Tom's Guide > Forum > Sécurité - Virus > Pub intempestive + lag + redirection pub (ordi = poubelle)

Pub intempestive + lag + redirection pub (ordi = poubelle)

Forum Sécurité - Virus : Pub intempestive + lag + redirection pub (ordi = poubelle)

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Mister y2j   05-05-2009 à 21:50:03

Bonjour.

Geste peut-être un peu égoïste, mais je me permet de créer un nouveau topic, car l'internaute qui m'a aidé ne répond plus, et je suis dans un cas de + en + critique.

Donc, depuis quelques temps j'ai beaucoup de pub intempestives, sur google lorsque je clic je suis redirigé vers la pub et le web ( et un peu moins l'ordi) sont très lent. Pour finir, je n'ai pas accés à certains sites, par exemple l'équipe.fr (impossible de voir les actualités.)


Bref, a ce qui parait mon ordinateur est une vraie poubelle, j'aimerais beaucoup que cela ne soit plus le cas. Précision, pour Combo Fix je ne parviens pas à enlever mes antivirus (BitDeefender déconne et pour AVG je ne connais pas la manipulation)


Voici le lien de mon précédent topic :
http://www.infos-du-net.com/forum/ [...] age-erreur

Un grand merci d'avance.

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Destrio5   05-05-2009 à 21:57:07
- 0 +

Bonjour,

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5
Mister y2j   06-05-2009 à 14:30:22
- 0 +

Bonjour, et merci pour ton aide.

Voici Log.txt

Citation :

Logfile of random's system information tool 1.06 (written by random/random)
Run by maxime at 2009-05-06 14:27:23
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 81 GB (55%) free of 147 GB
Total RAM: 767 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:01, on 06/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\maxime\local settings\application data\wimgwos.exe
C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\maxime\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\maxime.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: C:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [CPM9be5ba2f] Rundll32.exe "c:\windows\system32\herawuve.dll",a
O4 - HKLM\..\Run: [98d689b3] rundll32.exe "C:\WINDOWS\system32\pamuzuwa.dll",b
O4 - HKLM\..\Run: [kizanewezi] Rundll32.exe "C:\WINDOWS\system32\romezeju.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wimgwos] "c:\documents and settings\maxime\local settings\application data\wimgwos.exe" wimgwos
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\qsmxf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\qsmxf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

[DeleteTemplates.reg]
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

[Strings]
START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
O14 - IERESET.INF: CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

[DeleteTemplates.reg]
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

[Strings]
START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\pudosuji.dll C:\WINDOWS\system32\fajodiya.dll c:\windows\system32\herawuve.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 10202 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2BA40A1-74F3-42BD-F434-12345A2C8953}]
C:\WINDOWS\system32\afnoinkdsfe.dll - C:\WINDOWS\system32\afnoinkdsfe.dll [2009-05-05 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-20 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"prnet"=C:\WINDOWS\system32\prnet.tmp []
"CPM9be5ba2f"=c:\windows\system32\herawuve.dll [2009-05-01 81920]
"98d689b3"=C:\WINDOWS\system32\pamuzuwa.dll [2009-05-01 79360]
"kizanewezi"=C:\WINDOWS\system32\romezeju.dll,s []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"wimgwos"=c:\documents and settings\maxime\local settings\application data\wimgwos.exe [2009-04-26 317440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe [2003-05-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-20 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
- []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe [2006-10-07 958464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2004-10-08 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-04-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-01-01 95960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2004-08-05 144384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe [2004-01-27 70760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2006-02-16 295936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vaderetro Outlook]
C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe [2006-07-22 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [2009-03-25 161776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2
"SNDSrvc"=2
"SBService"=2
"SAVScan"=3
"navapsvc"=3
"ccSetMgr"=2
"ccPwdSvc"=3
"ccProxy"=2
"ccEvtMgr"=2

C:\Documents and Settings\maxime\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\pudosuji.dll C:\WINDOWS\system32\fajodiya.dll c:\windows\system32\herawuve.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-20 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll [2009-05-01 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll [2009-05-01 81920]
jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll [2009-05-01 15000]
sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll [2009-05-05 15000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\pudosuji.dll
C:\WINDOWS\system32\fajodiya.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSetActiveDesktop"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\maxime\Bureau\AgeofEmpire2(2)\empires2.exe"="C:\Documents and Settings\maxime\Bureau\AgeofEmpire2(2)\empires2.exe:*:Disabled:Age of Empires II"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-05-06 14:27:23 ----D---- C:\rsit
2009-05-06 13:30:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll.prepare
2009-05-05 15:42:44 ----A---- C:\WINDOWS\system32\afnoinkdsfe.dll
2009-05-03 17:51:49 ----A---- C:\Bug.txt
2009-05-03 17:51:47 ----A---- C:\WINDOWS\system32\cmd.execf
2009-05-03 17:51:35 ----D---- C:\32788R22FWJFW
2009-05-02 22:04:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-02 22:00:47 ----D---- C:\SDFix
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-05-01 13:34:20 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\swsc.exe
2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\swreg.exe
2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-05-01 13:34:19 ----A---- C:\WINDOWS\system32\Process.exe
2009-05-01 12:39:44 ----A---- C:\WINDOWS\system32\lmppcsetup.exe
2009-05-01 12:22:15 ----A---- C:\WINDOWS\system32\ntdll64.exe
2009-05-01 12:22:07 ----A---- C:\WINDOWS\system32\loader49.exe
2009-05-01 12:18:02 ----A---- C:\WINDOWS\system32\p2hhr.bat
2009-05-01 12:07:06 ----A---- C:\WINDOWS\system32\yhs783ijfo3fe.dll
2009-05-01 12:07:06 ----A---- C:\WINDOWS\system32\ak1.exe
2009-05-01 11:59:42 ----SH---- C:\WINDOWS\system32\awuzumap.ini
2009-04-30 22:05:49 ----D---- C:\Documents and Settings\maxime\Application Data\pidle
2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT

======List of files/folders modified in the last 1 months======

2009-05-06 14:12:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-06 14:09:13 ----SD---- C:\WINDOWS\Tasks
2009-05-06 14:04:35 ----D---- C:\Documents and Settings\maxime\Application Data\OpenOffice.org2
2009-05-06 13:33:14 ----D---- C:\Program Files\Mozilla Firefox
2009-05-06 13:33:02 ----D---- C:\WINDOWS\temp
2009-05-06 13:33:02 ----D---- C:\WINDOWS\system32
2009-05-06 13:32:12 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.90 Modem.txt
2009-05-06 13:31:56 ----D---- C:\WINDOWS
2009-05-05 23:11:07 ----D---- C:\Documents and Settings\maxime\Application Data\uTorrent
2009-05-05 15:43:01 ----D---- C:\WINDOWS\Prefetch
2009-05-05 15:27:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-04 23:37:53 ----A---- C:\WINDOWS\win.ini
2009-05-04 21:48:59 ----HD---- C:\$AVG8.VAULT$
2009-05-04 19:39:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-02 21:55:08 ----SHD---- C:\WINDOWS\Installer
2009-05-02 21:54:58 ----HD---- C:\Config.Msi
2009-05-02 21:54:50 ----D---- C:\Program Files\Opera
2009-05-02 16:27:31 ----A---- C:\Documents and Settings\maxime\Application Data\QuickZip45.ini
2009-05-01 14:46:51 ----A---- C:\rapport.txt
2009-05-01 14:39:26 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-01 12:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 12:34:28 ----D---- C:\WINDOWS\Minidump
2009-05-01 12:34:28 ----D---- C:\WINDOWS\Debug
2009-05-01 11:59:26 ----N---- C:\WINDOWS\system32\herawuve.dll
2009-05-01 11:59:25 ----ASH---- C:\WINDOWS\system32\pamuzuwa.dll
2009-05-01 11:59:25 ----ASH---- C:\WINDOWS\system32\kebajuvi.exe
2009-05-01 11:51:44 ----D---- C:\WINDOWS\system32\drivers
2009-04-29 22:20:19 ----HD---- C:\WINDOWS\inf
2009-04-29 22:20:14 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-29 14:09:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-29 14:09:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-26 23:41:05 ----D---- C:\Documents and Settings\maxime\Application Data\AVGTOOLBAR
2009-04-26 22:52:25 ----RD---- C:\Program Files
2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs
2009-04-17 21:34:25 ----D---- C:\Program Files\LimeWire
2009-04-16 12:13:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 12:08:02 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 12:08:01 ----D---- C:\WINDOWS\AppPatch
2009-04-16 03:25:38 ----D---- C:\WINDOWS\system32\fr-fr
2009-04-16 03:25:38 ----D---- C:\Program Files\Internet Explorer
2009-04-07 17:35:05 ----D---- C:\Program Files\Dofus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-05 41600]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-20 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-20 27656]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 Cap713x;Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 751104]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-10-07 62592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-02-16 210128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968]
R3 RTL8187B;TG123g USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-02-16 516616]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-01-21 11544]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-01-21 172216]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-01-21 35000]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20080508.002\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-01-21 46808]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368]
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
S3 catchme;catchme; \??\C:\Comboidn\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-27 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-02-16 1293192]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NavEx15.Sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-02-05 162136]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-02-16 85520]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 SAVRT;SAVRT; - []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe /service []
S2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-07-28 497744]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe /service []
S2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe /service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccEvtMgr;Symantec Event Manager; - []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-15 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MysqlInventime;MysqlInventime; c:\mysql\bin\mysqld-nt MysqlInventime []
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
S3 SNDSrvc;Symantec Network Drivers Service; - []
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 ccProxy;Symantec Network Proxy; C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe [2005-03-21 218712]
S4 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2006-01-11 87696]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-01-11 235152]
S4 navapsvc;Service Norton AntiVirus Auto-Protect; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2003-12-04 158640]
S4 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-01-25 194272]
S4 SBService;ScriptBlocking Service; C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S4 SymWSC;SymWMI Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]

-----------------EOF-----------------








Et maintenant voici info.txt

Citation :

info.txt logfile of random's system information tool 1.06 2009-05-06 14:28:11

======Uninstall list======

-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
-->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 6.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-000000000001}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
Age of Empires III-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}
AnglaisFacile.com - Barre Verbes Irréguliers-->"C:\Program Files\AnglaisFacile.com\Barre Verbes Irréguliers\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Aztech CNR2900 V.90 Modem-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
BitDefender Antivirus 2008-->MsiExec.exe /I{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B}
CC_ccProxyMSI-->MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Contrôle Parental-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Cosmo Player 2.1 (38329)-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\CosmoSoftware\CosmoPlayer\CosmoPlayer21.isu"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe
EVEREST Corporate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
Favorit-->"c:\documents and settings\maxime\local settings\application data\wimgwos.exe" -uninstall
FinePixViewer Ver.4.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FM Modifier 2.22-->MsiExec.exe /I{AE86AE81-CD7F-496F-A39F-0210C985E71B}
Football Manager 2008-->"C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GameCenter-->C:\Program Files\Cyanide\GameCenter\uninstall.exe
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Jette7 version 1.0-->"C:\Program Files\Jette7\unins000.exe"
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
K-Lite Codec Pack 2.75 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
Labtec Mouse Software 3.0-->C:\Program Files\Labtec\Mouse\V3.0\uninst00.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\Setup.exe" -l040c
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
L'Internet ADSL de Cegetel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A16E2D86-7D92-48F4-9649-6029C96D4D8F}\Setup.exe" -l0x40c
Live-Player-->C:\Program Files\Live-Player\uninst.exe
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LRC Editor 4.0 (remove only)-->"C:\Program Files\LRC Editor 4\uninst-gsle4.exe"
Ma-Config.com plugin-->MsiExec.exe /I{BF85A9D4-030F-4D2A-83CF-D4DDA0D3E68C}
Macrogaming SweetIM 1.2a-->MsiExec.exe /X{872D953F-933F-4F8A-BDC9-A84AFA0098F4}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
MaxTV - TVU Player Plugin-->"C:\WINDOWS\MaxTV - TVU Player Plugin\uninstall.exe" "/U:C:\Program Files\DMV\MaxTV\plugins\Uninstall\uninstall.xml"
Mega Bloc Notes 5.2.0-->C:\Program Files\Mega Bloc Notes\desinstall.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-040C-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Migratio-->MsiExec.exe /I{5DA3411A-EABC-485A-A19E-7444BBD7B151}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Navilog1 Version 2.0.9-->"C:\Program Files\Navilog1\uninstall.exe"
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
OpenOffice.org 2.2-->MsiExec.exe /I{3B7E7EF8-1680-4894-9D35-86BAB9EEB6AC}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PokerTH-->C:\Program Files\PokerTH\uninstall.exe
QI98 v 4.50-->C:\WINDOWS\ST5UNST.EXE -n "c:\ST5UNST.LOG"
Questions pour un Champion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAF1D000-210B-11D9-B771-00C04F4351FF}\Setup.exe" -l0x40c
Quick Zip 4.60.017b-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Runtime 8.0 Libraries-->MsiExec.exe /I{EA4FA30B-7321-4428-90E9-28B088EC8DC9}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\302~1.9BE\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\302~1.9BE\Install.LOG
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SweetIM For Internet Explorer 1.0a-->MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
Vade Retro Outllook & Outlook Express-->C:\PROGRA~1\GOTOSO~1\VADERE~1\UNWISE.EXE C:\PROGRA~1\GOTOSO~1\VADERE~1\INSTALL.LOG
Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinHTTrack Website Copier 3.41-2-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Bitdefender Antivirus
AV: AVG Anti-Virus Free (disabled)
AV: Norton AntiVirus (disabled) (outdated)
FW: Norton Internet Security (disabled)

======System event log======

Computer Name: 202878480001
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 15333
Source Name: Service Control Manager
Time Written: 20090404200153.000000+120
Event Type: Informations
User:

Computer Name: 202878480001
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 15332
Source Name: Service Control Manager
Time Written: 20090404200150.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: 202878480001
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 15331
Source Name: Service Control Manager
Time Written: 20090404200148.000000+120
Event Type: Informations
User:

Computer Name: 202878480001
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 15330
Source Name: Service Control Manager
Time Written: 20090404200148.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: 202878480001
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 15329
Source Name: Service Control Manager
Time Written: 20090404200147.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: 202878480001
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 706
Source Name: SecurityCenter
Time Written: 20081114220242.000000+060
Event Type: Informations
User:

Computer Name: 202878480001
Event Code: 1
Message:
Record Number: 705
Source Name: Bonjour Service
Time Written: 20081114220238.000000+060
Event Type: Informations
User:

Computer Name: 202878480001
Event Code: 0
Message:
Record Number: 704
Source Name: gusvc
Time Written: 20081114220238.000000+060
Event Type: Informations
User:

Computer Name: 202878480001
Event Code: 20
Message:
Record Number: 703
Source Name: Google Update
Time Written: 20081114210604.000000+060
Event Type: erreur
User: 202878480001\maxime

Computer Name: 202878480001
Event Code: 20
Message:
Record Number: 702
Source Name: Google Update
Time Written: 20081114200602.000000+060
Event Type: erreur
User: 202878480001\maxime

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRA~1\FICHIE~1\SONICS~1;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

Répondre à Mister y2j
Destrio5   06-05-2009 à 16:41:09
- 0 +

Effectivement, fais ComboFix.

Vu que tu n'arrives pas à désactiver ton antivirus, continue quand même.

Répondre à Destrio5
Mister y2j   06-05-2009 à 18:48:00
- 0 +

Re. Voici le rapport Combo Fix.

[quote]ComboFix 09-05-05.04 - maxime 06/05/2009 18:28.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.767.464 [GMT 2:00]
Lancé depuis: c:\documents and settings\maxime\Bureau\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\maxime\Application Data\pidle
c:\documents and settings\maxime\Local Settings\Application Data\wimgwos.dat
c:\documents and settings\maxime\Local Settings\Application Data\wimgwos.exe
c:\documents and settings\maxime\Local Settings\Application Data\wimgwos_nav.dat
c:\documents and settings\maxime\Local Settings\Application Data\wimgwos_navps.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\afnoinkdsfe.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ak1.exe
c:\windows\system32\awuzumap.ini
c:\windows\system32\drivers\ovfsthhpqibchtcxrpopqfquumqnmxbyrwhwgp.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\herawuve.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\kebajuvi.exe
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\loader49.exe
c:\windows\system32\mudagisi.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\ovfsthapiupepoacbhxpoiaxtdutbqalpetmvo.dll
c:\windows\system32\ovfsthbftwbgmlexgkduukhaveusytxmttpkld.dat
c:\windows\system32\ovfsthdwpcycryswkvnykdbyuiovfhnulexiow.dll
c:\windows\system32\ovfsthjyimspehjwkpujobovvfxrgnseqrndes.dat
c:\windows\system32\ovfsthwlwsvchrxkuqdrbqokkvdkoerqpfggnq.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\pamuzuwa.dll
c:\windows\system32\Process.exe
c:\windows\system32\rolivepa.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yhs783ijfo3fe.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthtnxrxvirxerxepmavsievobabvwtbvoq


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-06 au 2009-05-06 ))))))))))))))))))))))))))))))))))))
.

2009-05-06 12:27 . 2009-05-06 12:28 -------- d-----w C:\rsit
2009-05-02 20:00 . 2008-11-06 00:03 -------- d-----w C:\SDFix
2009-05-02 19:55 . 2009-05-02 19:55 -------- d-----w c:\documents and settings\maxime\Local Settings\Application Data\Opera
2009-05-01 10:33 . 2009-05-01 10:33 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-04-26 20:48 . 2009-04-26 20:48 -------- d-----w c:\program files\Fichiers communs\DVDVIDEOSOFT
2009-04-15 10:45 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-15 10:45 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 10:45 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 10:45 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 10:45 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 10:45 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 10:45 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 10:45 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:45 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 10:45 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 10:44 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 10:44 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 11:30 . 2009-05-06 11:30 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys.prepare
2009-05-06 11:30 . 2009-05-06 11:30 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys.prepare
2009-05-02 19:54 . 2008-04-17 17:55 -------- d-----w c:\program files\Opera
2009-04-17 19:34 . 2006-12-24 13:53 -------- d-----w c:\program files\LimeWire
2009-04-16 10:13 . 2004-08-16 15:41 76136 ----a-w c:\windows\system32\perfc00C.dat
2009-04-16 10:13 . 2004-08-16 15:41 469622 ----a-w c:\windows\system32\perfh00C.dat
2009-04-07 15:35 . 2008-02-24 15:49 -------- d-----w c:\program files\Dofus
2009-04-05 21:22 . 2009-04-05 21:22 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-02 16:42 . 2009-04-02 16:42 -------- d-----w c:\program files\Microsoft
2009-04-02 16:41 . 2009-04-02 16:41 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 16:41 . 2008-05-11 23:19 -------- d-----w c:\program files\Windows Live
2009-03-29 13:39 . 2009-03-22 21:03 -------- d-----w c:\program files\Privacy center
2009-03-17 20:11 . 2009-03-17 20:11 -------- d-----w c:\program files\FM Modifier 2.2
2009-03-06 14:46 . 2008-05-09 19:13 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-16 15:41 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2008-05-09 19:15 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 10:48 . 2009-02-20 10:48 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-20 10:48 . 2008-12-15 20:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-09 14:17 . 2008-05-09 20:24 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:50 . 2008-05-09 20:24 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2008-05-09 20:24 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2008-05-09 20:25 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2008-05-09 20:25 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2008-05-09 19:13 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2008-05-09 20:24 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2008-05-09 20:24 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2004-08-16 15:41 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2007-09-30 10:56 . 2006-11-15 18:04 11264 --sha-w c:\program files\Thumbs.db
2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.drv120405.dat
2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.data211204.dat
2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.data211004.dat
2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.data110704.dat
2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.dat000002.dat
2006-12-01 16:30 . 2006-12-01 16:30 8 --sh--w c:\program files\.dat000001.dat
2006-10-21 10:34 . 2007-05-20 12:02 544 ----a-w c:\program files\como instalar.txt
2006-09-26 16:55 . 2007-05-20 12:02 49167680 ----a-w c:\program files\Setup FM2007 PC.exe
2006-09-26 16:55 . 2007-05-20 12:02 389623 ----a-w c:\program files\Install FM2007 Mac.command
2006-09-26 16:55 . 2007-05-20 12:02 456062653 ----a-w c:\program files\setup.jar
2006-09-26 16:52 . 2007-05-20 12:02 13 ----a-w c:\program files\media.inf
2006-09-26 14:21 . 2007-05-20 12:02 46592 ----a-w c:\program files\DrvMgt.dll
2006-09-26 14:21 . 2007-05-20 12:02 163644 ----a-w c:\program files\SECDRV.SYS
2006-09-12 15:08 . 2007-05-20 12:02 4233 ----a-w c:\program files\readme_English.txt
2006-09-11 14:12 . 2007-05-20 12:02 23040 ----a-w c:\program files\autorun.exe
2006-04-19 16:06 . 2006-04-19 16:06 774144 ----a-w c:\program files\RngInterstitial.dll
2006-03-15 17:43 . 2006-04-17 13:43 4286 ----a-w c:\program files\wrench.ico
2006-03-15 13:46 . 2006-04-17 13:43 2238 ----a-w c:\program files\888.com.ico
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\SoftwareDistribution\Download\23e3f66e5660f16f52de7bb365a4a4e4\sp2gdr\tcpip.sys
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\SoftwareDistribution\Download\23e3f66e5660f16f52de7bb365a4a4e4\sp2qfe\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
[-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-23 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\maxime\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-31 143360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-20 10:48 10520 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
backup=c:\windows\pss\Antivirus Firewall.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AUtHorizedapplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7072:TCP"= 7072:TCP:Microsoft standard protector

R0 konutzbq;Microsoft RPC API Helper;c:\windows\system32\drivers\srfonkog.sys --> c:\windows\system32\drivers\srfonkog.sys [?]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/12/2008 22:11 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/02/2009 12:48 298264]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [12/07/2008 20:22 6016]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [01/01/1980 751104]
R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [03/11/2008 11:47 264576]
S2 OPTENET_FILTER;Securitoo Contrôle Parental;c:\program files\Securitoo\Contrôle Parental\bin\optproxy.exe [02/04/2006 15:05 497744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rlssedmt
ki?
.
Contenu du dossier 'Tâches planifiées'

2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-16 18:58]

2009-05-01 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-22 19:06]

2009-05-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-23 11:39]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
HKCU-Run-wimgwos - c:\documents and settings\maxime\local settings\application data\wimgwos.exe
HKLM-Run-prnet - c:\windows\system32\prnet.tmp
HKLM-Run-kizanewezi - c:\windows\system32\romezeju.dll
HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\qsmxf.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\herawuve.dll
SharedTaskScheduler-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
SharedTaskScheduler-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - c:\windows\system32\afnoinkdsfe.dll


.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr/
FF - component: c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\extensions\{009b1404-eea3-44a5-8aab-910f8be039a2}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\extensions\{d4131e21-73f9-4b4d-97dc-49b34dfa34f2}\components\FFAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 18:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008"
"SaveDir"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008\\"
"HistoryDir"="c:\\Documents and Settings\\maxime\\Bureau\\FM Genie Scout 2008\\History Points"
"LangDB"=""
"LastSaveGame"="c:\\Documents and Settings\\maxime\\Mes documents\\Sports Interactive\\Football Manager 2008\\games\\CFA.fm"
"Language"="French"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"Currency"=dword:00000056
"WindowHeight"=dword:00000365
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:00000042
"WindowTop"=dword:00000000
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000067
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:0000004f
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000042
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000054
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:0000004f
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:00000044
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000067
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:00000092
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000078
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000079
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000042
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000074
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000005f
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000049
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000066
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000032

[HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-4283456765-272452730-2726728733-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:0000006c
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006e
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000069
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:0000006a
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000069
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000068
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=

Répondre à Mister y2j
Mister y2j   06-05-2009 à 18:50:45
- 0 +

(Suite)

"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3076)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\documents and settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
.
**************************************************************************
.
Heure de fin: 2009-05-06 18:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-06 16:45
ComboFix2.txt 2008-12-28 13:53
ComboFix3.txt 2008-12-27 21:07

Avant-CF: 85 429 051 392 octets libres
Après-CF: 85 466 779 648 octets libres

Répondre à Mister y2j
Destrio5   06-05-2009 à 19:16:16
- 0 +

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.


  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Répondre à Destrio5
Mister y2j   06-05-2009 à 20:24:35
- 0 +

Où se trouve le rapport ? Ensuite que j'ai quitté le navigateur, puis que le rapport apparaisse, mon ordi a redémarré. Merci.

Répondre à Mister y2j
Destrio5   06-05-2009 à 20:35:01
- 0 +

Dans MBAM, onglet Rapports/Logs.

Répondre à Destrio5
Mister y2j   06-05-2009 à 20:44:30
- 0 +

Merci. Voici le rapport.


Citation :


Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600 Service Pack 2

06/05/2009 20:17:40
mbam-log-2009-05-06 (20-17-40).txt

Type de recherche: Examen rapide
Eléments examinés: 101375
Temps écoulé: 6 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\spbho.tiebho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\dbases (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\keys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\temp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\keys\cg.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\keys\rd.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\keys\sc.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\keys\sp.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\maxime\Application Data\Privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\DrvMgt.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.

Répondre à Mister y2j
Destrio5   06-05-2009 à 23:39:42
- 0 +

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.


/!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur le raccourci d'Ad-Remover situé sur ton Bureau.

(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)

  • Au menu principal, choisis l'option A.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-Scan-(date).log).


(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Répondre à Destrio5
Mister y2j   07-05-2009 à 17:21:26
- 0 +

Voici le rapport :

Citation :



------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

Updated by C_XX on 05/05/2009 at 21:20
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at: 16:59:42, 07/05/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: 202878480001
Current User: maxime - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: UDF)

============ Known Adwares Found ============

.
HKCU\Software\VB and VBA Program Settings\eurobarre
.
C:\Documents and Settings\maxime\Menudm~1\Progra~1\Eurobarre
C:\Documents and Settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\EBSuggestHistory

+-----------------| Eorezo Elements Found:

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
.
C:\Program Files\EoRezo
C:\Documents and Settings\maxime\Application Data\EoRezo

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKCU\Software\SWEETIE
HKLM\Software\Classes\TypeLib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKLM\Software\Classes\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKLM\Software\Macrogaming
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\WINDOWS\Installer\78aac2.msi
C:\WINDOWS\Installer\78aac7.msi
C:\Program Files\Macrogaming

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: uccy25lm.default (maxime)
.
Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
Prefs.js: Browser.Search.SelectedEngine: "Google"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
.
(Prefs.js) FOUND: user_pref("CT1587331.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx" );
(Prefs.js) FOUND: user_pref("CT1587331.CTPBaseServerUrl", "http://services.conduit.com/" );
(Prefs.js) FOUND: user_pref("CT1587331.Server", "http://users.conduit.com" );
(Prefs.js) FOUND: user_pref("CT1765355.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx" );
(Prefs.js) FOUND: user_pref("CT1765355.CTPBaseServerUrl", "http://services.conduit.com/" );
(Prefs.js) FOUND: user_pref("CT1765355.Server", "http://users.conduit.com" );
.
.
.
.

+---------------------------------------------------------------------------+

6419 Byte(s) - C:\Ad-Report-Scan-07.05.2009.log


End at: 17:17:38 | 07/05/2009
.
+-----------------| E.O.F




A noter un message d'erreur à un moment :

http://www.noelshack.com/voir/130309/pic081418.JPG

Répondre à Mister y2j
Destrio5   07-05-2009 à 17:26:24
- 0 +

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le raccourci d'Ad-Remover pour le lancer.

(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)

  • Au menu principal, choisis l'option B.


  • Coche A à l'écran de sélection :


http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

  • Puis choisis S, le programme va travailler.


  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-Clean-(date).log).


/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\

Répondre à Destrio5
Mister y2j   07-05-2009 à 18:20:13
- 0 +

Voilà le rapport !

Citation :


------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

Updated by C_XX on 05/05/2009 at 21:20
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

**** LIMITED TO ****

Known Adwares
Eorezo
It's TV
Sweetim

********************

Start at: 17:54:53, 07/05/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: 202878480001
Current User: maxime - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: UDF)

(!) ---- IE start pages/Tabs reset

============ Known Adwares Deleted ============

.
HKCU\Software\VB and VBA Program Settings\eurobarre
.
C:\Documents and Settings\maxime\Menudm~1\Progra~1\Eurobarre
C:\Documents and Settings\maxime\Application Data\Mozilla\Firefox\Profiles\uccy25lm.default\EBSuggestHistory

+-----------------| Eorezo Elements Deleted :

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
.
C:\Program Files\EoRezo
C:\Documents and Settings\maxime\Application Data\EoRezo

+-----------------| It's TV Elements Deleted :

.

+-----------------| Sweetim Elements Deleted :

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKCU\Software\SWEETIE
HKLM\Software\Macrogaming
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\WINDOWS\Installer\78aac2.msi
C:\WINDOWS\Installer\78aac7.msi
C:\Program Files\Macrogaming

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.



+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: uccy25lm.default (maxime)
.
Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
Prefs.js: Browser.Search.SelectedEngine: "Google"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
.
(Prefs.js) REMOVED: user_pref("CT1587331.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx" );
(Prefs.js) REMOVED: user_pref("CT1587331.CTPBaseServerUrl", "http://services.conduit.com/" );
(Prefs.js) REMOVED: user_pref("CT1587331.Server", "http://users.conduit.com" );
(Prefs.js) REMOVED: user_pref("CT1765355.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx" );
(Prefs.js) REMOVED: user_pref("CT1765355.CTPBaseServerUrl", "http://services.conduit.com/" );
(Prefs.js) REMOVED: user_pref("CT1765355.Server", "http://users.conduit.com" );
.
.
.
.

+---------------------------------------------------------------------------+



Répondre à Mister y2j
Destrio5   07-05-2009 à 18:33:34
- 0 +

  • Désinstalle Ad-Remover.


  • Relance MBAM, va dans Quarantaine et supprime tout.


  • Menu Démarrer > Exécuter > Tape combofix /u et valide.


  • Refais un scan RSIT et poste le rapport log.

Répondre à Destrio5
Mister y2j   07-05-2009 à 18:45:02
- 0 +

Pour l'étape 3, cela dit "Windows ne trouve pas combofix" ! ...

Répondre à Mister y2j
Destrio5   07-05-2009 à 18:48:43
- 0 +

Ce n'est pas grave.

RSIT : Random's System Information Tool

Répondre à Destrio5
Mister y2j   07-05-2009 à 18:53:29
- 0 +

Merci, où le trouver RSIT ? Je l'ai déjà téléchargé ?

Répondre à Mister y2j
Destrio5   07-05-2009 à 18:55:19
- 0 +

Oui, tout au début.

Répondre à Destrio5
Mister y2j   07-05-2009 à 19:03:42
- 0 +

Logfile of random's system information tool 1.06 (written by random/random)
Run by maxime at 2009-05-07 19:02:52
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 81 GB (55%) free of 147 GB
Total RAM: 767 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:09, on 07/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\maxime\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\maxime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

[DeleteTemplates.reg]
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

[Strings]
START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
O14 - IERESET.INF: CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

[DeleteTemplates.reg]
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

[Strings]
START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 9025 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-20 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe [2003-05-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-20 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
- []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe [2006-10-07 958464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2004-10-08 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-04-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-01-01 95960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2004-08-05 144384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe [2004-01-27 70760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2006-02-16 295936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vaderetro Outlook]
C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe [2006-07-22 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [2009-03-25 161776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2
"SNDSrvc"=2
"SBService"=2
"SAVScan"=3
"navapsvc"=3
"ccSetMgr"=2
"ccPwdSvc"=3
"ccProxy"=2
"ccEvtMgr"=2

C:\Documents and Settings\maxime\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-20 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142ad468-7af3-11da-821b-806d6172696f}]
shell\AutoRun\command - E:\autorun.exe


======List of files/folders created in the last 1 months======

2009-05-07 16:59:22 ----D---- C:\Program Files\Ad-remover
2009-05-06 20:45:31 ----SHD---- C:\RECYCLER
2009-05-06 19:53:18 ----D---- C:\Documents and Settings\maxime\Application Data\Malwarebytes
2009-05-06 19:53:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-06 19:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-06 18:45:19 ----D---- C:\WINDOWS\temp
2009-05-06 18:45:17 ----A---- C:\ComboFix.txt
2009-05-06 14:27:23 ----D---- C:\rsit
2009-05-06 13:30:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll.prepare
2009-05-02 22:04:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-02 22:00:47 ----D---- C:\SDFix
2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT

======List of files/folders modified in the last 1 months======

2009-05-07 18:18:41 ----D---- C:\Program Files\Mozilla Firefox
2009-05-07 18:13:13 ----D---- C:\WINDOWS
2009-05-07 18:13:12 ----RD---- C:\Program Files
2009-05-07 18:12:51 ----SHD---- C:\WINDOWS\Installer
2009-05-07 17:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 16:31:41 ----SD---- C:\WINDOWS\Tasks
2009-05-07 16:31:36 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.90 Modem.txt
2009-05-06 22:45:08 ----D---- C:\Documents and Settings\maxime\Application Data\OpenOffice.org2
2009-05-06 21:41:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-06 20:18:38 ----D---- C:\WINDOWS\system32\drivers
2009-05-06 20:18:38 ----D---- C:\WINDOWS\system32
2009-05-06 19:53:18 ----D---- C:\WINDOWS\Prefetch
2009-05-06 18:45:21 ----D---- C:\Qoobox
2009-05-06 18:43:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-06 18:38:35 ----A---- C:\WINDOWS\system.ini
2009-05-06 18:35:07 ----D---- C:\WINDOWS\system32\config
2009-05-06 18:34:52 ----D---- C:\WINDOWS\ERDNT
2009-05-06 18:32:32 ----D---- C:\WINDOWS\AppPatch
2009-05-06 18:32:22 ----D---- C:\Program Files\Fichiers communs
2009-05-06 13:31:56 ----D---- C:\WINDOWS\Minidump
2009-05-05 23:11:07 ----D---- C:\Documents and Settings\maxime\Application Data\uTorrent
2009-05-05 15:27:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-04 23:37:53 ----A---- C:\WINDOWS\win.ini
2009-05-04 21:48:59 ----HD---- C:\$AVG8.VAULT$
2009-05-02 21:54:58 ----HD---- C:\Config.Msi
2009-05-02 21:54:50 ----D---- C:\Program Files\Opera
2009-05-02 16:27:31 ----A---- C:\Documents and Settings\maxime\Application Data\QuickZip45.ini
2009-05-01 15:36:46 ----A---- C:\WINDOWS\VFIND.exe
2009-05-01 14:46:51 ----A---- C:\rapport.txt
2009-05-01 14:39:26 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-01 12:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 12:34:28 ----D---- C:\WINDOWS\Debug
2009-04-29 22:20:19 ----HD---- C:\WINDOWS\inf
2009-04-29 22:20:14 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-29 14:09:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-26 23:41:05 ----D---- C:\Documents and Settings\maxime\Application Data\AVGTOOLBAR
2009-04-17 21:34:25 ----D---- C:\Program Files\LimeWire
2009-04-16 12:13:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 12:08:02 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 03:25:38 ----D---- C:\WINDOWS\system32\fr-fr
2009-04-16 03:25:38 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-05 41600]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-20 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-20 27656]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 Cap713x;Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 751104]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-10-07 62592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-02-16 210128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968]
R3 RTL8187B;TG123g USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-02-16 516616]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-01-21 11544]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-01-21 172216]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-01-21 35000]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20080508.002\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-01-21 46808]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368]
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-27 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-02-16 1293192]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060520.005\NavEx15.Sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-02-05 162136]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-02-16 85520]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 SAVRT;SAVRT; - []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe /service []
S2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-07-28 497744]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe /service []
S2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe /service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccEvtMgr;Symantec Event Manager; - []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-15 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MysqlInventime;MysqlInventime; c:\mysql\bin\mysqld-nt MysqlInventime []
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
S3 SNDSrvc;Symantec Network Drivers Service; - []
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 ccProxy;Symantec Network Proxy; C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe [2005-03-21 218712]
S4 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2006-01-11 87696]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-01-11 235152]
S4 navapsvc;Service Norton AntiVirus Auto-Protect; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2003-12-04 158640]
S4 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-01-25 194272]
S4 SBService;ScriptBlocking Service; C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S4 SymWSC;SymWMI Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]

-----------------EOF-----------------

Répondre à Mister y2j
Destrio5   07-05-2009 à 19:20:08
- 0 +

  • Supprime les traces de Norton avec ceci.


  • Supprime les traces de BitDefender avec ceci.


  • Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.
  • Double-clique sur Navilog1.exe afin de lancer l'installation.
  • Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.

(Sous Vista, clique droit sur le raccourci de Navilog1 et choisis Exécuter en tant qu'administrateur)

  • Appuie sur F ou f puis valide par Entrée.
  • Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
  • Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
  • Patiente jusqu'au message : *** Analyse terminée le ..... ***
  • Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.
  • Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt


N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

Répondre à Destrio5
Mister y2j   07-05-2009 à 21:03:02
- 0 +

Voici le rapport !!!



Search Navipromo version 3.7.6 commencé le 07/05/2009 à 20:47:54,01

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : maxime ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)


C:\ (Local Disk) - NTFS - Total:144 Go (Free:101 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\maxime\applic~1" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ANDR~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\annie\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\EMULE_~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\jerome\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\maxime\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\annie\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\jerome\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\maxime\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ANDR~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\annie\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\EMULE_~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\jerome\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\maxime\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\annie\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\jerome\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\maxime\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\annie\locals~1\applic~1" :


* Dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\jerome\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 07/05/2009 à 21:01:43,50 ***

Répondre à Mister y2j
Destrio5   07-05-2009 à 21:14:22
- 0 +

  • Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).


---> Les programmes suivants installent cette infection :

  • Funky Emoticons
  • Games Attack
  • Go-Astro
  • GoRecord
  • HotTVPlayer
  • Live-Player
  • MailSkinner
  • Messenger Skinner
  • Instant Access
  • InternetGameBox
  • Sudoplanet
  • WebMediaPlayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/

Répondre à Destrio5
Mister y2j   07-05-2009 à 22:00:37
- 0 +

Rapport :


Clean Navipromo version 3.7.6 commencé le 07/05/2009 à 21:52:24,90

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : maxime ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)


C:\ (Local Disk) - NTFS - Total:144 Go (Free:101 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\maxime\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\annie\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\jerome\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\Live-Player ...suppression...
...\Live-Player supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\maxime\applic~1" ***

...\Live-Player ...suppression...
...\Live-Player supprimé !


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ANDR~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\annie\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\EMULE_~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\jerome\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\maxime\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\annie\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\jerome\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\maxime\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ANDR~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\annie\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\EMULE_~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\jerome\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\maxime\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\maxime\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ANDR~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\annie\locals~1\applic~1" *


* Dans "C:\DOCUME~1\EMULE_~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\jerome\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 07/05/2009 à 21:58:07,57 ***

Répondre à Mister y2j
Destrio5   07-05-2009 à 22:02:38
- 0 +

  • Désinstalle Navilog1.


  • Refais un scan RSIT et poste le rapport log.

Répondre à Destrio5
Mister y2j   07-05-2009 à 22:42:32
- 0 +

Logfile of random's system information tool 1.06 (written by random/random)
Run by maxime at 2009-05-07 22:41:42
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 103 GB (70%) free of 147 GB
Total RAM: 767 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:02, on 07/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\maxime\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\maxime.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

[DeleteTemplates.reg]
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

[Strings]
START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
O14 - IERESET.INF: CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

[DeleteTemplates.reg]
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

[DeleteAutosearch.reg]
; NOTE (andrewgu) ie5.5 b#108259 - autosearch settings are not properly reset
HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

[Strings]
START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
SEARCH_PAGE_URL="http://www.microsoft.com/isapi/
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8411 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe [2003-05-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-20 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
- []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe [2006-10-07 958464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\Apps\Powercinema\PCMService.exe [2004-10-08 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-04-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2004-08-05 144384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2004-10-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2006-02-16 295936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vaderetro Outlook]
C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe [2006-07-22 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\fspex.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [2009-03-25 161776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2
"SNDSrvc"=2
"SBService"=2
"SAVScan"=3
"navapsvc"=3
"ccSetMgr"=2
"ccPwdSvc"=3
"ccProxy"=2
"ccEvtMgr"=2

C:\Documents and Settings\maxime\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\maxime\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-20 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\maxime\Local Settings\temp\7zS210.tmp\SymNRT.exe"="C:\Documents and Settings\maxime\Local Settings\temp\7zS210.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\maxime\Local Settings\temp\7zS212.tmp\SymNRT.exe"="C:\Documents and Settings\maxime\Local Settings\temp\7zS212.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142ad468-7af3-11da-821b-806d6172696f}]
shell\AutoRun\command - E:\Launcher.exe


======List of files/folders created in the last 1 months======

2009-05-07 21:52:24 ----A---- C:\cleannavi.txt
2009-05-07 21:40:45 ----D---- C:\Documents and Settings\maxime\Application Data\Pro Cycling Manager 2008
2009-05-07 16:59:22 ----D---- C:\Program Files\Ad-remover
2009-05-06 20:45:31 ----SHD---- C:\RECYCLER
2009-05-06 19:53:18 ----D---- C:\Documents and Settings\maxime\Application Data\Malwarebytes
2009-05-06 19:53:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-06 19:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-06 18:45:19 ----D---- C:\WINDOWS\temp
2009-05-06 18:45:17 ----A---- C:\ComboFix.txt
2009-05-06 14:27:23 ----D---- C:\rsit
2009-05-06 13:30:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll.prepare
2009-05-02 22:00:47 ----D---- C:\SDFix
2009-04-26 22:48:47 ----D---- C:\Program Files\Fichiers communs\DVDVIDEOSOFT

======List of files/folders modified in the last 1 months======

2009-05-07 22:41:58 ----D---- C:\WINDOWS\Prefetch
2009-05-07 22:40:42 ----D---- C:\Program Files\Navilog1
2009-05-07 22:05:45 ----D---- C:\Program Files\Mozilla Firefox
2009-05-07 21:58:07 ----D---- C:\WINDOWS\system32
2009-05-07 21:57:16 ----RD---- C:\Program Files
2009-05-07 21:57:07 ----D---- C:\WINDOWS
2009-05-07 21:56:58 ----SD---- C:\WINDOWS\Tasks
2009-05-07 21:56:54 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.90 Modem.txt
2009-05-07 21:55:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 21:48:13 ----D---- C:\WINDOWS\system32\drivers
2009-05-07 21:37:36 ----SHD---- C:\WINDOWS\Installer
2009-05-07 21:37:36 ----HD---- C:\Config.Msi
2009-05-07 21:37:16 ----RSD---- C:\WINDOWS\assembly
2009-05-07 21:34:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-07 21:34:05 ----D---- C:\WINDOWS\WinSxS
2009-05-07 21:33:33 ----HD---- C:\WINDOWS\inf
2009-05-07 21:27:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-07 21:27:34 ----D---- C:\WINDOWS\system32\DirectX
2009-05-07 21:17:16 ----D---- C:\Program Files\Cyanide
2009-05-07 21:01:43 ----A---- C:\fixnavi.txt
2009-05-07 20:47:04 ----D---- C:\WINDOWS\Minidump
2009-05-07 19:40:55 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-05-06 22:45:08 ----D---- C:\Documents and Settings\maxime\Application Data\OpenOffice.org2
2009-05-06 21:41:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-06 18:45:21 ----D---- C:\Qoobox
2009-05-06 18:38:35 ----A---- C:\WINDOWS\system.ini
2009-05-06 18:35:07 ----D---- C:\WINDOWS\system32\config
2009-05-06 18:34:52 ----D---- C:\WINDOWS\ERDNT
2009-05-06 18:32:32 ----D---- C:\WINDOWS\AppPatch
2009-05-06 18:32:22 ----D---- C:\Program Files\Fichiers communs
2009-05-05 23:11:07 ----D---- C:\Documents and Settings\maxime\Application Data\uTorrent
2009-05-05 15:27:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-04 23:37:53 ----A---- C:\WINDOWS\win.ini
2009-05-04 21:48:59 ----HD---- C:\$AVG8.VAULT$
2009-05-02 21:54:50 ----D---- C:\Program Files\Opera
2009-05-02 16:27:31 ----A---- C:\Documents and Settings\maxime\Application Data\QuickZip45.ini
2009-05-01 15:36:46 ----A---- C:\WINDOWS\VFIND.exe
2009-05-01 14:46:51 ----A---- C:\rapport.txt
2009-05-01 14:39:26 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-01 12:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 12:34:28 ----D---- C:\WINDOWS\Debug
2009-04-29 22:20:14 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-29 14:09:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-26 23:41:05 ----D---- C:\Documents and Settings\maxime\Application Data\AVGTOOLBAR
2009-04-17 21:34:25 ----D---- C:\Program Files\LimeWire
2009-04-16 12:08:02 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 03:25:38 ----D---- C:\WINDOWS\system32\fr-fr
2009-04-16 03:25:38 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-05 41600]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-20 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-20 27656]
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 Cap713x;Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 751104]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-10-07 62592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-02-16 210128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968]
R3 RTL8187B;TG123g USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-02-16 516616]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\maxime\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-27 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-02-16 1293192]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-02-05 162136]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-02-16 85520]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-07-28 497744]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-15 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MysqlInventime;MysqlInventime; c:\mysql\bin\mysqld-nt MysqlInventime []
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

Répondre à Mister y2j
Destrio5   07-05-2009 à 23:02:07
- 0 +

Ton PC va mieux ?

  • Désinstalle les programmes suivants :

- J2SE Runtime Environment 5.0 Update 6
- Java SE Runtime Environment 6



  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :


:processes
explorer.exe

:files
C:\WINDOWS\system32\tmp.txt

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]

:commands
[purity]
[emptytemp]
[reboot]



  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.


---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log

Répondre à Destrio5
Mister y2j   11-05-2009 à 21:05:45
- 0 +

Désolé pour le retard. j'en suis à la dernière étape, cependant j'ai une question : Tout semble bloqué, je ne peut pas quitter le logiciel, l'ordi ne redémarre pas que faut-il faire ? Les icones du bureau ne s'affichent pas, et lorsque je clic "sur" le logiciel, ça fait un bruit.

Sinon tout les vidéos (youtube, dailymotion) se stoppent toutes les 5 secondes, et il faut cliquer pour que ca continue et ainsi de suite. Comment y remédier ?

Répondre à Mister y2j
Destrio5   11-05-2009 à 21:22:20
- 0 +

Depuis quand as-tu ce problème ?

Répondre à Destrio5
Mister y2j   11-05-2009 à 21:35:33
- 0 +

Eh bien c'est la première fois que j'ai essayé le logiciel (OTM...) et ça a bugé. Sinon pour les vidéos c'est depuis aujourd'hui (peut-être hier). Aucun soucis pour les vidéos que j'ai sur mon ordi, c'est pour le streaming.

Répondre à Mister y2j
Destrio5   12-05-2009 à 03:33:34
- 0 +

Peut-être un problème passager avec ta connexion.

Répondre à Destrio5
Mister y2j   12-05-2009 à 18:12:07
- 0 +

OK. Sinon je fait comment pour continuer l'étape avec OtMoveIt sachant que ça bloque ??? Passage à une étape suivante ? L'ordi toujours très lent, bien qu'il y ait moins de bugs et de ralentissement sur Internet.

Répondre à Mister y2j
Destrio5   12-05-2009 à 18:16:59
- 0 +

1/

  • Désinstalle HijackThis.


  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).



2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).



3/



4/

Répondre à Destrio5
Mister y2j   14-05-2009 à 17:33:31
- 0 +

Est-ce grave si dès que Toolscleaner 2 est lancé, ça met "ne répond pas" avec le sablier ? Sinon depuis que j'ai lancé internet il y a quelques heures, la navigation sur le web est quasi-IMPOSSIBLE, pour aller sur ce topic j'ai mis 20 minutes, chaque page de ce forum met 3 à 5 minutes pour s'ouvrir, sans mentir ...

Répondre à Mister y2j
Mister y2j   14-05-2009 à 17:41:00
- 0 +

Voici pour le grand 1.


[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\SDFIX: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\QuickTime\history\units\avenger.txt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\Program Files\QuickTime\history\units\avenger.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !



Je passe à l'étape suivante.

Répondre à Mister y2j
Mister y2j   15-05-2009 à 00:30:23
- 0 +

Défragmentation enfin terminée ...

Répondre à Mister y2j
Mister y2j   15-05-2009 à 17:03:18
- 0 +

Je fais quoi maintenant ? Y'a t-il un rapport a posté que j'ai oublié ? A noter que l'ordinateur va 1000 fois plus vite qu'hier, aucun soucis à aller sur le forum etc.. cependant je sais pas si c'est finit ...

Répondre à Mister y2j
Destrio5   15-05-2009 à 17:12:54
- 0 +

Tu peux supprimer ToolsCleaner.

Tu n'as plus de souci ?

Répondre à Destrio5
Mister y2j   16-05-2009 à 13:42:58
- 0 +

OK,merci pour ton aide. L'ordinateur va beaucoup plus vite, j'ai plus aucun soucis sauf un qui persiste : Sur google, lorsque je clic sur un lien ça m'emmène ailleurs, je suis obligé de copier l'url pour accéder au site !

Répondre à Mister y2j
Destrio5   16-05-2009 à 13:44:09
- 0 +

Ça t'emmène où ?

Répondre à Destrio5
Mister y2j   16-05-2009 à 18:29:54
- 0 +

Par exemple tout à l'heure ça m'a emmené sur un site d'un association pour les enfants pauvres, puis sur un site écologiste et à l'instant sur un site faisait de la pub pour des jeux de portables.

Répondre à Mister y2j
Destrio5   17-05-2009 à 16:36:04
- 0 +

  • Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.
  • Double-clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton Bureau.)

Répondre à Destrio5
Mister y2j   17-05-2009 à 20:46:31
- 0 +

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 19:06:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Répondre à Mister y2j
Mister y2j   18-05-2009 à 19:14:09
- 0 +

Aujourd'hui l'ordi lag assez,on dirait que c'est aléatoire ...

Répondre à Mister y2j
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Pub intempestive + lag + redirection pub (ordi = poubelle)
Aller à :

Il y a 1724 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,435 secondes
Liens