ENCORE MESSAGE SUSPECT DANS AVAST

Résolu
alex33sira Messages postés 39 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

J'ai encore un problème avec Avast. Qui me dit qu'il y a trop d emails identiques envoyés dans un faible intervalle de temps.
Y aurait il quelqu un qui pourrait m aider??

Logfile of HijackThis v1.99.1
Scan saved at 00:25:40, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBFE.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ofmous.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BA5B9264-90F2-4FDD-BEA3-B7CD62879843} - C:\WINDOWS\system32\omnbcupa.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [start_cablecom volumecounter] C:\Program Files\cablecom\Compteur de volume hispeed\volumecounter.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4080 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBFE.EXE /FU "C:\WINDOWS\TEMP\E_S86.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ofmous] C:\WINDOWS\system32\ofmous.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\RunServices: [ofmous] C:\WINDOWS\system32\ofmous.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454095 14
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus CX4080 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBFE.EXE /FU "C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\E_S11.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Digimax Viewer 2.0.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alex33sira.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Print Spooler Service (e63iadlaimlilr) - Unknown owner - C:\WINDOWS\system32\ofmous.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: m2PacketcounterService (_service) - mquadr.at - C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
Configuration: Windows XP
Internet Explorer 7.0

21 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Bonjour

    Ton pare-feu Comodo doit être mal configuré car si ma mémoire est bonne il intégre aussi un module de ce genre ..

    * Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {BA5B9264-90F2-4FDD-BEA3-B7CD62879843} - C:\WINDOWS\system32\omnbcupa.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454095 14
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
    O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alex33sira.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0. 0.80.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    * Clic sur "démarrer", "exécuter", tape: services.msc
    Cherche dans la liste les lignes ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"

    - Boonty Games (sauf si encore utilisé)
    - Google Updater Service

    * Vas dans ajouter/supprimer des programmes et désinstalles ces programmes

    - Desktop Messenger
    - Windows Live Toolbar

    * Redémarre ton PC.

    * Rends toit sur VirusTotal
    Dans le champs Choisir entre cette ligne : C:\WINDOWS\system32\ofmous.exe
    Pusi clic sur Envoyer et patiente.
    Dès qu'il a terminé copie et colle l'url de VirusTotal ici
    Si tu as besoin plus d'info regarde ici
    ---> http://kerio.probb.fr/chasser-les-virus-et-spywares-de-votre-systeme-f1/scanner-un-fichier-parmi-plusieurs-antivirus-virustotal-t693.htm

    * Télécharge OTMoveIt sur ton bureau
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    Double clic sur OTMoveIt.exe
    Sélectionne et copie les lignes ci-dessous

    C:\Program Files\GamesBar\
    C:\Program Files\Windows Live Toolbar\
    C:\WINDOWS\system32\ofmous.exe
    C:\WINDOWS\reminder\
    C:\WINDOWS\system32\omnbcupa.dll

    Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
    Clic sur le boutton rouge Moveit et ferme OTMoveIt
    Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
    Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles

    * Fais ce scan anti-virus en ligne et colle le rapport au format texte ici une fois qu'il a terminé.
    Tu trouveras toutes les infos sur le lien ci-dessous
    ---> https://kerio.probb.fr/t673-bitdefender-antivirus-en-ligne

    A++
    0
  2. alex33sira Messages postés 39 Statut Membre 1
     
    slt,

    Merci pr ton aide

    g fé com tu me l avé demandé.

    Tou a été ok juska virus total.
    Sur virus total j'ai entré C:\WINDOWS\system32\ofmous.exe
    puis valider. Virus total me dit :

    0 bytes size received / Se ha recibido un archivo vacio
    0
  3. Utilisateur anonyme
     
    Pas grave ;-)

    Passe à la suite :-)
    0
  4. alex33sira Messages postés 39 Statut Membre 1
     
    SLT

    j ai fait comme tu m a di voici le rapport de OTMoveIt

    File/Folder C:\Program Files\GamesBar not found.
    File/Folder C:\Program Files\Windows Ltve Tooblar not found.
    C:\WINDOWS\system32\ofmous.exe moved successfully.
    C:\WINDOWS\reminder moved successfully.

    Created on 11/29/2007 13:12:23

    Donc maintenan je sui entrain de faire un scan anti virus en ligne avec bitdefender.

    Je te tien o couran d kil a fini
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Evite le langage texto stp c'est moche à lire et surtout à décrypter ..

    * Recommence ceci car apparemment tu as tout tapé manuellement car il y a une erreur et tu as oublié une ligne

    * Télécharge OTMoveIt sur ton bureau
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    Double clic sur OTMoveIt.exe
    Sélectionne et copie les lignes ci-dessous

    C:\Program Files\GamesBar\
    C:\Program Files\Windows Live Toolbar\
    C:\WINDOWS\system32\ofmous.exe
    C:\WINDOWS\reminder\
    C:\WINDOWS\system32\omnbcupa.dll

    Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
    Clic sur le boutton rouge Moveit et ferme OTMoveIt
    Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
    Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles

    A++
    0
  7. alex33sira Messages postés 39 Statut Membre 1
     
    Le scan est terminé je t'envoie le rapport et je vais refaire ce que tu m'as dit

    Voici le rapport de bitdenfender :

    BitDefender Online Scanner

    Rapport d'analyse généré à: Thu, Nov 29, 2007 - 17:23:50

    Voie d'analyse: C:\;D:\;

    Statistiques

    Temps
    01:27:50

    Fichiers
    377003

    Directoires
    9477

    Secteurs de boot
    2

    Archives
    13369

    Paquets programmes
    17261

    Résultats

    Virus identifiés
    3

    Fichiers infectés
    3

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    2

    Info sur les moteurs

    Définition virus
    879431

    Version des moteurs
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\WINDOWS\system32\ocyxopu.exe
    Infecté par: Trojan.Skintrim.ARS

    C:\WINDOWS\system32\ocyxopu.exe
    Echec de la désinfection

    C:\WINDOWS\system32\ocyxopu.exe
    Supprimé

    C:\WINDOWS\Temp\NSIS_install_msgskinner.exe=>(NSIS o)=>lzma_solid_nsis0009
    Infecté par: Backdoor.Skinymes.Agent.A

    C:\WINDOWS\Temp\NSIS_install_msgskinner.exe=>(NSIS o)=>lzma_solid_nsis0009
    Echec de la désinfection

    C:\WINDOWS\Temp\NSIS_install_msgskinner.exe=>(NSIS o)=>lzma_solid_nsis0009
    Supprimé

    C:\WINDOWS\Temp\NSIS_install_msgskinner.exe=>(NSIS o)
    Echec de la mise à jour

    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe
    Infecté par: Worm.Generic.9323

    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe
    Echec de la désinfection

    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe
    Echec de la suppression
    0
  8. Utilisateur anonyme
     
    Attention à ce que tu télécharges, ne télécharge plus rien provenant de pubs comme des programmes ; internetgamebox, mailskinner, webmediaplayer, messenger skinner etc .. saloperie à coup sûr !

    Fais ceci ensuite

    Fais un clic droit sur ce lien :
    http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.zip
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
  9. kurtinou
     
    DESINSTALLE ET REINSTALLE MESSENGER ET TOUT LES AUTRE TRUC DE MESSAGERIE ET REINSTALLE
    SA POURRER MARCHER
    0
  10. Utilisateur anonyme
     
    C'est ça oui, va jouer ailleur pour voir si j'y suis ;O)
    0
  11. alex33sira Messages postés 39 Statut Membre 1
     
    je viens de faire ce que tu m as demandé
    Désolé, mais j'ai 2 enfants donc des fois je suis absente.

    Voici le rapport de navilog1, si ca t'interesse toujours de m'aider :

    Search Navipromo version 3.3.6 commencé le 29/11/2007 à 18:24:57,81

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\Alexandra SIMOES\Application Data ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun fichier trouvé dans :

    - C:\WINDOWS\system32
    - C:\DOCUME~1\ALEXAN~1\LOCALS~1\APPLIC~1

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    Fichiers trouvés :

    dglofpybep.exe trouvé !
    unmrvz.exe trouvé !
    yapudkdva.exe trouvé !
    yapudkdva.dat trouvé !
    yapudkdva_nav.dat trouvé !
    yapudkdva_navps.dat trouvé !

    * Recherche dans C:\DOCUME~1\ALEXAN~1\LOCALS~1\APPLIC~1 *

    *** Recherche fichiers ***

    C:\WINDOWS\pack.epk trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:
    C:\WINDOWS\system32\cfhkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\cfhkj.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\cfhkj.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

    2)Recherche Heuristique :

    C:\WINDOWS\system32\yapudkdva.dat trouvé !
    C:\WINDOWS\system32\yapudkdva_nav.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !

    *** Analyse terminée le 29/11/2007 à 18:26:06,03 ***
    0
  12. Utilisateur anonyme
     
    Bien, maintenant

    Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis 2 et valide.

    Le fix va t'informer qu'il va alors redémarrer ton PC
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé.
    (si ton Pc ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le blocnote va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver
    Referme le blocnote. Ton bureau va réapparaitre

    PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de
    tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et
    choisis "exécuter"
    Tape explorer et valide. Celà te fera apparaitre ton bureau

    ça ne sera pas terminé ;-)
    0
  13. alex33sira Messages postés 39 Statut Membre 1
     
    voici le rapport du cleannavi

    Clean Navipromo version 3.3.6 commencé le 29/11/2007 à 19:01:43,14

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13

    Mode suppression automatique

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans C:\WINDOWS\System32 *

    dglofpybep.exe trouvé !
    Copie dglofpybep.exe réalisé avec succès !
    dglofpybep.exe supprimé !

    unmrvz.exe trouvé !
    Copie unmrvz.exe réalisé avec succès !
    unmrvz.exe supprimé !

    yapudkdva.exe trouvé !
    Copie yapudkdva.exe réalisé avec succès !
    yapudkdva.exe supprimé !

    yapudkdva.dat trouvé !
    Copie yapudkdva.dat réalisé avec succès !
    yapudkdva.dat supprimé !

    yapudkdva_nav.dat trouvé !
    Copie yapudkdva_nav.dat réalisé avec succès !
    yapudkdva_nav.dat supprimé !

    yapudkdva_navps.dat trouvé !
    Copie yapudkdva_navps.dat réalisé avec succès !
    yapudkdva_navps.dat supprimé !

    * Suppression dans C:\DOCUME~1\ALEXAN~1\LOCALS~1\APPLIC~1 *

    *** Suppression dossiers dans C:\WINDOWS ***

    *** Suppression dossiers dans C:\Program Files ***

    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Suppression dossiers dans C:\Documents and Settings\Alexandra SIMOES\Application Data ***

    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Alexandra SIMOES\Local Settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    C:\WINDOWS\system32\cfhkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\cfhkj.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\cfhkj.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

    2)Recherche, création sauvegardes et suppression Heuristique :

    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisé avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup supprimé !

    *** Nettoyage terminé le 29/11/2007 à 19:07:45,31 ***
    0
  14. Utilisateur anonyme
     
    Désinstalle Navilog1 via ajouter/supprimer des programmes et fais ceci

    Télécharge ComboFix
    ---> http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    Ferme ton navigateur web avant d'exécuter ce programme
    Double-clic dessus et appuye sur "Y" pour continuer
    Attends quelques minutes..
    Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
    Tu peux jeter le programme dès que c'est fait.
    0
  15. alex33sira Messages postés 39 Statut Membre 1
     
    Voici le rapport :

    ComboFix 07-11-19.4C - Alexandra SIMOES 2007-11-29 23:37:39.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.303 [GMT 1:00]
    Running from: C:\Documents and Settings\Alexandra SIMOES\Local Settings\Temporary Internet Files\Content.IE5\2MTQB498\ComboFix[1].exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Alexandra SIMOES\err.log
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-29 18:23 <REP> d-------- C:\Program Files\Navilog1
    2007-11-29 15:54 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-11-29 13:26 <REP> d-------- C:\Program Files\Fab Fashion
    2007-11-29 00:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
    2007-11-29 00:45 235,008 --a------ C:\WINDOWS\UNBOC.EXE
    2007-11-29 00:45 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
    2007-11-29 00:45 25,088 --a------ C:\WINDOWS\system32\wsock32.dlb
    2007-11-28 23:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
    2007-11-28 23:47 <REP> d-------- C:\Documents and Settings\Alexandra SIMOES\Application Data\Comodo
    2007-11-28 23:45 <REP> d-------- C:\Program Files\Comodo
    2007-11-28 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-11-28 22:38 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-11-27 22:03 <REP> d-------- C:\Program Files\ReflexiveArcade
    2007-11-26 23:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-11-25 23:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
    2007-11-25 23:31 <REP> d-------- C:\Program Files\iWin.com
    2007-11-24 12:04 837 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
    2007-11-24 11:40 <REP> d-------- C:\Program Files\Kerio
    2007-11-24 11:21 <REP> d-------- C:\Program Files\CCleaner
    2007-11-23 21:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-11-23 17:02 <REP> d-------- C:\Documents and Settings\Alexandra SIMOES\Application Data\Grisoft
    2007-11-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-23 17:01 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-23 16:26 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-11-23 16:21 <REP> d-------- C:\Program Files\Spamicillin
    2007-11-23 15:48 <REP> d-------- C:\Program Files\StofWare
    2007-11-23 15:12 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-23 14:58 <REP> d-------- C:\Program Files\SPAMfighter
    2007-11-23 14:58 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2007-11-23 14:58 <REP> d-------- C:\Program Files\Fichiers communs\Ankiro
    2007-11-23 14:58 <REP> d-------- C:\Documents and Settings\Alexandra SIMOES\Application Data\SPAMfighter
    2007-11-22 11:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFish
    2007-11-21 22:31 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-11-21 22:31 <REP> d-------- C:\Documents and Settings\Alexandra SIMOES\Application Data\skypePM
    2007-11-21 22:31 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-19 11:27 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
    2007-11-19 11:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
    2007-11-15 15:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-11 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
    2007-11-09 19:16 <REP> d-------- C:\Documents and Settings\Alexandra SIMOES\Application Data\EPSON
    2007-11-09 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
    2007-11-09 18:53 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
    2007-11-09 18:50 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
    2007-11-09 18:50 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
    2007-11-09 18:50 75,264 --a------ C:\WINDOWS\system32\E_FLBBFE.DLL
    2007-11-09 18:50 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
    2007-11-09 18:50 62,976 --a------ C:\WINDOWS\system32\E_FD4BBFE.DLL
    2007-11-09 18:50 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2007-11-09 18:50 97 --a------ C:\WINDOWS\system32\PICSDK.ini
    2007-11-09 18:49 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-11-09 18:49 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-11-09 18:46 <REP> d-------- C:\Program Files\epson
    2007-11-09 18:46 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
    2007-11-09 18:46 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
    2007-11-09 18:46 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
    2007-11-08 23:59 <REP> d-------- C:\Program Files\Trymedia
    2007-11-05 17:12 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
    2007-10-29 22:46 <REP> d-------- C:\Program Files\France Loisirs

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-29 22:41 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\OpenOffice.org2
    2007-11-29 22:08 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\Skype
    2007-11-29 15:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-29 12:00 --------- d-----w C:\Program Files\Logitech
    2007-11-28 23:25 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-11-28 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-27 21:44 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-11-27 21:08 --------- d-----w C:\Program Files\Alawar
    2007-11-27 10:49 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2007-11-26 17:58 --------- d-----w C:\Program Files\Google
    2007-11-26 17:39 --------- d-----w C:\Program Files\Windows Live
    2007-11-26 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-25 23:25 --------- d-----w C:\Program Files\MSN Games
    2007-11-25 23:10 --------- d-----w C:\Program Files\eMule
    2007-11-24 10:42 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-23 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-22 23:31 --------- d-----w C:\Program Files\Mes Jeux Téléchargés
    2007-11-22 10:21 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\Zylom
    2007-11-19 10:27 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
    2007-11-16 20:47 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\dvdcss
    2007-11-09 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-09 17:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-05 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-11-05 20:33 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\PlayFirst
    2007-10-27 09:15 110 ----a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
    2007-10-25 22:09 348,160 ----a-w C:\WINDOWS\eSellerateEngine.dll
    2007-10-25 22:08 --------- d-----w C:\Program Files\HipSoft
    2007-10-24 09:35 --------- d-----w C:\Program Files\Java
    2007-10-23 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
    2007-10-23 15:24 --------- d-----w C:\Program Files\PhoTags Express
    2007-10-20 21:10 --------- d-----w C:\Program Files\Samsung
    2007-10-19 12:16 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
    2007-10-18 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2007-10-18 16:04 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\Windows Desktop Search
    2007-10-18 15:51 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2007-10-18 15:49 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-10-18 15:46 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-17 17:12 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
    2007-10-17 17:12 --------- d-----w C:\Program Files\KaraFun
    2007-10-12 02:00 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-10-12 01:56 490,776 ----a-w C:\WINDOWS\system32\drivers\LV561AV.SYS
    2007-10-11 17:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
    2007-10-11 17:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
    2007-10-10 22:23 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\Legends of pirates
    2007-10-10 16:28 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-10-07 22:06 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\Magic Academy
    2007-10-07 21:04 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\iWin
    2007-10-01 21:56 --------- d-----w C:\Documents and Settings\Alexandra SIMOES\Application Data\Pogo Games
    2007-10-01 13:52 --------- d-----w C:\Program Files\Skype
    2007-10-01 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-29 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
    2007-04-14 11:11 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
    C:\Program Files\GamesBar\oberontb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA5B9264-90F2-4FDD-BEA3-B7CD62879843}]
    C:\WINDOWS\system32\omnbcupa.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"= C:\Program Files\GamesBar\oberontb.dll [ ]

    [HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
    [HKEY_CLASSES_ROOT\Oberontb.Band.1]
    [HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
    [HKEY_CLASSES_ROOT\Oberontb.Band]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 16:14]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 11:17]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 11:13]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 11:17]
    "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 14:34 C:\WINDOWS\RTHDCPL.EXE]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 15:13]
    "start_cablecom volumecounter"="C:\Program Files\cablecom\Compteur de volume hispeed\volumecounter.exe" [2005-11-18 16:30]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-11-01 17:15]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-28 23:52]
    "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49]
    "ofmous"="C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe" [2007-11-23 12:25]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "ofmous"="C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe" [2007-11-23 12:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisableRegistryTools"= 0 (0x0)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys
    R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
    R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
    R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
    S0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys
    S0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys
    S2 _service;m2PacketcounterService;C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
    S2 e63iadlaimlilr;Print Spooler Service;C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe /service
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-10-22 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.exe
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-29 23:43:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-29 23:49:05 - machine was rebooted
    .
    --- E O F ---
    0
  16. Utilisateur anonyme
     
    Ok, pas assez complet donc fais ceci

    Télécharge ceci sur ton bureau : ton antivirus peut détecter un virus c'est normal, désactive-le, le temps de la manipulation
    ----> http://www.suspectfile.com/systemscan/ ou ici http://www.mediafire.com/?7x9nwwdlhnr

    Coche la case " I have read and agree" et clic sur "Proceed"

    Coche les cases comme tu peux voir sur cette copie d'écran
    ---> http://img249.imageshack.us/img249/4828/systemscanbv8.jpg

    Dès que c'est fait clic sur "Scan now" puis patiente.
    ATTENTION, le scan peut durée plusieurs minutes, lors du scan si ton antivirus t'alerte d'un virus, tu refuses de le supprimer et/ou de le mettre en quarantaine sans quoi le logiciel va beuger.
    Une fois le scan terminé un rapport va s'ouvrir, envoie le moi sur cette adresse : boulepate62@gmail.com

    A++
    0
  17. alex33sira Messages postés 39 Statut Membre 1
     
    VOICI LE RAPPORT

    SystemScan - www.suspectfile.com - ver. 3.2.2

    Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
    System directory: C:\WINDOWS

    Date: 30/11/2007
    Time: 14:22:24

    Output limited to:
    -Recent files
    -Registry Run Keys
    -Autoplay settings (autorun.inf)
    -Scheduled jobs
    -Services and Drivers (all)
    -Svchost.exe instances
    -Network settings
    -Include HOSTS file
    -Loaded Dlls
    -Alternate Data Sreams
    -Encrypted Files
    -Hidden objects
    -Suspicious Files

    ===================== Recent files (60 days old)=====================

    ----- recent files in C:\
    06/10/2007 22:35:10 (DIR) 0 byte 55 days old -- users
    09/10/2007 11:33:03 0 byte 52 days old -- plx_proxy.log
    08/11/2007 15:41:41 (DIR) 0 byte 22 days old -- temp
    24/11/2007 11:31:15 (DIR) 0 byte 6 days old -- System Volume Information
    28/11/2007 23:45:43 216 byte 2 days old -- boot.ini
    29/11/2007 12:50:12 (DIR) 0 byte 1 days old -- Config.Msi
    29/11/2007 13:12:22 (DIR) 0 byte 1 days old -- _OTMoveIt
    29/11/2007 13:14:04 1281 byte 1 days old -- cleanup.txt
    29/11/2007 13:26:10 (DIR) 0 byte 1 days old -- GameFools
    29/11/2007 19:13:59 2533 byte 1 days old -- cleannavi.txt
    29/11/2007 19:47:47 139 byte 1 days old -- ioSpecial.ini
    29/11/2007 19:47:52 (DIR) 0 byte 1 days old -- Program Files
    29/11/2007 23:33:16 202 byte 1 days old -- DownloadLog.txt
    29/11/2007 23:33:47 (DIR) 0 byte 1 days old -- My Download Files
    29/11/2007 23:34:00 (DIR) 0 byte 1 days old -- My Games
    29/11/2007 23:49:05 18971 byte 1 days old -- ComboFix.txt
    29/11/2007 23:49:06 (DIR) 0 byte 1 days old -- qoobox
    30/11/2007 12:15:26 1598029824 byte 0 days old -- pagefile.sys
    30/11/2007 12:15:28 (DIR)1063440384 byte 0 days old -- hiberfil.sys
    30/11/2007 12:20:27 (DIR) 0 byte 0 days old -- WINDOWS
    30/11/2007 14:22:23 (DIR) 0 byte 0 days old -- suspectfile

    ----- recent files in C:\WINDOWS\
    10/10/2007 17:28:30 585728 byte 51 days old -- WLXPGSS.SCR
    11/10/2007 02:00:45 (DIR) 0 byte 50 days old -- $NtUninstallKB941202$
    11/10/2007 02:02:39 (DIR) 0 byte 50 days old -- $NtUninstallKB933729$
    18/10/2007 16:48:25 (DIR) 0 byte 43 days old -- $NtUninstallKB915800$
    18/10/2007 16:49:11 (DIR) 0 byte 43 days old -- $NtUninstallKB917013$
    18/10/2007 16:51:52 (DIR) 0 byte 43 days old -- assembly
    18/10/2007 16:52:36 (DIR) 0 byte 43 days old -- $NtUninstallWIC$
    18/10/2007 21:37:39 184 byte 43 days old -- dellstat.ini
    18/10/2007 22:06:45 (DIR) 0 byte 43 days old -- system
    25/10/2007 23:09:00 348160 byte 36 days old -- eSellerateEngine.dll
    05/11/2007 21:26:21 116 byte 25 days old -- NeroDigital.ini
    06/11/2007 00:31:25 559 byte 24 days old -- win.ini
    08/11/2007 15:42:10 688 byte 22 days old -- lexstat.ini
    08/11/2007 16:59:01 136704 byte 22 days old -- catchme.exe
    09/11/2007 18:46:01 25 byte 21 days old -- CDE CX4080EFIGD.ini
    09/11/2007 18:46:18 (DIR) 0 byte 21 days old -- twain_32
    09/11/2007 21:44:50 29 byte 21 days old -- DEBUGSM.INI
    19/11/2007 11:34:20 1469270 byte 11 days old -- setupapi.log.1.old
    19/11/2007 12:10:40 (DIR) 0 byte 11 days old -- $NtUninstallKB943460$
    23/11/2007 14:58:51 (DIR) 0 byte 7 days old -- WinSxS
    23/11/2007 19:47:43 0 byte 7 days old -- white.txt
    23/11/2007 19:47:43 0 byte 7 days old -- sujet_blacklist.txt
    23/11/2007 19:47:43 0 byte 7 days old -- black.txt
    24/11/2007 11:43:34 281 byte 6 days old -- system.ini
    24/11/2007 13:58:02 (DIR) 0 byte 6 days old -- Minidump
    26/11/2007 12:14:28 (DIR) 0 byte 4 days old -- $hf_mig$
    26/11/2007 12:22:18 (DIR) 0 byte 4 days old -- ie7
    26/11/2007 12:22:32 (DIR) 0 byte 4 days old -- Media
    26/11/2007 12:22:37 (DIR) 0 byte 4 days old -- WBEM
    26/11/2007 12:24:08 (DIR) 0 byte 4 days old -- ie7updates
    26/11/2007 12:24:24 (DIR) 0 byte 4 days old -- msdownld.tmp
    26/11/2007 13:13:20 (DIR) 0 byte 4 days old -- Help
    26/11/2007 18:27:18 (DIR) 0 byte 4 days old -- network diagnostic
    26/11/2007 18:39:46 (DIR) 0 byte 4 days old -- Fonts
    26/11/2007 19:02:10 216 byte 4 days old -- EurekaLog.ini
    28/11/2007 20:03:30 (DIR) 0 byte 2 days old -- Debug
    28/11/2007 23:09:37 (DIR) 0 byte 2 days old -- Internet Logs
    29/11/2007 12:46:51 0 byte 1 days old -- setuperr.log
    29/11/2007 12:46:51 0 byte 1 days old -- setupact.log
    29/11/2007 12:46:53 2916 byte 1 days old -- ocgen.log
    29/11/2007 12:46:53 303 byte 1 days old -- msgsocm.log
    29/11/2007 12:46:53 6158 byte 1 days old -- FaxSetup.log
    29/11/2007 12:47:03 9822 byte 1 days old -- KB917013Uninst.log
    29/11/2007 12:47:03 991 byte 1 days old -- iis6.log
    29/11/2007 12:47:03 1393 byte 1 days old -- imsins.log
    29/11/2007 12:47:03 342 byte 1 days old -- ocmsn.log
    29/11/2007 12:47:03 2359 byte 1 days old -- tsoc.log
    29/11/2007 12:47:03 1262 byte 1 days old -- ntdtcsetup.log
    29/11/2007 12:47:03 2089 byte 1 days old -- comsetup.log
    29/11/2007 12:48:03 (DIR) 0 byte 1 days old -- Tasks
    29/11/2007 12:48:12 (DIR) 0 byte 1 days old -- Installer
    29/11/2007 17:30:49 (DIR) 0 byte 1 days old -- BDOSCAN8
    29/11/2007 23:32:16 81 byte 1 days old -- popcinfo.dat
    29/11/2007 23:41:02 (DIR) 0 byte 1 days old -- Downloaded Program Files
    29/11/2007 23:41:07 (DIR) 0 byte 1 days old -- erdnt
    29/11/2007 23:44:14 (DIR) 0 byte 1 days old -- Prefetch
    30/11/2007 01:38:29 32540 byte 0 days old -- SchedLgU.Txt
    30/11/2007 12:15:30 2048 byte 0 days old -- bootstat.dat
    30/11/2007 12:16:33 50 byte 0 days old -- wiaservc.log
    30/11/2007 12:16:37 0 byte 0 days old -- 0.log
    30/11/2007 12:18:32 71300 byte 0 days old -- setupapi.log
    30/11/2007 12:20:27 (DIR) 0 byte 0 days old -- LastGood
    30/11/2007 12:20:31 15383 byte 0 days old -- KB938127-IE7.log
    30/11/2007 12:20:31 (DIR) 0 byte 0 days old -- inf
    30/11/2007 12:27:02 2086519 byte 0 days old -- WindowsUpdate.log
    30/11/2007 13:41:00 (DIR) 0 byte 0 days old -- Temp
    30/11/2007 13:41:00 (DIR) 0 byte 0 days old -- system32
    30/11/2007 13:43:11 211 byte 0 days old -- wiadebug.log
    30/11/2007 14:20:45 11208 byte 0 days old -- BOC425.INI

    ----- recent files in C:\WINDOWS\Downloaded Program Files\
    25/10/2007 16:54:18 471040 byte 36 days old -- oscan8.ocx

    ----- recent files in C:\WINDOWS\system\

    ----- recent files in C:\WINDOWS\system32\
    12/10/2007 02:11:56 59500 byte 49 days old -- lvcoinst.ini
    12/10/2007 02:18:30 21138 byte 49 days old -- Repository.reg
    12/10/2007 02:57:28 416280 byte 49 days old -- lvcodec2.dll
    12/10/2007 02:57:40 195096 byte 49 days old -- lvci1150.dll
    12/10/2007 03:00:20 490008 byte 49 days old -- LVUI2.dll
    12/10/2007 03:00:32 465432 byte 49 days old -- LVUI2RC.dll
    18/10/2007 11:31:46 51224 byte 43 days old -- sirenacm.dll
    20/10/2007 02:00:49 (DIR) 0 byte 41 days old -- DirectX
    24/10/2007 10:35:54 5474 byte 37 days old -- jupdate-1.6.0_03-b05.log
    25/10/2007 17:43:25 8516608 byte 36 days old -- shell32.dll
    28/10/2007 13:19:50 85456 byte 33 days old -- perfc00C.dat
    28/10/2007 13:19:50 63350 byte 33 days old -- perfc009.dat
    28/10/2007 13:19:50 402740 byte 33 days old -- perfh009.dat
    28/10/2007 13:19:50 492794 byte 33 days old -- perfh00C.dat
    28/10/2007 13:19:50 1056144 byte 33 days old -- PerfStringBackup.INI
    29/10/2007 16:07:16 369152 byte 32 days old -- xpsp3res.dll
    02/11/2007 08:12:57 18238072 byte 28 days old -- MRT.exe
    17/11/2007 23:31:15 (DIR) 0 byte 13 days old -- Macromed
    19/11/2007 11:27:31 (DIR) 0 byte 11 days old -- DRVSTORE
    19/11/2007 11:27:34 (DIR) 0 byte 11 days old -- ReinstallBackups
    24/11/2007 11:31:15 (DIR) 0 byte 6 days old -- Restore
    26/11/2007 18:54:45 2994 byte 4 days old -- lvcoinst.log
    26/11/2007 18:58:45 (DIR) 0 byte 4 days old -- dllcache
    26/11/2007 18:58:45 (DIR) 0 byte 4 days old -- fr-fr
    26/11/2007 23:36:54 552 byte 4 days old -- d3d8caps.dat
    27/11/2007 22:44:21 278528 byte 3 days old -- pncrt.dll
    28/11/2007 22:40:12 4212 byte 2 days old -- zllictbl.dat
    28/11/2007 23:08:07 (DIR) 0 byte 2 days old -- CatRoot
    29/11/2007 01:15:20 664 byte 1 days old -- d3d9caps.dat
    29/11/2007 23:37:47 (DIR) 0 byte 1 days old -- drivers
    29/11/2007 23:41:18 (DIR) 0 byte 1 days old -- config
    30/11/2007 12:16:18 (DIR) 0 byte 0 days old -- CatRoot2
    30/11/2007 12:17:23 1158 byte 0 days old -- wpa.dbl

    ----- recent files in C:\WINDOWS\system32\drivers\
    11/10/2007 18:59:02 2142488 byte 50 days old -- LVMVdrv.sys
    11/10/2007 18:59:24 25624 byte 50 days old -- LVPr2Mon.sys
    12/10/2007 02:56:20 490776 byte 49 days old -- LV561AV.SYS
    12/10/2007 03:00:42 41752 byte 49 days old -- LVUSBSta.sys
    19/10/2007 13:16:30 2109976 byte 42 days old -- Lvckap.sys
    28/11/2007 23:37:10 837 byte 2 days old -- fwdrv.err
    28/11/2007 23:52:49 75520 byte 2 days old -- cmdmon.sys
    28/11/2007 23:52:49 51328 byte 2 days old -- inspect.sys
    29/11/2007 23:43:06 (DIR) 0 byte 1 days old -- etc

    ----- recent files in C:\WINDOWS\temp\
    29/11/2007 23:54:38 426 byte 1 days old -- IMTB.xml
    29/11/2007 23:54:38 2026 byte 1 days old -- IMTA.xml
    30/11/2007 12:15:33 255 byte 0 days old -- WGAErrLog.txt
    30/11/2007 12:15:34 16384 byte 0 days old -- Perflib_Perfdata_52c.dat
    30/11/2007 12:16:33 26458 byte 0 days old -- phvbxjntr4027F8C3.tmp
    30/11/2007 12:17:23 0 byte 0 days old -- T30DebugLogFile.txt
    30/11/2007 12:17:33 409 byte 0 days old -- WGANotify.settings
    30/11/2007 12:18:34 2101 byte 0 days old -- LVCOMSX.LOG
    30/11/2007 14:21:46 (DIR) 0 byte 0 days old -- _avast4_

    ----- recent files in C:\Program Files\
    17/10/2007 18:12:05 (DIR) 0 byte 44 days old -- KaraFun
    17/10/2007 18:12:25 (DIR) 0 byte 44 days old -- vanBasco's Karaoke Player
    18/10/2007 16:46:43 (DIR) 0 byte 43 days old -- MSN Messenger
    18/10/2007 16:49:37 (DIR) 0 byte 43 days old -- Windows Desktop Search
    18/10/2007 16:51:44 (DIR) 0 byte 43 days old -- Microsoft SQL Server Compact Edition
    20/10/2007 22:10:30 (DIR) 0 byte 41 days old -- Samsung
    23/10/2007 16:24:53 (DIR) 0 byte 38 days old -- PhoTags Express
    24/10/2007 10:35:54 (DIR) 0 byte 37 days old -- Java
    25/10/2007 23:08:54 (DIR) 0 byte 36 days old -- HipSoft
    29/10/2007 22:46:41 (DIR) 0 byte 32 days old -- France Loisirs
    08/11/2007 23:59:50 (DIR) 0 byte 22 days old -- Trymedia
    09/11/2007 18:53:51 (DIR) 0 byte 21 days old -- ABBYY FineReader 6.0 Sprint
    09/11/2007 18:54:54 (DIR) 0 byte 21 days old -- epson
    09/11/2007 18:57:48 (DIR) 0 byte 21 days old -- InstallShield Installation Information
    23/11/2007 00:31:58 (DIR) 0 byte 7 days old -- Mes Jeux Téléchargés
    23/11/2007 14:58:41 (DIR) 0 byte 7 days old -- Fichiers communs
    23/11/2007 15:12:33 (DIR) 0 byte 7 days old -- Trend Micro
    23/11/2007 15:41:06 (DIR) 0 byte 7 days old -- Spybot - Search & Destroy
    23/11/2007 15:48:08 (DIR) 0 byte 7 days old -- StofWare
    23/11/2007 17:01:14 (DIR) 0 byte 7 days old -- Grisoft
    24/11/2007 11:21:22 (DIR) 0 byte 6 days old -- CCleaner
    24/11/2007 11:40:54 (DIR) 0 byte 6 days old -- Kerio
    26/11/2007 00:10:52 (DIR) 0 byte 4 days old -- eMule
    26/11/2007 00:25:50 (DIR) 0 byte 4 days old -- MSN Games
    26/11/2007 00:26:20 (DIR) 0 byte 4 days old -- iWin.com
    26/11/2007 18:39:45 (DIR) 0 byte 4 days old -- Windows Live
    26/11/2007 18:58:45 (DIR) 0 byte 4 days old -- Internet Explorer
    26/11/2007 18:58:45 (DIR) 0 byte 4 days old -- Google
    27/11/2007 11:49:49 (DIR) 0 byte 3 days old -- SUPERAntiSpyware
    27/11/2007 22:03:54 (DIR) 0 byte 3 days old -- ReflexiveArcade
    27/11/2007 22:08:28 (DIR) 0 byte 3 days old -- Alawar
    29/11/2007 00:04:08 (DIR) 0 byte 1 days old -- Spamicillin
    29/11/2007 00:25:36 (DIR) 0 byte 1 days old -- Hijackthis Version Française
    29/11/2007 00:45:08 (DIR) 0 byte 1 days old -- Comodo
    29/11/2007 13:00:06 (DIR) 0 byte 1 days old -- Logitech
    29/11/2007 19:47:58 (DIR) 0 byte 1 days old -- Fab Fashion
    29/11/2007 23:35:01 (DIR) 0 byte 1 days old -- Navilog1
    30/11/2007 12:18:30 (DIR) 0 byte 0 days old -- SPAMfighter

    ----- recent files in C:\Program Files\Fichiers communs\
    09/11/2007 18:57:22 (DIR) 0 byte 21 days old -- InstallShield
    19/11/2007 11:27:46 (DIR) 0 byte 11 days old -- LogiShrd
    21/11/2007 22:31:01 (DIR) 0 byte 9 days old -- Skype
    23/11/2007 14:58:31 (DIR) 0 byte 7 days old -- Application
    23/11/2007 14:58:41 (DIR) 0 byte 7 days old -- Ankiro
    24/11/2007 11:42:42 (DIR) 0 byte 6 days old -- Symantec Shared
    26/11/2007 18:36:27 (DIR) 0 byte 4 days old -- WindowsLiveInstaller
    26/11/2007 18:37:23 (DIR) 0 byte 4 days old -- Microsoft Shared
    27/11/2007 22:44:22 (DIR) 0 byte 3 days old -- Real

    ----- recent files in C:\Documents and Settings\Alexandra SIMOES\Application Data\
    07/10/2007 22:04:30 (DIR) 0 byte 54 days old -- iWin
    07/10/2007 23:06:59 (DIR) 0 byte 54 days old -- Magic Academy
    10/10/2007 23:23:18 (DIR) 0 byte 51 days old -- Legends of pirates
    18/10/2007 17:04:24 (DIR) 0 byte 43 days old -- Windows Desktop Search
    24/10/2007 20:03:21 (DIR) 0 byte 37 days old -- Microsoft
    05/11/2007 21:33:17 (DIR) 0 byte 25 days old -- PlayFirst
    16/11/2007 13:21:01 (DIR) 0 byte 14 days old -- Macromedia
    16/11/2007 21:47:32 (DIR) 0 byte 14 days old -- dvdcss
    18/11/2007 12:06:53 (DIR) 0 byte 12 days old -- Google
    22/11/2007 11:21:05 (DIR) 0 byte 8 days old -- Identities
    22/11/2007 11:21:05 (DIR) 0 byte 8 days old -- Zylom
    23/11/2007 14:58:52 (DIR) 0 byte 7 days old -- SPAMfighter
    23/11/2007 17:02:44 (DIR) 0 byte 7 days old -- Grisoft
    27/11/2007 16:45:42 (DIR) 0 byte 3 days old -- EPSON
    28/11/2007 23:47:34 (DIR) 0 byte 2 days old -- Comodo
    30/11/2007 12:17:11 (DIR) 0 byte 0 days old -- OpenOffice.org2
    30/11/2007 12:17:16 (DIR) 0 byte 0 days old -- skypePM
    30/11/2007 14:16:06 (DIR) 0 byte 0 days old -- Skype

    ----- recent files in C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\
    29/11/2007 23:46:10 131072 byte 1 days old -- ~DF6DFF.tmp
    29/11/2007 23:50:45 (DIR) 0 byte 1 days old -- Google Toolbar
    30/11/2007 00:48:12 193 byte 0 days old -- News.txt
    30/11/2007 12:15:36 (DIR) 0 byte 0 days old -- _avast4_
    30/11/2007 12:15:37 24638 byte 0 days old -- Russian.bin
    30/11/2007 12:15:37 25665 byte 0 days old -- French.bin
    30/11/2007 12:15:37 24274 byte 0 days old -- German.bin
    30/11/2007 12:15:37 22809 byte 0 days old -- Japanese.bin
    30/11/2007 12:15:37 18978 byte 0 days old -- Korean.bin
    30/11/2007 12:15:37 24654 byte 0 days old -- Portuguese.bin
    30/11/2007 12:15:37 25824 byte 0 days old -- Italian.bin
    30/11/2007 12:15:37 21343 byte 0 days old -- Danish.bin
    30/11/2007 12:15:37 22684 byte 0 days old -- SWEDISH.bin
    30/11/2007 12:15:37 16913 byte 0 days old -- TradChin.bin
    30/11/2007 12:15:37 26062 byte 0 days old -- Spanish.bin
    30/11/2007 12:15:37 21773 byte 0 days old -- English.bin
    30/11/2007 12:15:37 15534 byte 0 days old -- SimChin.bin
    30/11/2007 12:15:37 24173 byte 0 days old -- Dutch.bin
    30/11/2007 12:15:38 20608 byte 0 days old -- Norwegian.bin
    30/11/2007 12:15:38 20859 byte 0 days old -- Turkish.bin
    30/11/2007 12:15:38 23522 byte 0 days old -- Portuguese(Brazil).bin
    30/11/2007 12:15:38 20733 byte 0 days old -- Thai.bin
    30/11/2007 12:15:38 22606 byte 0 days old -- Polish.bin
    30/11/2007 12:15:38 18436 byte 0 days old -- Hebrew.bin
    30/11/2007 12:15:38 24446 byte 0 days old -- Hungarian.bin
    30/11/2007 12:15:38 21562 byte 0 days old -- Finnish.bin
    30/11/2007 12:15:38 23467 byte 0 days old -- Greek.bin
    30/11/2007 12:15:38 22862 byte 0 days old -- Czech.bin
    30/11/2007 12:15:38 19506 byte 0 days old -- Arabic.bin
    30/11/2007 12:15:39 (DIR) 0 byte 0 days old -- WPDNSE
    30/11/2007 12:15:42 (DIR) 0 byte 0 days old -- STIMGBRSUND1CUT
    30/11/2007 12:15:42 (DIR) 0 byte 0 days old -- STIMGBRSUND2CUT
    30/11/2007 12:15:42 (DIR) 0 byte 0 days old -- STIMGBRSUND2
    30/11/2007 12:15:42 (DIR) 0 byte 0 days old -- STIMGBRSUND1
    30/11/2007 12:17:07 (DIR) 0 byte 0 days old -- sv889.tmp
    30/11/2007 12:17:12 25088 byte 0 days old -- 2240.idx
    30/11/2007 12:17:12 8 byte 0 days old -- dbisam.lck
    30/11/2007 12:17:12 2816 byte 0 days old -- 2240.dat
    30/11/2007 12:18:03 13912 byte 0 days old -- khpxkynl27F36897.tmp
    30/11/2007 12:18:29 12763 byte 0 days old -- appdata.xml
    30/11/2007 12:18:29 1622 byte 0 days old -- callingapps.xml
    30/11/2007 12:18:33 719 byte 0 days old -- LVCOMSX.LOG
    30/11/2007 12:20:36 173 byte 0 days old -- jusched.log
    30/11/2007 12:39:37 16384 byte 0 days old -- Perflib_Perfdata_17c.dat
    30/11/2007 13:58:59 (DIR) 0 byte 0 days old -- __SkypeIEToolbar_Cache
    30/11/2007 14:19:30 1602 byte 0 days old -- wmplog00.sqm
    30/11/2007 14:21:20 16384 byte 0 days old -- ~DF53D1.tmp
    30/11/2007 14:21:20 (DIR) 0 byte 0 days old -- nss20.tmp

    ===================== REGISTRY SCAN =====================

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

    [run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe"
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe"
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
    "RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
    "start_cablecom volumecounter"="C:\Program Files\cablecom\Compteur de volume hispeed\volumecounter.exe"
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
    "SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe\""
    "LogitechCommunicationsManager"="\"C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe\""
    "LogitechQuickCamRibbon"="\"C:\Program Files\Logitech\QuickCam\Quickcam.exe\" /hide"
    "SPAMfighter Agent"="\"C:\Program Files\SPAMfighter\SFAgent.exe\" update delay 60"
    "!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
    "COMODO Firewall Pro"="\"C:\Program Files\Comodo\Firewall\CPF.exe\" /background"
    "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe"
    "ofmous"="C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe"

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
    "msnmsgr"="\"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe\" /background"
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    "Skype"="\"C:\Program Files\Skype\Phone\Skype.exe\" /nosplash /minimized"
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

    -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
    "msnmsgr"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    [Run]

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    [Run]

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

    [Windows]

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

    [ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    #### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

    [ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
    #### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
    #### HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5}\InprocServer32 @="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    #### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "Shell"="Explorer.exe"
    "System"=""
    "Userinit"="C:\WINDOWS\system32\userinit.exe,"
    "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
    "UIHost"=expand:"logonui.exe"
    "LogonType"=dword:00000001
    "WinStationsDisabled"="0"

    [Winlogon\GPExtensions]

    [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    "@="Quota du disque Microsoft"
    "DllName"=expand:"dskquota.dll"

    [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    "@="Internet Explorer Zonemapping"
    "DllName"=expand:"iedkcs32.dll"

    [Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
    "@="Windows Search Group Policy Extension"
    "DllName"=expand:"%SystemRoot%\System32\srchadmin.dll"

    [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    "DllName"=expand:"scecli.dll"
    "@="Security"

    [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    "DllName"="iedkcs32.dll"
    "@="Internet Explorer Branding"

    [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    "DllName"=expand:"scecli.dll"
    "@="EFS recovery"

    [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    "@="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\System32\cscui.dll"

    [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    "@="Installation de logiciel"
    "DllName"=expand:"appmgmts.dll"

    [Winlogon\Notify]

    [Winlogon\Notify\!SASWinLogon]
    "DllName"="C:\Program Files\SUPERAntiSpyware\SASWINLO.dll"

    [Winlogon\Notify\crypt32chain]
    "DllName"=expand:"crypt32.dll"

    [Winlogon\Notify\cryptnet]
    "DllName"=expand:"cryptnet.dll"

    [Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"

    [Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxdev.dll"

    [Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"

    [Winlogon\Notify\Schedule]
    "DllName"=expand:"wlnotify.dll"

    [Winlogon\Notify\sclgntfy]
    "DllName"=expand:"sclgntfy.dll"

    [Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"

    [Winlogon\Notify\termsrv]
    "DllName"=expand:"wlnotify.dll"

    [Winlogon\Notify\WgaLogon]
    "DllName"=expand:"WgaLogon.dll"

    [Winlogon\Notify\WgaLogon\Settings]

    [Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"

    [Winlogon\SpecialAccounts]

    [Winlogon\SpecialAccounts\UserList]
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "ParseAutoexec"="1"
    "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
    "BuildNumber"=dword:00000a28

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

    [Image File Execution Options\Your Image File Name Here without a path]
    "Debugger"="ntsd -d"

    -----HKLM\System\CurrentControlSet\Control\Session Manager\-----

    [Session Manager]
    "BootExecute"=multi:"autocheck autochk *\00\00"

    [Session Manager\SubSystems]
    "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

    -----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

    [WOW]
    "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
    "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    [RunOnceEx]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    [RunServices]
    "ofmous"="C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ofmous.exe"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    [RunServicesOnce]

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    [RunServices]

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    [RunServicesOnce]

    -----HKLM\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

    -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

    -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
    #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

    [Browser Helper Objects]

    [Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    #### HKCR\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}\InprocServer32 @="C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll"

    [Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    #### HKCR\CLSID\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\InprocServer32 @="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
    @="Skype add-on (mastermind)"

    [Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    #### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

    [Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
    #### HKCR\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\InprocServer32 @="C:\Program Files\GamesBar\oberontb.dll"

    [Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll"
    "NoExplorer"=dword:00000001

    [Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    @=""

    [Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    #### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

    [Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    #### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar2.dll"

    [Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    #### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"

    [Browser Helper Objects\{BA5B9264-90F2-4FDD-BEA3-B7CD62879843}]
    #### HKCR\CLSID\{BA5B9264-90F2-4FDD-BEA3-B7CD62879843}\InprocServer32 @="C:\WINDOWS\system32\omnbcupa.dll"

    [Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    #### HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 @="C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll"

    [Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP]
    "InternetExplore"="Called\00\00¸#Û\03d\00\00\00 Û\03H\00\00\00\00\00\00\00ëÀ6D8-\1a\00øó”\01>³BD4-\1a\00\10ô”\01\05Û6D0-\1a\00\00\00Û\030-\1a\00\00\00\00\00,ô”\01¸½@D0-\1a\00Ƚ\01\00\09\00\00\00€ó”\01\05@\00€tô”\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ§\04\00\00Û\03\00\00\00\00( Û\03\01\00\00\00Üô”\01\00\00\00\00tJ\0ew4`\w˜‘i\03\³BD<8\1a\00\01\00\00\00Èô”\01 \16¨\04Ȩ\04ÿÿÿÿÔô”\01 ê§\04( Û\03êp§\04( Û\03\01\00\00\00¿¼§\04ôô”\01\00\00\00\00\08\00\00\00Ôô”\01œ‘i\03,õ”\01\0b\00”\010-\1a\00\01\00\00\00\08¼§\048÷”\01"
    "FileExplorer"="JustInstalled"
    "FileBrowser"="Called\00\00\14î\01™‚óu °o\03H\00\00\00\15\00\00\00\00\00\00\00xî\01\00\00\00\00\00\00\00\00\00\00\00\00\02†óuÁ@ôw\00\00\00\00\00\00ñ\00xî\01̈!~üí\01V‚ñu0F\10\00h‚\01\00\09\00\00\00Pí\01\05@\00€Dî\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ¿\01\00\00ñ\00\00\00\00\00 \1fñ\00\00\00\00\00¬î\010F\10\00tJ\0ew4`\wððh\03u}\"~ˆ²i\03\00\00\00\00˜î\01 \16À\01ÈÀ\01ÿÿÿÿ¤î\01 ê¿\01 \1fñ\00êp¿\01 \1fñ\00\01\00\00\00¿¼¿\01\00\00\00\00\02\00\00\00\08\00ñ\00\00\00\00\00ôðh\03’\"úw\0b\00\01\00\00\00\00\00\00\00\00\08¼¿\01dñ\01"

    -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

    [URLSearchHooks]
    "{CE000994-A58C-4441-8938-744CD72AB27F}"=""
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
    #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

    -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

    -----HKCU\Control Panel\Desktop\-----

    [Desktop]

    [Desktop\WindowMetrics]

    -----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

    [command]
    @="\"%1\" /S"

    -----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

    [Command]
    @="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

    -----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

    [URL]

    [URL\DefaultPrefix]
    @="http://"

    [URL\Prefixes]
    "ftp"="ftp://"
    "gopher"="gopher://"
    "home"="http://"
    "mosaic"="http://"
    "www"="http://"

    -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

    [Lsa]

    [Lsa\AccessProviders]

    [Lsa\AccessProviders\Windows NT Access Provider]
    "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

    [Lsa\Audit]

    [Lsa\Audit\PerUserAuditing]

    [Lsa\Audit\PerUserAuditing\System]

    [Lsa\Data]

    [Lsa\SSO]

    [Lsa\SSO\Passport1.4]
    "SSOURL"="http://www.passport.com"

    [Lsa\SspiCache]

    [Lsa\SspiCache\digest.dll]
    "Name"="Digest"
    "Comment"="Digest SSPI Authentication Package"

    [Lsa\SspiCache\msapsspc.dll]
    "Name"="DPA"
    "Comment"="DPA Security Package"

    [Lsa\SspiCache\msnsspc.dll]
    "Name"="MSN"
    "Comment"="MSN Security Package"

    -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

    [SharedAccess]
    "DependOnGroup"=multi:"\00"
    "DependOnService"=multi:"Netman\00WinMgmt\00\00"
    "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
    "DisplayName"="Pare-feu Windows / Partage de connexion Internet"
    "ErrorControl"=dword:00000001
    "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
    "ObjectName"="LocalSystem"
    "Start"=dword:00000002
    "Type"=dword:00000020

    [SharedAccess\Epoch]
    "Epoch"=dword:00002cde

    [SharedAccess\Parameters]
    "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

    [SharedAccess\Parameters\FirewallPolicy]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
    "445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
    "137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
    "138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"

    [SharedAccess\Parameters\FirewallPolicy\RestrictedServices]

    [SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]

    [SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
    "SearchIndexer-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|"
    "SearchIndexer-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|"
    "SearchFilterHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|"
    "SearchFilterHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|"

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000001
    "DoNotAllowExceptions"=dword:00000000
    "DisableNotifications"=dword:00000000

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
    "445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
    "137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
    "138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"
    "1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
    "2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"

    [SharedAccess\Setup]
    "ServiceUpgrade"=dword:00000001

    [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
    "All"=dword:00000001

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

    -----HKLM\Software\Microsoft\Ole-----

    [Ole]
    "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
    "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
    "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
    "EnableDCOM"="Y"

    [Ole\AppCompat]

    [Ole\AppCompat\ActivationSecurityCheckExemptionList]
    "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
    "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
    "{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
    "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

    [Ole\NONREDIST]
    "System.EnterpriseServices.Thunk.dll"=""

    -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

    [Security Center]
    "FirstRunDisabled"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000

    [Security Center\Monitoring]

    [Security Center\Monitoring\AhnlabAntiVirus]

    [Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [Security Center\Monitoring\KasperskyAntiVirus]

    [Security Center\Monitoring\McAfeeAntiVirus]

    [Security Center\Monitoring\McAfeeFirewall]

    [Security Center\Monitoring\PandaAntiVirus]

    [Security Center\Monitoring\PandaFirewall]

    [Security Center\Monitoring\SophosAntiVirus]

    [Security Center\Monitoring\SymantecAntiVirus]

    [Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [Security Center\Monitoring\TinyFirewall]

    [Security Center\Monitoring\TrendAntiVirus]

    [Security Center\Monitoring\TrendFirewall]

    [Security Center\Monitoring\ZoneLabsFirewall]

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

    [SystemRestore]
    "DisableSR"=dword:00000000
    "CreateFirstRunRp"=dword:00000001
    "DSMin"=dword:000000c8
    "DSMax"=dword:00000190
    "RPSessionInterval"=dword:00000000
    "RPGlobalInterval"=dword:00015180
    "RPLifeInterval"=dword:0076a700
    "CompressionBurst"=dword:0000003c
    "TimerInterval"=dword:00000078
    "DiskPercent"=dword:0000000c
    "ThawInterval"=dword:00000384
    "RestoreDiskSpaceError"=dword:00000000

    [SystemRestore\Cfg]
    "DiskPercent"=dword:0000000c
    "MachineGuid"="{7A28E89A-5B52-4F68-8844-3FAE3C1887E2}"

    [SystemRestore\SnapshotCallbacks]
    @=""

    -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

    [VB and VBA Program Settings]

    [VB and VBA Program Settings\CCleaner]

    [VB and VBA Program Settings\CCleaner\Options]

    [VB and VBA Program Settings\MP3X]

    [VB and VBA Program Settings\MP3X\ConfigCD]

    -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    [AdvancedOptions]

    -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    -----HKLM\Software\Microsoft\Active Setup\Installed Components-----

    [Installed Components]

    [Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    "@="IE7 Uninstall Stub"
    "ComponentID"="IEUDINIT"
    "StubPath"="C:\WINDOWS\system32\ieudinit.exe"

    [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
    "@="Microsoft Windows Media Player"
    "ComponentID"="WMPACCESS"

    [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    "@="Internet Explorer"
    "ComponentID"="IEACCESS"
    "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

    [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "@="Browser Customizations"
    "ComponentiD"="BRANDING.CAB"
    "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

    [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    "@="Outlook Express"
    "ComponentID"="OEACCESS"
    "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

    [Installed Components\>{E54A439F-A4B0-4526-A16B-B4E2ECE95B3D}]
    "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
    "@="Personnalisation du navigateur"
    "ComponentID"="BRANDING.CAB"

    [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    "@="Microsoft VM"
    "ComponentID"="JAVAVM"
    "KeyFileName"="C:\WINDOWS\system32\msjava.dll"

    [Installed Components\{0D5A17A4-23FB-B2C0-32F6-A14C2FE33361}]
    "@="Microsoft Windows Media Player"
    "ComponentID"="WMPACCESS"

    [Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
    "@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
    "ComponentID"="KB922770"

    [Installed Components\{0FF168DD-17EB-72E9-70AC-9AD52684BC44}]
    "@="Adobe Shockwave Director 10.1.4"
    "ComponentID"="Director"

    [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    "@="Rendu VML (Vector Graphics Rendering)"
    "ComponentID"="MSVML"

    [Installed Components\{172B2557-90E8-6CBC-0449-83E67A1E149E}]
    "@="IE7 Uninstall Stub"
    "ComponentID"="IEUDINIT"

    [Installed Components\{1D54BFBC-1E8A-C6A7-8CC1-FCDEEF66A10C}]
    "@="Outlook Express"
    "ComponentID"="OEACCESS"

    [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "ComponentID"="NetShow"
    "StubPath"=""

    [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "ComponentID"="Microsoft Windows Media Player"
    "StubPath"=""
    "@="Microsoft Windows Media Player 6.4"

    [Installed Components\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
    #### HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32 @="c:\program files\google\googletoolbar2.dll"
    "@="Google Toolbar"
    "ComponentID"="CUSTOM0"

    [Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
    #### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\swdir.dll"
    "ComponentID"="Director"
    "@="Adobe Shockwave Director 10.2"

    [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    "@="DirectAnimation"
    "ComponentID"="DirectAnimation"

    [Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    "ComponentID"="Director"
    "@="Adobe Shockwave Director 10.2"

    [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    "@="Themes Setup"
    "ComponentID"="Theme Component"
    "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

    [Installed Components\{3639CEF9-0314-E944-0A84-04BC92630DDF}]
    "ComponentID"="NetShow"

    [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    "@="Liaison de données Dynamic HTML pour Java"
    "ComponentID"="TridataJava"

    [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    "@="Offline Browsing Pack"
    "ComponentID"="MobilePk"

    [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    "@="Uniscribe"
    "ComponentID"="USP10"

    [Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    "ComponentID"="S867460"
    "@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

    [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    "@="Création avancée"
    "ComponentID"="AdvAuth"

    [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    "@="Microsoft Outlook Express 6"
    "ComponentID"="MailNews"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

    [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    "@="NetMeeting 3.01"
    "ComponentID"="NetMeeting"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

    [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    "@="DirectShow"
    "ComponentID"="activemovie"

    [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    "@="DirectDrawEx"
    "ComponentID"="DirectDrawEx"

    [Installed Components\{44E58D21-1D3A-D708-7FBC-76F531A0AEC8}]
    "@="Internet Explorer"
    "ComponentID"="IEACCESS"

    [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    "@="Internet Explorer Help"
    "ComponentID"="HelpCont"

    [Installed Components\{4BFD61A7-A2BC-E679-624D-3027370E7320}]
    "@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
    "ComponentID"="KB922770"

    [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    "@="Classes Java DirectAnimation"
    "ComponentID"="DAJava"

    [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    "@="Microsoft Windows Script 5.7"
    "ComponentID"="MSVBScript"

    [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    "(Default)"="Internet Connection Wizard"
    "ComponentID"="ICW"

    [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    "@="Internet Explorer Setup Tools"
    "ComponentID"="GenSetup"

    [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    "@="Browsing Enhancements"
    "ComponentID"="ExtraPack"
    "KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

    [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
    "@="Microsoft Windows Media Player"
    "ComponentID"="Microsoft Windows Media Player"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

    [Installed Components\{6C39EBA1-D713-096B-49F4-84349D8DB3E5}]
    "@="Adobe Shockwave Director 10.2"
    "ComponentID"="Director"

    [Installed Components\{6DA76108-145E-318E-ABA4-5E1BF7B50944}]
    "@="DirectAnimation"
    "ComponentID"="DirectAnimation"

    [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    "@="MSN Site Access"
    "ComponentID"="MSN_Auth"

    [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
    "ComponentID"=".NETFramework"
    "@=".NET Framework"

    [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    "@="Carnet d'adresses 6"
    "ComponentID"="WAB"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

    [Installed Components\{7ACF8404-AF80-B91C-25AA-2E0DDCFFD1BD}]
    "@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
    "ComponentID"="KB922770"

    [Installed Components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
    "ComponentID"="KB928365"
    "@="Security Update for Microsoft .NET Framework 2.0 (KB928365)"

    [Installed Components\{819DCC63-6103-8C65-33EA-84FCD2A786D9}]
    "@="Internet Explorer"
    "ComponentID"="IEACCESS"

    [Installed Components\{8324935E-9E65-8B30-FFD7-AD24C0E9A638}]
    "@="Microsoft Windows Media Player"
    "ComponentID"="WMPACCESS"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    "@="Mise à jour du Bureau Windows"
    "ComponentID"="IE4Shell_NT"
    "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    "@="Internet Explorer"
    "ComponentID"="BASEIE40_W2K"
    "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

    [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    "ComponentID"="DOTNETFRAMEWORKS"
    "StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

    [Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    "@="Fax"
    "ComponentID"="Fax"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"

    [Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
    "ComponentID"="M928366"
    "@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"

    [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    "@="Dynamic HTML Data Binding"
    "ComponentID"="Tridata"

    [Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
    "@="Fax Provider"
    "ComponentID"="Fax Provider"
    "StubPath"=""

    [Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
    "@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
    "ComponentID"="KB917283"

    [Installed Components\{A1F7C30B-BB4E-DCC9-F85C-D295F890B881}]
    "@="Microsoft Windows Media Player 6.4"
    "ComponentID"="Microsoft Windows Media Player"

    [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

    [Installed Components\{B34C2972-9705-10DD-A1F5-AC90F646AB6A}]
    "@="Microsoft VM"
    "ComponentID"="JAVAVM"

    [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    "@="Internet Explorer Core Fonts"
    "ComponentID"="Fontcore"

    [Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    "ComponentID"=".NETFramework"
    "@=".NET Framework"

    [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    "@="Planificateur de tâches"
    "ComponentID"="MSTASK"

    [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    "ComponentID"="Windows Movie Maker v2.1"

    [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    #### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx"
    "@="Adobe Flash Player 9 ActiveX"
    "ComponentID"="Flash"

    [Installed Components\{D594EDB2-8070-5BA9-321C-C878F8E92C33}]
    "@="IE7 Uninstall Stub"
    "ComponentID"="IEUDINIT"

    [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    "@="HTML Help"
    "ComponentID"="HTMLHelp"

    [Installed Components\{E202E90A-0EFF-009D-38CB-955EF1F02A64}]
    "@="Outlook Express"
    "ComponentID"="OEACCESS"

    [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    "@="Active Directory Service Interface"
    "ComponentID"="ADSI"

    [Installed Components\{ED327C88-BD6B-31A9-200D-054DBEDA58FA}]
    "@="Rendu VML (Vector Graphics Rendering)"
    "ComponentID"="MSVML"

    [Installed Components\{F4B2380F-9F83-482B-B51F-FD18C7EDD923}]
    "@="Installation Helper"
    "ComponentID"="CUSTOM1"

    -----Comparing registry keys CCS1 vs CCS2 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services

    Result compared: Identical

    -----Comparing registry keys CCS1 vs CCS3 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {C626C008-AC04-4427-80E6-7C5CFE60B7DA} REG_BINARY 1F0000000000000001000000000000003A22504701000000060000000000000010000000000000003A2250473E0218A23E02113D3E02189E3E02113C030000000000000004000000000000003A2250475449C001010000000000000004000000000000003A225047FFFFFC00330000000000000004000000000000003A2250470000150D360000000000000004000000000000003A2250470ACE4001350000000000000001000000000000003A22504705000000
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {C626C008-AC04-4427-80E6-7C5CFE60B7DA} REG_BINARY 1F00000000000000010000000000000010FF4F47010000000600000000000000100000000000000010FF4F473E0218A23E02113D3E02189E3E02113C0300000000000000040000000000000010FF4F475449C0010100000000000000040000000000000010FF4F47FFFFFC003300000000000000040000000000000010FF4F4700000E103600000000000000040000000000000010FF4F470ACE40013500000000000000010000000000000010FF4F4705000000
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Microsoft H.323 Telephony Servic
    0
  18. Utilisateur anonyme
     
    Peux-tu relire ce que j'ai écrit stp (!)
    0
  19. alex33sira Messages postés 39 Statut Membre 1
     
    J'ai essayé de l'envoyer à ton adresse mais j'y suis pas arrivée.

    Pourquoi tiens tu à ce que je l'envoie à ton adresse??

    Bon, c'est pas grave. Je te remercie pour ton aide. Je vais me débrouiller autrement.

    Merci encore
    0
  20. Utilisateur anonyme
     
    Puisque ici pour le mettre ici il va te falloir créer plusieurs messages, car si tu as remarqué ton rapport est incomplet

    De plus le rapport étant assez long cela va allourdir le poids de la page et sachant que je paie chaque page vue en fonction du poids de celle-ci j'ai pas envie de recharger à chaques fois une page de 700ko pour te répondre tout simplement.

    Maintenant si tu le prends comme ça, pas de problème ..
    0
  21. alex33sira Messages postés 39 Statut Membre 1
     
    J'ai essayé mais je n'y arrive pas.

    Merci pour ton aide.

    Désolé de t avoir fait payer.
    0
  • 1
  • 2