\ferryhalim.com\oribells.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\flashtalking.com\ft496-6.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\flickr.com\slideShow\slideShow.swf\slideShowMS.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\fr.prizee.com\swf\angegardien.fr.swf\gardien_prefs.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\fr.prizee.com\swf\gardien.fr.swf\gardien_prefs.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\ikea.com\ms\fr_FR\rooms_ideas\pax_planner_2006\index.swf\pax_directory.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\mappy.com\x\i\static\BtoB\pj\loader.swf\pj_cookie7.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\picwic.com\catalogue\catalogue_oct2006\V313.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\picwic.com\catalogue_interactif\V313.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pixmania.com\pixsettings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pixmania.com\pixsettings_fr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pixmania.com\pixsettings_pr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\prizee.com\swf\angegardien.fr.swf\gardien_prefs.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\redoute.fr\346106\V312.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv042.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv043.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv046.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv049.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv061.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv064.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv065.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv068.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv070.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv071.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv073.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv074.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv074.fr.prizee.com\swf\packplusv22.xx.swf\Packp.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv076.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv077.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv078.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv083.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv088.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv090.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv091.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv092.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv098.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv108.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv110.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv111.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv113.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv114.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv115.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv116.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv117.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv150.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv160.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv161.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv163.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv164.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv191.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv191.fr.prizee.com\swf\paintbulles.v5.xx.swf\paintbulle.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv191.fr.prizee.com\swf\toutfeutoutflamme.v4.xx.swf\PXMLSocket.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv194.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv211.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv215.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv216.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv220.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\uptoten.com\globalUpToTenData.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\uptoten.com\sendCardfr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\video.flashtalking.com\ft537-1.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.dailymotion.com\flash\flvplayer.swf\userPreferences.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.danone.com\danone_video.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.hm.com\static\flash\modules\Modules.swf\HM_TEASER_WAIT_TIME.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.prizee.com\coffreBudeger.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.testezvotrechance.com\35jours.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.youtube.com\soundData.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\king-jouet.com\kingjouet\V307.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a69.g.akamai.net\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#agence.francetelecom.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aka.fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#atdmt.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#casalemedia.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#castorama.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#centerparcs-visitesvirtuelles.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#directtrack.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#eveiletjeux.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fastclick.net\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ferryhalim.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flashtalking.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flickr.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#g.akamai.net\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ikea.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#king-jouet.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mappy.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#picwic.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pixmania.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ratp.info\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#redoute.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv042.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv043.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv046.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv049.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv061.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv064.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv065.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv068.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv070.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv071.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv073.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv074.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv076.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv077.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv078.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv083.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv088.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv090.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv091.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv092.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv098.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv108.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv110.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv111.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv113.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv114.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv115.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv116.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv117.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv150.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv160.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv161.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv163.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv164.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv191.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv194.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv211.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv215.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv216.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv220.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#univ-tln.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#uptoten.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vertbaudet.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\ezpinst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aryana\Application Data\pcouffin.sys
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU30810.tmp
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU497.tmp
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU51736.tmp
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU64939.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL2753.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL2753.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Poissons et crustac‚s\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Poissons et crustac‚s\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Poissons et crustac‚s\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Pˆche\Montages\~WRL0001.tmp

Finished

le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 21:23:21, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Aryana\Mes documents\logiciels\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bitdefender.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MS_update_0612_KB74062.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

et enfin le rapport Blacklight :

03/29/07 21:18:51 [Info]: BlackLight Engine 1.0.55 initialized
03/29/07 21:18:51 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/29/07 21:18:51 [Note]: 7019 4
03/29/07 21:18:51 [Note]: 7005 0
03/29/07 21:18:55 [Note]: 7006 0
03/29/07 21:18:55 [Note]: 7011 188
03/29/07 21:18:55 [Note]: 7026 0
03/29/07 21:18:56 [Note]: 7026 0
03/29/07 21:19:02 [Note]: FSRAW library version 1.7.1021
03/29/07 21:23:04 [Note]: 7007 0


Voilà, j'espère que j'ai bien tout compris pour l'exécution des tâches :)

Merci de ta disponibilité a+

Aryana35
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Super :)

Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\system32\peilqsqs.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Regis59,

Voici le résultat du scan "virusscan :

Scanner results
Scan taken on 29 Mar 2007 20:03:40 (GMT)
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found Trojan.Downloader.Small.Ekr
Avast Found nothing
AVG Antivirus Found Generic3.NLC
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Small.ekr
Fortinet Found W32/Small.EKR!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Small.ekr
NOD32 Found Win32/TrojanDownloader.Small.EIO
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Trojan.DL.Small.GYZ
VBA32 Found Trojan-Downloader.Win32.Small.eio

Voilà, je crois qu'on n'est pas sorti de l'auberge !!!!

a+
Aryana35
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut,

Supprime:

C:\WINDOWS\system32\peilqsqs.exe

A+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Bonsoir Regis59,

Et une fois supprimé que faut il faire ?

@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Remet moi un rapport de SDfix et un nouveau Hijackthis.

a+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Bonsoir Regis59,

Voici le rapport de SDFIX :


SDFix: Version 1.75

Run by Aryana - 31/03/2007 - 21:43:34,20

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\Aryana\Bureau\SDFIX

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\ipv6mons.dll - Deleted
C:\DOCUME~1\Aryana\LOCALS~1\Temp\tmp*.tmp - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\WINDOWS\\system32\\peilqsqs.exe"="C:\\WINDOWS\\system32\\peilqsqs.exe:*:Enabled:enable"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Aryana\Bureau\SDFIX\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\aka.fotovista.com\pixLogOp_140_fr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-11.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-3.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-7.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft483-8.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft525-15.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft525-2.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft560-3.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\atdmt.com\ft585-3.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\casalemedia.com\becomingintl22112006.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\castorama.fr\communication\a4\2006\castorama_cat_deco\V312.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\centerparcs-visitesvirtuelles.com\brochures_interactives\K1013.centerparcs.General.230806.28p\catalogue\V312.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\directtrack.com\abeneathintl10102006.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\eveiletjeux.com\CataInteractif\Catalogue_Jouets\V313.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\ferryhalim.com\oribells.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\flashtalking.com\ft496-6.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\flickr.com\slideShow\slideShow.swf\slideShowMS.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\fr.prizee.com\swf\angegardien.fr.swf\gardien_prefs.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\fr.prizee.com\swf\gardien.fr.swf\gardien_prefs.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\ikea.com\ms\fr_FR\rooms_ideas\pax_planner_2006\index.swf\pax_directory.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\mappy.com\x\i\static\BtoB\pj\loader.swf\pj_cookie7.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\picwic.com\catalogue\catalogue_oct2006\V313.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\picwic.com\catalogue_interactif\V313.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pixmania.com\pixsettings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pixmania.com\pixsettings_fr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\pixmania.com\pixsettings_pr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\prizee.com\swf\angegardien.fr.swf\gardien_prefs.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\redoute.fr\346106\V312.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv042.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv043.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv046.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv049.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv061.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv064.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv065.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv068.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv070.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv071.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv073.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv074.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv074.fr.prizee.com\swf\packplusv22.xx.swf\Packp.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv076.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv077.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv078.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv083.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv088.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv090.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv091.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv092.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv098.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv108.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv110.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv111.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv113.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv114.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv115.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv116.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv117.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv150.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv160.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv161.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv163.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv164.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv191.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv191.fr.prizee.com\swf\paintbulles.v5.xx.swf\paintbulle.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv191.fr.prizee.com\swf\toutfeutoutflamme.v4.xx.swf\PXMLSocket.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv194.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv211.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv215.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv216.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\serv220.fr.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\uptoten.com\globalUpToTenData.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\uptoten.com\sendCardfr.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\video.flashtalking.com\ft537-1.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.dailymotion.com\flash\flvplayer.swf\userPreferences.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.danone.com\danone_video.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.hm.com\static\flash\modules\Modules.swf\HM_TEASER_WAIT_TIME.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.prizee.com\coffreBudeger.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.prizee.com\swf\archekoulapic.fr.swf\#Koulapic2\opt.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.testezvotrechance.com\35jours.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\#SharedObjects\LEYZTZSY\www.youtube.com\soundData.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\king-jouet.com\kingjouet\V307.swf\www.catalogue-virtuel.com.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a69.g.akamai.net\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#agence.francetelecom.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aka.fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#atdmt.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#casalemedia.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#castorama.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#centerparcs-visitesvirtuelles.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#directtrack.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#eveiletjeux.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fastclick.net\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ferryhalim.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flashtalking.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flickr.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fotovista.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#g.akamai.net\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ikea.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#king-jouet.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mappy.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#picwic.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pixmania.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ratp.info\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#redoute.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv042.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv043.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv046.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv049.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv061.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv064.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv065.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv068.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv070.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv071.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv073.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv074.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv076.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv077.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv078.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv083.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv088.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv090.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv091.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv092.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv098.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv108.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv110.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv111.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv113.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv114.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv115.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv116.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv117.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv150.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv160.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv161.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv163.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv164.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv191.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv194.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv211.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv215.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv216.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#serv220.fr.prizee.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#univ-tln.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#uptoten.com\settings.sol
C:\Documents and Settings\Aryana\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vertbaudet.fr\settings.sol
C:\Documents and Settings\Aryana\Application Data\ezpinst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aryana\Application Data\pcouffin.sys
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU30810.tmp
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU497.tmp
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU51736.tmp
C:\Documents and Settings\Aryana\Application Data\Azureus\torrents\AZU64939.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL2753.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Divers\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL2753.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\L‚gumes\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Poissons et crustac‚s\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Poissons et crustac‚s\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Poissons et crustac‚s\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Tartes sal‚es\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL0005.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL0395.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL1595.tmp
C:\Documents and Settings\Aryana\Mes documents\Divers\Recettes\Viandes\~WRL3933.tmp
C:\Documents and Settings\Aryana\Mes documents\Pˆche\Montages\~WRL0001.tmp

Finished

et le rapport de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 22:08:12, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Aryana\Mes documents\logiciels\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bitdefender.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MS_update_0612_KB74062.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Voilà, bonne lecture :)

@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Merci :)

Tu peux me dire quels soucis il te reste?

Et aussi:

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Bonjour Regis59,

Voici le rapport de Silent Runners :

"Silent Runners.vbs", revision R50, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]
"BDOESRV" = ""C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"]
"BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"]
"BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
-> {HKLM...CLSID} = "IZArc DragDrop Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "sockspy.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Aryana\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Aryana" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Démarrage rapide du logiciel HP Image Zone" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
<<!>> "MS_update_0612_KB74062.exe" [null data]
"WiFi Station" -> shortcut to: "C:\Program Files\Hercules\WiFi Station\WifiStation.exe -s" ["Hercules"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
BitDefender Communicator, XCOMM, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]
BitDefender Scan Server, bdss, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service" ["SOFTWIN S.R.L."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt10\Driver = "hpzlnt10.dll" ["HP"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 74 seconds, including 18 seconds for message boxes)

Voilà pour le rapport. Sinon en ce qui concerne les soucis :

je n'arrive toujours pas à aller correctement sur google (il me renvoie toujours sur une page anglaise ou porno) du coup j'ai installé Firefox (et là ça marche),
ce matin bitdefender a lancé son scan et a trouvé un virus appelé Trojan.Agent.fd (dans Local Settings\Application Data) et régulièrement mon pc se plante (je suis obligé de le redémarrer) ou bien lorsque je veux fermer quelque chose comme par ex Nero , j'ai régulièrement une fenêtre Windows qui me dit que le programme ne répond pas ... et enfin j'ai de temps en temps un bel écran tout bleu. Voilà docteur :)
Est ce que tu crois qu'il ne faudrait pas mieux que je formate mon disque dure ???
Si oui, une fois que ça sera fait peux tu me dire ce que je dois installer pour éviter ce genre d'invasion microbienne :(


Merci de ta disponibilité

@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Tu peux me dire ce qu il y a sur l ecran bleu?
Le mieux, a vrai dire ce serait de formater oui parce que je doute de la présence d un rootkit, cependant, c est supprimable....

Mais tu gagnerais du temps et en resultat.
Ensuite; je pourrais t indiquer une bonne protection.

Desinfection ou non?
lol

a+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Re - salut Regis59,

En ce qui concerne l'écran bleu je ne sais plus ce qu'il y a dessus, désolée !

Bon je pense que je vais formater le disque dur dès que j'aurai pris tous les renseignements nécessaire pour le faire (car ça sera une première pour moi en solo :) en espérant que je ne vais pas faire de bêtises !!!!

Pour la protection je suis preneuse de tous tes conseils, bien sûre on parle de la protection informatique :) (pour le reste y a pas de problème :)
lol

Par contre si tu as des conseils à me donner pour le formatage je prends volontier.
Merci beaucoup
@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

lol Tu veux pas de mes conseils?? mdr

A lire:
format

Bonne nuit.
Bonsoir Regis59,

Etant donné que j'ai Bitdefender comme antivirus, est ce que je dois installer un firewall (si oui lequel), et faut il installer un antispyware (est ce que spybot et ad aware font l'affaire ? si oui il faut les mettre "en action" tous les combien ?)

Désolée pour toutes ces questions (qui doivent te paraitre futiles mais je suis novice, et avant d'avoir tous ces problèmes de virus j'avoue que je ne me posais pas vraiment de questions sur les protections pensant naïvement que Bitdefender me protégeait :(

Voilà je crois que j'ai fait le tour de mes interrogations pour ce soir.

Merci encore beaucoup pour le temps que tu prends pour me renseigner :)
@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut,

Etant donné que j'ai Bitdefender comme antivirus, est ce que je dois installer un firewall (si oui lequel),

Bitdefender a un pare feu intégré, vérifie si ta version de Bitdefender l'as.

et faut il installer un antispyware (est ce que spybot et ad aware font l'affaire ? si oui il faut les mettre "en action" tous les combien ?)

A ces 2 la, je te propose celui ci en plus:

AVG Anti-Spyware :

https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

Mises a jours chaques semaines pour les 3 et tu scannes avec tous les 3/4 semaines si tu surfes enormement.

Désolée pour toutes ces questions (qui doivent te paraitre futiles mais je suis novice, et avant d'avoir tous ces problèmes de virus j'avoue que je ne me posais pas vraiment de questions sur les protections pensant naïvement que Bitdefender me protégeait :(


Aucuns problemes, si tu as en a d autres ou si tu veux des précisions, n hésites pas.

Y'a pas de quoi ! :)

A+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Bonsoir Regis59,

Merci de m'avoir répondu :)

Pour Bitdefender, j'ai la version 9 (il y a le firewall) donc je ne change rien.
Je vais suivre tes précieux conseils et lorsque j'aurai formaté mon disque dur (je pense le faire vendredi - croisons les doigts) j'installerai spybot, ad aware et avg anti-spyware.

En espérant que tout se passe bien, je te tiendrai au courant si tu veux bien.

Bon week end de Pâques
@+
Aryana35
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Ouep tiens moi au courant !

Mange pas trop de chocolat

Take you care !

A+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Salut Regis59,

ça y est :) j'ai formaté mon pc (toute seule comme une grande :)) et tout s'est bien passé !!!!!!!!!!!!!

J'ai suivi tes conseils j'ai installé Ad aware, Spybot mais pas encore AVG Anti-Spyware (est ce qu'il existe une version gratuite ?) et désormais j'utilise Firefox et thunderbird. C'est super.

En espérant être tranquille pour un moment ! Remarque maintenant que je sais formater...

@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Oui mais ca ne sert a rien de formater toutes les semaines lol
AVG anti spyware est gratuit:
https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

a+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Re-salut Regis59,

La version de AVG est gratuite pendant 30 jours ? à moins que je n'ai pas bien lu ? ou alors il faut la réinstaller tous les 30 jours ?


@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Tu as juste la protection résidente qui ne marche plus apres 30jours sinon tout le reste marche nikel.

a+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Salut Regis59,

Merci pour la réponse, mais elle sert à quoi la protection résidente ?

Est ce que je peux m'en passer ?

Merci
@+
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

La protection résidente fonctionne comme un antivirus.
Il scanne en permanence tes fichiers a la recherche d infections !
Tu peux t en passer avec AVG AS car ton antivirus a deja cette fonction !
Et de toute maniere, un scan régulier te permettra de détecter les infections.

Tu as d autres questions?
N'hésites pas :)

A+
Messages postés
18
Date d'inscription
lundi 26 mars 2007
Statut
Membre
Dernière intervention
14 avril 2007

Salut Regis59,

Merci beaucoup pour ta réponse :)
Pour le moment je n'ai pas d'autre question mais si j'en ai une je n'hésiterais pas à te la poser.

@+ :)
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

De rien, et pas de soucis, passe quand tu veux :)

Bon week end ensolleillé
svp; j'ai un serieux problème avec le fameux virus rootkit, quelqu'un pourait il m'aider?
j'ai pu télécharger ccleaner et hijackthis...voici le rapport de ccleaner...quelqu'un pouraitt il m'aider au secours


Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-dan.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-cht.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-nld.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-deu.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ita.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-jpn.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-kor.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-nor.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ptg.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-rus.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-esp.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-sve.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-fin.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ptb.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-chs.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-plk.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-csy.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-sky.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-slv.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-hun.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-tha.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-trk.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ell.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-esl.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Chs.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Cht.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Deu.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Esp.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Ita.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Jpn.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Kor.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Nld.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero BackItUp\\BackItUp-Ptg.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_chs.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_cht.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_deu.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_esl.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_esp.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_ita.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_jpn.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_kor.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_nld.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_ptg.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\system32\\msxml3a.dll"=dword:00000001

[HKEY_CLASSES_ROOT\.eta]
@="Google Earth.etafile"

[HKEY_CLASSES_ROOT\.kml]
@="Google Earth.kmlfile"

[HKEY_CLASSES_ROOT\.kmz]
@="Google Earth.kmzfile"

[HKEY_CLASSES_ROOT\OISbmpfile]
@=""

[HKEY_CLASSES_ROOT\OISemffile]
@=""

[HKEY_CLASSES_ROOT\OISgiffile]
@=""

[HKEY_CLASSES_ROOT\OISjpegfile]
@=""

[HKEY_CLASSES_ROOT\OISpngfile]
@=""

[HKEY_CLASSES_ROOT\OIStiffile]
@=""

[HKEY_CLASSES_ROOT\OISwmffile]
@=""

[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]

[HKEY_CLASSES_ROOT\urn:content-classes:contentclassdef]

[HKEY_CLASSES_ROOT\urn:content-classes:wizard/addcontentclass]

[HKEY_CLASSES_ROOT\WMPCD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dbf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dbf\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jad]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jad\OpenWithList]
"a"="IEXPLORE.EXE"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf[1]]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf[1]\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithList]
"a"="WINWORD.EXE"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.widget]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.widget\OpenWithList]
"a"="iexplore.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wps]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wps\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\OpenWithList]

[HKEY_CLASSES_ROOT\AtWorkRendering]
@=""

[HKEY_CLASSES_ROOT\AtWorkRendering\Shell]
@=""

[HKEY_CLASSES_ROOT\comfile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="C:\\WINDOWS\\system32\\rund1132.exe %1"

[HKEY_CLASSES_ROOT\DAIE.DownloadAcceleratorIE]
@="DownloadAcceleratorIE Class"

[HKEY_CLASSES_ROOT\DAIE.DownloadAcceleratorIE\CLSID]
@="{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}"

[HKEY_CLASSES_ROOT\DAIE.DownloadAcceleratorIE\CurVer]
@="DAPIE.DownloadAcceleratorIE.1"

[HKEY_CLASSES_ROOT\DAIE.DownloadAcceleratorIE.1]
@="DownloadAcceleratorIE Class"

[HKEY_CLASSES_ROOT\DAIE.DownloadAcceleratorIE.1\CLSID]
@="{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}"

[HKEY_CLASSES_ROOT\Nero.AutoPlay\shell\InCDAutorunEmptyCD]
@="Autorun empty CD"

[HKEY_CLASSES_ROOT\Nero.AutoPlay\shell\InCDAutorunEmptyCD\command]
@="C:\\Program Files\\Ahead\\InCD\\InCDL.exe"

[HKEY_CLASSES_ROOT\NeroAudioType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,4"

[HKEY_CLASSES_ROOT\NeroAudioType\shell\open]

[HKEY_CLASSES_ROOT\NeroAudioType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroAudioType\shell\print]

[HKEY_CLASSES_ROOT\NeroAudioType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroAudioType\shell\printto]

[HKEY_CLASSES_ROOT\NeroAudioType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroCDExtraType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,17"

[HKEY_CLASSES_ROOT\NeroCDExtraType\shell\open]

[HKEY_CLASSES_ROOT\NeroCDExtraType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroCDExtraType\shell\print]

[HKEY_CLASSES_ROOT\NeroCDExtraType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroCDExtraType\shell\printto]

[HKEY_CLASSES_ROOT\NeroCDExtraType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroCDROMBootType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroCDROMEFIBootType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroCDROMHybridType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,3"

[HKEY_CLASSES_ROOT\NeroCDROMHybridType\shell\open]

[HKEY_CLASSES_ROOT\NeroCDROMHybridType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroCDROMHybridType\shell\print]

[HKEY_CLASSES_ROOT\NeroCDROMHybridType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroCDROMHybridType\shell\printto]

[HKEY_CLASSES_ROOT\NeroCDROMHybridType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroCDROMType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroCopyType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,6"

[HKEY_CLASSES_ROOT\NeroCopyType\shell\open]

[HKEY_CLASSES_ROOT\NeroCopyType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroCopyType\shell\print]

[HKEY_CLASSES_ROOT\NeroCopyType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroCopyType\shell\printto]

[HKEY_CLASSES_ROOT\NeroCopyType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroCueSheetType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,5"

[HKEY_CLASSES_ROOT\NeroCueSheetType\shell\open]

[HKEY_CLASSES_ROOT\NeroCueSheetType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroCueSheetType\shell\print]

[HKEY_CLASSES_ROOT\NeroCueSheetType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroCueSheetType\shell\printto]

[HKEY_CLASSES_ROOT\NeroCueSheetType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroDVDVideoType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroDVDVideoType\shell\open]

[HKEY_CLASSES_ROOT\NeroDVDVideoType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroDVDVideoType\shell\print]

[HKEY_CLASSES_ROOT\NeroDVDVideoType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroDVDVideoType\shell\printto]

[HKEY_CLASSES_ROOT\NeroDVDVideoType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroHDBackupType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,14"

[HKEY_CLASSES_ROOT\NeroHDBackupType\shell\open]

[HKEY_CLASSES_ROOT\NeroHDBackupType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroHDBackupType\shell\print]

[HKEY_CLASSES_ROOT\NeroHDBackupType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroHDBackupType\shell\printto]

[HKEY_CLASSES_ROOT\NeroHDBackupType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroHDBVideoType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroHDBVideoType\shell\open]

[HKEY_CLASSES_ROOT\NeroHDBVideoType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroHDBVideoType\shell\print]

[HKEY_CLASSES_ROOT\NeroHDBVideoType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroHDBVideoType\shell\printto]

[HKEY_CLASSES_ROOT\NeroHDBVideoType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroHFSType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,11"

[HKEY_CLASSES_ROOT\NeroHFSType\shell\open]

[HKEY_CLASSES_ROOT\NeroHFSType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroHFSType\shell\print]

[HKEY_CLASSES_ROOT\NeroHFSType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroHFSType\shell\printto]

[HKEY_CLASSES_ROOT\NeroHFSType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroImageType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,5"

[HKEY_CLASSES_ROOT\NeroImageType\shell\open]

[HKEY_CLASSES_ROOT\NeroImageType\shell\open\command]
@="\"C:\\Program Files\\Ahead\\Nero\\Nero.exe\" \"%1\""

[HKEY_CLASSES_ROOT\NerominiDVDType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,8"

[HKEY_CLASSES_ROOT\NerominiDVDType\shell\open]

[HKEY_CLASSES_ROOT\NerominiDVDType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NerominiDVDType\shell\print]

[HKEY_CLASSES_ROOT\NerominiDVDType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NerominiDVDType\shell\printto]

[HKEY_CLASSES_ROOT\NerominiDVDType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroMixedModeType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,7"

[HKEY_CLASSES_ROOT\NeroMP3Type\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,15"

[HKEY_CLASSES_ROOT\NeroSuperVideoType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroUDFISOType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroUDFType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\NeroVideoType\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,8"

[HKEY_CLASSES_ROOT\NeroVideoType\shell\open]

[HKEY_CLASSES_ROOT\NeroVideoType\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\NeroVideoType\shell\print]

[HKEY_CLASSES_ROOT\NeroVideoType\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\NeroVideoType\shell\printto]

[HKEY_CLASSES_ROOT\NeroVideoType\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\NeroWMAType\DefaultIcon]
@="C:\\Program Files\\Ahead\\nero\\nero.exe,16"

[HKEY_CLASSES_ROOT\txtfile\shell\open]

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="C:\\WINDOWS\\system32\\rund1132.exe %1"

[HKEY_CLASSES_ROOT\TypeAACNero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,18"

[HKEY_CLASSES_ROOT\TypeAACNero\shell\open]

[HKEY_CLASSES_ROOT\TypeAACNero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeAACNero\shell\print]

[HKEY_CLASSES_ROOT\TypeAACNero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeAACNero\shell\printto]

[HKEY_CLASSES_ROOT\TypeAACNero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeAmorceCRROMNero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\TypeAmorceCRROMNero\shell\open]

[HKEY_CLASSES_ROOT\TypeAmorceCRROMNero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeAmorceCRROMNero\shell\print]

[HKEY_CLASSES_ROOT\TypeAmorceCRROMNero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeAmorceCRROMNero\shell\printto]

[HKEY_CLASSES_ROOT\TypeAmorceCRROMNero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeCDROMNero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\TypeCDROMNero\shell\open]

[HKEY_CLASSES_ROOT\TypeCDROMNero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeCDROMNero\shell\print]

[HKEY_CLASSES_ROOT\TypeCDROMNero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeCDROMNero\shell\printto]

[HKEY_CLASSES_ROOT\TypeCDROMNero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeErreurNero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,10"

[HKEY_CLASSES_ROOT\TypeErreurNero\shell\open]

[HKEY_CLASSES_ROOT\TypeErreurNero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeErreurNero\shell\print]

[HKEY_CLASSES_ROOT\TypeErreurNero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeErreurNero\shell\printto]

[HKEY_CLASSES_ROOT\TypeErreurNero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeImageNero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,5"

[HKEY_CLASSES_ROOT\TypeImageNero\shell\open]

[HKEY_CLASSES_ROOT\TypeImageNero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeImageNero\shell\print]

[HKEY_CLASSES_ROOT\TypeImageNero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeImageNero\shell\printto]

[HKEY_CLASSES_ROOT\TypeImageNero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeModeMixteNero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,7"

[HKEY_CLASSES_ROOT\TypeModeMixteNero\shell\open]

[HKEY_CLASSES_ROOT\TypeModeMixteNero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeModeMixteNero\shell\print]

[HKEY_CLASSES_ROOT\TypeModeMixteNero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeModeMixteNero\shell\printto]

[HKEY_CLASSES_ROOT\TypeModeMixteNero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeMP3Nero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,15"

[HKEY_CLASSES_ROOT\TypeMP3Nero\shell\open]

[HKEY_CLASSES_ROOT\TypeMP3Nero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeMP3Nero\shell\print]

[HKEY_CLASSES_ROOT\TypeMP3Nero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeMP3Nero\shell\printto]

[HKEY_CLASSES_ROOT\TypeMP3Nero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeUDFISONero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\TypeUDFISONero\shell\open]

[HKEY_CLASSES_ROOT\TypeUDFISONero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeUDFISONero\shell\print]

[HKEY_CLASSES_ROOT\TypeUDFISONero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeUDFISONero\shell\printto]

[HKEY_CLASSES_ROOT\TypeUDFISONero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeUDFNero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,2"

[HKEY_CLASSES_ROOT\TypeUDFNero\shell\open]

[HKEY_CLASSES_ROOT\TypeUDFNero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeUDFNero\shell\print]

[HKEY_CLASSES_ROOT\TypeUDFNero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeUDFNero\shell\printto]

[HKEY_CLASSES_ROOT\TypeUDFNero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\TypeWMANero\DefaultIcon]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe,16"

[HKEY_CLASSES_ROOT\TypeWMANero\shell\open]

[HKEY_CLASSES_ROOT\TypeWMANero\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\TypeWMANero\shell\print]

[HKEY_CLASSES_ROOT\TypeWMANero\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\TypeWMANero\shell\printto]

[HKEY_CLASSES_ROOT\TypeWMANero\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\Nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\YPager.Messenger]

[HKEY_CLASSES_ROOT\YPager.Messenger\CLSID]
@="{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}"

[HKEY_CLASSES_ROOT\YPager.Messenger\CurVer]
@="Ypager.Messenger.1"

[HKEY_CLASSES_ROOT\CLSID\{5C4C8078-24CF-4c71-B05E-8B1D935DB5AC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C4C8078-24CF-4c71-B05E-8B1D935DB5AC}\LocalServer32]
@="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\""

[HKEY_CLASSES_ROOT\CLSID\{762DAFB9-15BD-4b41-B919-F3D5023D1E78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{762DAFB9-15BD-4b41-B919-F3D5023D1E78}\LocalServer32]
@="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\""

[HKEY_CLASSES_ROOT\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}]
@="Messenger Class"
"AppID"=""

[HKEY_CLASSES_ROOT\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\LocalServer32]
@="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\""

[HKEY_CLASSES_ROOT\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\ProgID]
@="Yahoo.Messenger.1"

[HKEY_CLASSES_ROOT\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\TypeLib]
@="{661B6BCF-D5E8-42A6-A84D-0950ED57641D}"

[HKEY_CLASSES_ROOT\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\VersionIndependentProgID]
@="Yahoo.Messenger"

[HKEY_CLASSES_ROOT\CLSID\{A3E84F97-4A68-4e42-9976-DA8DF946B571}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3E84F97-4A68-4e42-9976-DA8DF946B571}\LocalServer32]
@="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\""

[HKEY_CLASSES_ROOT\CLSID\{DD354C32-4A1B-4C5F-9E90-743FD39E86D2}]
@="WSGlobalData Class"

[HKEY_CLASSES_ROOT\CLSID\{DD354C32-4A1B-4C5F-9E90-743FD39E86D2}\InprocServer32]
@="C:\\Program Files\\WhiteSmoke\\WSOutlookAddin.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{DD354C32-4A1B-4C5F-9E90-743FD39E86D2}\ProgID]
@="WSOutlookAddin.WSGlobalData.1"

[HKEY_CLASSES_ROOT\CLSID\{DD354C32-4A1B-4C5F-9E90-743FD39E86D2}\TypeLib]
@="{17CE506D-A485-4325-A08E-EE5D4294B17C}"

[HKEY_CLASSES_ROOT\CLSID\{DD354C32-4A1B-4C5F-9E90-743FD39E86D2}\VersionIndependentProgID]
@="WSOutlookAddin.WSGlobalData"

[HKEY_CLASSES_ROOT\Applications\moviemk.exe]

[HKEY_CLASSES_ROOT\Applications\moviemk.exe\shell]
"FriendlyCache"="Movie Maker"

[HKEY_CLASSES_ROOT\Applications\nero.exe\shell\open]

[HKEY_CLASSES_ROOT\Applications\nero.exe\shell\open\command]
@="C:\\PROGRA~1\\Ahead\\nero\\nero.exe \"%1\""

[HKEY_CLASSES_ROOT\Applications\nero.exe\shell\print]

[HKEY_CLASSES_ROOT\Applications\nero.exe\shell\print\command]
@="C:\\PROGRA~1\\Ahead\\nero\\nero.exe /p \"%1\""

[HKEY_CLASSES_ROOT\Applications\nero.exe\shell\printto]

[HKEY_CLASSES_ROOT\Applications\nero.exe\shell\printto\command]
@="C:\\PROGRA~1\\Ahead\\nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_CLASSES_ROOT\Applications\rund1132.exe\shell\open]

[HKEY_CLASSES_ROOT\Applications\rund1132.exe\shell\open\command]
@="C:\\WINDOWS\\system32\\rund1132.exe %1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\nero.exe]
@="C:\\Program Files\\Ahead\\nero\\nero.exe"
"Path"="C:\\Program Files\\Ahead\\Nero"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe]
"RunAsOnNonAdminInstall"=dword:00000001
"BlockOnTSNonInstallMode"=dword:00000001
"Path"="C:\\dell\\drivers\\0P474"
@="C:\\dell\\drivers\\0P474\\setup.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\WINDOWS\\PCHEALTH\\ERRORREP\\QHEADLES\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\WINDOWS\\PCHEALTH\\ERRORREP\\QSIGNOFF\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\WINDOWS\\winsxs\\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\WINDOWS\\winsxs\\Policies\\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\Prof. MITI\\Local Settings\\Application Data\\Microsoft\\OFFICE\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab\\AVP7\\Data\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab\\AVP7\\Dskm\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG7Uninstall]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,20,bb,01,00,00,00,00,7c,44,66,\
81,21,d1,c7,01,07,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,47,00,72,00,69,00,73,\
00,6f,00,66,00,74,00,5c,00,41,00,56,00,47,00,37,00,5c,00,61,00,76,00,67,00,\
63,00,63,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Google Desktop]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,40,7f,00,00,00,00,00,08,1e,27,\
bc,41,50,c7,01,04,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,47,00,6f,00,6f,00,67,\
00,6c,00,65,00,5c,00,47,00,6f,00,6f,00,67,00,6c,00,65,00,20,00,44,00,65,00,\
73,00,6b,00,74,00,6f,00,70,00,20,00,53,00,65,00,61,00,72,00,63,00,68,00,5c,\
00,70,00,64,00,66,00,74,00,6f,00,74,00,65,00,78,00,74,00,2e,00,65,00,78,00,\
65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E659E0EE-10E6-49B7-8696-60F38D0EB174}]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,00,08,e6,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Google]

[HKEY_LOCAL_MACHINE\Software\lameme]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="C:\\dell\\drivers\\R34790\\Mouse\\SETUP\\MSH\\Mouse\\point32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Blank AntiViri"="C:\\AUT0EXEC.BAT StartUp"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Secure64"="C:\\WINDOWS\\system32\\dllcache\\Regedit32.com StartUp"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Secure32"="C:\\WINDOWS\\system32\\dllcache\\Shell32.com StartUp"

voici le rapport de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55:31, on 12/11/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\2.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\2.bin\ASKPBAR.DLL
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D617A14-FBD1-46A8-AFFF-33E0547585B6}: NameServer = 172.16.1.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe (file missing)
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 338
Salut

Crée ton propre poste.

A+
bonjour a tous, j'ai lu attentivement tout ce qui a été dit mais c'est trop compliqué pour que je lme débrouille tout seul, voila je suis infecté par Email-Worm.Win32.Bagle.of et backdoor.Win32 si c'est comme ça qu'il s'appel, j'ai fait une analyse en ligne avec kaspersky j'ai enregistrer le rapport et j'ai vu que certaine personne pouvait resoudre le probleme grace a ce rapport donc si quelqu'in veut bien jeter un oeil au mien je lui en serait trés reconnaisant parce-que je ne peut plus faire grand chose :s

merci d'avance

a+