Tom's Guide > Forum > Sécurité - Virus > scan avec hijackthis

scan avec hijackthis - Page 2

Forum Sécurité - Virus : scan avec hijackthis

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Angeldark   17-05-2006 à 21:21:53
- 0 +

Reprise du message précédent :
Re,

Desinstalle si possible
Media-Codec
Yazzle Sudoku

Télécharge : Pocket KillBox

Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
Selectionne le texte dans le cadre:

Citation :

c:\windows\system32\vx.tll
c:\program files\internet explorer\winbrume.dat
c:\program files\Media-Codec
c:\program files\Yazzle Sudoku
C:\lo448422522.exe
C:\WINDOWS\6zf15tcd.exe
C:\WINDOWS\ch6wwsrd.exe
C:\WINDOWS\f7r4dgun.exe
C:\WINDOWS\hekiuxr4.exe
C:\WINDOWS\nw2t25w1.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\z6drtb2b.exe
C:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix



Clique droit puis Copier.
----------

. Ouvre Killbox.exe
. Choisis "Delete on reboot"
. Clique sur "File" et ensuite "Paste from Clipboard"
. Clique sur All Files
. Clique sur le rond rouge avec une croix blanche.
. Repond par "oui", ton pc va redemarrer.
----------

Supprime ce dossier : C:\!KillBox
----------

Passe un coup de Ccleaner

Dans Executer tape Regedit puis supprime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-4734-477F-8257-27CD04F88779}

Répondre à Angeldark
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
lo38   17-05-2006 à 21:45:29
- 0 +

C'est tout bon. Je relance panda encore un coup.

Merci

Répondre à lo38
lo38   17-05-2006 à 22:36:27
- 0 +

Voici le rapport du scan en ligen avec panda.

merci pour votre aide



Incident Statut Analyse

Adware:adware/vog No Désinfecté Registre Windows
Adware:adware/savenow No Désinfecté Registre Windows
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@atdmt[1].txt
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\Process.exe

Répondre à lo38
ricileprogramatteur   18-05-2006 à 17:35:42
- 0 +

nettoie avec CCleaner et relance un scan panda stp
@+ dsl pour le retard

Répondre à ricileprogramatteur
lo38   18-05-2006 à 19:03:27
- 0 +

salut voici le résultat du scan avec panda.

merci pour ton aide

A+


Incident Statut Analyse

Adware:adware/vog No Désinfecté Registre Windows
Adware:adware/savenow No Désinfecté Registre Windows
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@advertising[1].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@bluestreak[2].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@doubleclick[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@xiti[1].txt
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\Process.exe

Répondre à lo38
Angeldark   18-05-2006 à 19:05:53
- 0 +

On continue.

Fais des scans avec:

- Antitroyen gratuit, par exemple.
Il est nécessaire de s'enregistrer pour bénéficier des mises à jour

- Antispywares/Antiadwares gratuits, par exempleAd Aware SE Personal
et son tutorial
et Spybot Search and Destroy
et son tutorial

Répondre à Angeldark
lo38   18-05-2006 à 19:57:17
- 0 +

Résultat du scan avec A²



a-squared Report
Scan Started: 18/05/2006 19:20:38
Scan Finished: 18/05/2006 19:54:31
Scanning Time: 0h 33min 53sec
Scanned Files: 105640
Infected Files: 71

Nom du fichier Diagnostic
Key: HKEY_CURRENT_USER\software\install Trace.Registry.AdClicker
Key: HKEY_CLASSES_ROOT\acm.acmfactory.1 Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\acm.acmfactory Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\appid\acm.dll Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\interface\{43382522-a846-46f4-ac57-1f71ae6e1086} Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\interface\{72a836d1-bc00-43c0-a941-17960e4fb842} Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver Trace.Registry.WhenU.SaveNow
Key: HKEY_CLASSES_ROOT\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} Trace.Registry.WhenUSearch
C:\Program Files\messengerplus! 3 Trace.Directory.Messanger Plus
C:\Program Files\messengerplus! 3\plugins Trace.Directory.Messanger Plus
C:\Program Files\messengerplus! 3\resources Trace.Directory.Messanger Plus
C:\Program Files\messengerplus! 3\detoured.dll Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\lame_enc.dll Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\libsndfile.dll Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\msgplus.exe Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\msgplush.dll Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\msgplusloader.dll Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\plugins\developers.txt Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\readme.txt Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\defaultlg.dat Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_arabic.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_catala.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_chinese simplified.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_chinese traditional.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_dansk.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_deutsch.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_espanol (espana).ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_espanol (latino).ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_estonian.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_francais.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_hebrew.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_hellenic.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_italiano.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_japanese.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_korean.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_magyar.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_nederlands.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_norsk (bokmal).ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_portugues.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_suomeksi.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_svenska.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_thai.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\lang_turkce.ini Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\resources\msgplusres.dll Trace.File.Messanger Plus
C:\Program Files\messengerplus! 3\richedhook.dll Trace.File.Messanger Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> MessengerPlus3 Trace.Registry.Messanger Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin --> DisplayIcon Trace.Registry.Messanger Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin --> DisplayName Trace.Registry.Messanger Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin --> SponsorInstalled Trace.Registry.Messanger Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin --> UninstallString Trace.Registry.Messanger Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 --> BinDir Trace.Registry.Messanger Plus
C:\Documents and Settings\Dr@fty\Bureau\Divx\VirtualDubMOD_1.5.10.2_b2540_Fr.exe Trojan-Spy.Win32.Ransom.a
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@advertising[1].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@atdmt[2].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@bluestreak[2].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@doubleclick[1].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@ehg.hitbox[2].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@hitbox[1].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@mediaplex[1].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@tradedoubler[2].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Cookies\dr@fty@www.cibleclick[1].txt Trace.TrackingCookie
C:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\Process.exe Riskware.RiskTool.Win32.Processor.20
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\2.2.0.100\wtvh.dll Adware.WildTangent.b
C:\WINDOWS\wt\wtvh.dll Adware.WildTangent.b

Répondre à lo38
ricileprogramatteur   18-05-2006 à 20:01:09
- 0 +

est ce que ca va mieux, car tu as suprimer plein de trucs la!

Répondre à ricileprogramatteur
lo38   18-05-2006 à 20:03:43
- 0 +

euh lol à première vue difficile à dire

Faut dire qu'avec le nombre de programme qui scan en permanence, mon ordi est pas mal occuppé^^

Répondre à lo38
bob_   18-05-2006 à 20:16:44
- 0 +

Bonsoir,

Citation :

Faut dire qu'avec le nombre de programme qui scan en permanence, mon ordi est pas mal occuppé^^



Il y a encore quoi qui tourne en ce moment sur ta machine ?

Répondre à bob_
lo38   18-05-2006 à 20:19:06
- 0 +

Ben là en ce moment c'est spybot qui scan
Je voulais lancer Ad-aware SE mais apparemment c preferable de fermer tout le reste donc j'attend de finir avec spybot

a+

Répondre à lo38
lo38   18-05-2006 à 20:21:01
- 0 +

D'ailleurs voici le résultat avec spyware

Je sais pas trop ce qu'il faut que je fasse avce tout ca...

WildTangent: Dossier Programme (Répertoire, nothing done)
C:\WINDOWS\wt\backup\

WildTangent: Réglages globaux (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\WildTangent

WildTangent: Réglages désinstallation (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wtwebdriver

WildTangent: Réglages désinstallation (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wcmdmgr.exe

WildTangent: Bibliothèque (Fichier, nothing done)
C:\WINDOWS\wt\webdriver.dll

WildTangent: Fichier texte (Fichier, nothing done)
C:\WINDOWS\wt\info.txt

WildTangent: Dossier Programme (Répertoire, nothing done)
C:\WINDOWS\wt\wtupdates\

WildTangent: Dossier Programme (Répertoire, nothing done)
C:\WINDOWS\wt\updater\

WildTangent: Dossier Programme (Répertoire, nothing done)
C:\WINDOWS\wt\webdriver\

WildTangent: Dossier Programme (Répertoire, nothing done)
C:\WINDOWS\wt\

WildTangent: Réglages (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\WildTangent

Tibs.vq: Class ID (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}

Tibs.vq: Class ID (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E89097ED-3400-411D-9647-D368C3311C98}

Tibs.vq: Root class (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IExplorerHelperVS.BrowserHook

Tibs.vq: Root class (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IExplorerHelperVS.BrowserHook.1

Tibs.vq: Class ID (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}

Tibs.vq: Root class (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IExplorerHelperVS.IExplorerHelper

Tibs.vq: Root class (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IExplorerHelperVS.IExplorerHelper.1

Tibs.vq: Class ID (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E89097ED-3400-411D-9647-D368C3311C98}

Tibs.vq: Interface (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\Interface\{68A7972B-AA41-4EE7-8A5F-F2986A0C2504}

Tibs.vq: Interface (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\Interface\{7A84FD4C-1853-458D-A878-B1860F93D2EF}

Tibs.vq: Type library (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{2215C65C-89E2-4363-820A-8C46FD4A9C97}

Avenue A, Inc.: Cookie traceur (Internet Explorer: Dr@fty) (Cookie, nothing done)


HitBox: Cookie traceur (Internet Explorer: Dr@fty) (Cookie, nothing done)


Advertising.com: Cookie traceur (Internet Explorer: Dr@fty) (Cookie, nothing done)


MediaPlex: Cookie traceur (Internet Explorer: Dr@fty) (Cookie, nothing done)


DoubleClick: Cookie traceur (Internet Explorer: Dr@fty) (Cookie, nothing done)


HitBox: Cookie traceur (Internet Explorer: Dr@fty) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-12 Includes\Cookies.sbi (*)
2006-05-12 Includes\Dialer.sbi (*)
2006-05-12 Includes\Hijackers.sbi (*)
2006-05-12 Includes\Keyloggers.sbi (*)
2006-05-15 Includes\Malware.sbi (*)
2006-05-12 Includes\PUPS.sbi (*)
2006-05-12 Includes\Revision.sbi (*)
2006-05-12 Includes\Security.sbi (*)
2006-05-12 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-12 Includes\Trojans.sbi (*)

Répondre à lo38
bob_   18-05-2006 à 20:28:56
- 0 +

re,

Maintenant lance Ad-aware SE mais ne colle pas le rapport sauf si il y a des choses qu'il ne peut pas supprimer et apres on verra, il me reste encore pleins d'utilitaires.

Répondre à bob_
lo38   18-05-2006 à 20:34:35
- 0 +

mais avec spybot faut pas faire autre chose?
parce que là il a juste scanner mais il a rien résolu....

Répondre à lo38
lo38   18-05-2006 à 20:40:38
- 0 +

ok, merci pour le lien.

pour ce qui est de ad-aware je n'arrive pas à l'installer , il m'affiche la fin de l'installation presque des le debut alors qu'il n'y a eu aucune barre de chargement.

merci pour ton aide

A+

Répondre à lo38
lo38   18-05-2006 à 22:48:50
- 0 +

petit à petit on fait du vide.

Voilà le résultat du dernier test en ligne avec panda:


Incident Statut Analyse

Adware:adware/vog No Désinfecté Registre Windows
Adware:adware/savenow No Désinfecté Registre Windows
Spyware:Cookie/QuestionMarket No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@as-eu.falkag[1].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@bluestreak[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@xiti[1].txt

Répondre à lo38
bob_   19-05-2006 à 08:55:30
- 0 +

Bonjour,

Telecharge Spyware Terminator

http://www.spywareterminator.com/

Installe le dans son répertoire et poste le rapport.

Tutorial d’utilisation :

http://www.malekal.com/tutorial_SpywareTerminator.html

Répondre à bob_
lo38   19-05-2006 à 16:11:10
- 0 +

Spyware Terminator n'a rien trouvé.

Merci pour ton aide

a+

Répondre à lo38
lo38   19-05-2006 à 18:15:29
- 0 +

J'ai enfin réussi à installer Ad-Aware SE Personal qui ma detecté et supprimé 9 problèmes.

je viens de relancer un scan panda qui me detecte encore qlq logiciels espion ( environ 9 mais l'analyse n'est pas tout à fait terminer). Mon ordi tourne bien mais tant qu'à faire j'aimerai si possible finir le ménage ( on est plus à quelques scan pret vu le nombre qui ont defilés dans la semaine^^).
Donc si vous avez encore des idées pr supprimer les logiciels espion restant, je veux bien.

merci pour votre aide

Répondre à lo38
lo38   19-05-2006 à 18:22:54
- 0 +

Voici le résultat du scan Panda


Incident Statut Analyse

Adware:adware/vog No Désinfecté Registre Windows
Adware:adware/savenow No Désinfecté Registre Windows
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.com.com/]
Spyware:Cookie/QuestionMarket No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@xiti[1].txt

Répondre à lo38
Angeldark   19-05-2006 à 18:32:49
- 0 +

Télécharges RegSearch : RegSrch.zip
Clic droit -> extraire tout.
Dans le fichier crée, executes RegSrch.vbs.
Tape :

Citation :

Save



Clicques sur "ok", et attends quelques secondes. (envireon 15 sec).
Ensuite copies/colles TOUT le contenu du bloc note qui s'ouvre.

Répondre à Angeldark
lo38   19-05-2006 à 18:36:00
- 0 +

Voici le contenu:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "save" 19/05/2006 18:34:17

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.qds]
@="SavedDsQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32DCBA14-9D05-11D3-A8FB-444553540000}]
@="SavePpg Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB9F5A4-E73E-49b8-99B6-2FA317EF9DBC}]
@="Windows ScreenSaver Properties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9A4D260-0342-4672-8007-0882F75DAFC7}]
@="FileSave Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9A4D260-0342-4672-8007-0882F75DAFC7}\ProgID]
@="SAFRCFileDlg.FileSave.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9A4D260-0342-4672-8007-0882F75DAFC7}\VersionIndependentProgID]
@="SAFRCFileDlg.FileSave"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg]
@="SavePpg Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg\CurVer]
@="ImagXpr5.SavePpg.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg.1]
@="SavePpg Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ImagXpr5.SavePpg.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2AC10A96-17A1-4B08-8EF0-5988F3979F18}]
@="IFileSave"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{876E7208-0172-4EBB-B08B-2E1D30DFE44C}]
@="IBatterySavedPreset"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave]
@="FileSave Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave\CurVer]
@="SAFRCFileDlg.FileSave.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave.1]
@="FileSave Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAFRCFileDlg.FileSave.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavedDsQuery]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavedDsQuery\DefaultIcon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavedDsQuery\Shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavedDsQuery\Shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavedDsQuery\Shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command]
@="rundll32.exe desk.cpl,InstallScreenSaver %l"

@="[AppShow][REM _DDE_ReadWriteOnSave][FileOpen .Name=\"%1\",.Revert=0]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer]
"MP2.SaveDir"="C:\\Program Files\\Windows Media Player"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\IEHardening]
"FEATURE_UNC_SAVEDFILECHECK"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe]
"SaveURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSPUB.EXE]
"SaveURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ois.exe]
"SaveURL"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exe]
"SaveURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe]
"SaveURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Matrix3D]
"DisplayName"="The Matrix Reloaded 3D Screensaver v1.51"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.3DFlowerBox"="USR:Control Panel\\Screen Saver.3DFlowerBox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.3DFlyingObj"="USR:Control Panel\\Screen Saver.3DFlyingObj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.3DMaze"="USR:Control Panel\\Screen Saver.3DMaze"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.3DPipes"="USR:Control Panel\\Screen Saver.3DPipes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.3DText"="USR:Control Panel\\Screen Saver.3DText"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.Bezier"="USR:Control Panel\\Screen Saver.Bezier"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.Marquee"="#USR:Control Panel\\Screen Saver.Marquee"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.Mystify"="#USR:Control Panel\\Screen Saver.Mystify"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini]
"Screen Saver.Stars"="#USR:Control Panel\\Screen Saver.Stars"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]
"ScreenSaverActive"="USR:Control Panel\\Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]
"ScreenSaverIsSecure"="USR:Control Panel\\Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]
"SCRNSAVE.EXE"="USR:Control Panel\\Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"ScreenSaveActive"="#USR:Control Panel\\Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"ScreenSaveTimeOut"="#USR:Control Panel\\Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"ScreenSaver"="WinlogonScreenSaverEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"StartScreenSaver"="SensStartScreenSaverEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"StopScreenSaver"="SensStopScreenSaverEvent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\GroupOrderList]
"Video Save"=hex:01,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters]
"MaxNumSavedTraces"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8FF837FF-3BD5-4560-BB59-1617B8EB8911}\0000]
"SaveSettings"=hex:00,00,00,00,00,04,00,03,00,00,00,00,00,04,00,03,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{B09633A7-C71F-46B7-9BD4-74EC57A61BCE}\0000]
"SaveSettings"=hex:00,00,00,00,00,05,00,04,00,00,00,00,00,05,00,04,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VGASAVE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VGASAVE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VGASAVE\0000]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VGASAVE\0000]
"DeviceDesc"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VGASAVE\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Save Dump]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VgaSave]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VgaSave\Device0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VgaSave\Video]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VgaSave\Video]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\GroupOrderList]
"Video Save"=hex:01,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Memory Management\PrefetchParameters]
"MaxNumSavedTraces"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Video\{8FF837FF-3BD5-4560-BB59-1617B8EB8911}\0000]
"SaveSettings"=hex:00,00,00,00,00,04,00,03,00,00,00,00,00,04,00,03,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Video\{B09633A7-C71F-46B7-9BD4-74EC57A61BCE}\0000]
"SaveSettings"=hex:00,00,00,00,00,05,00,04,00,00,00,00,00,05,00,04,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_VGASAVE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_VGASAVE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_VGASAVE\0000]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_VGASAVE\0000]
"DeviceDesc"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_VGASAVE\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_VGASAVE\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_VGASAVE\0000\Control]
"ActiveService"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\Save Dump]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmdd]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDPCDD]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave\Device0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave\Video]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave\Video]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave\Enum]
"0"="Root\\LEGACY_VGASAVE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"Video Save"=hex:01,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"MaxNumSavedTraces"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8FF837FF-3BD5-4560-BB59-1617B8EB8911}\0000]
"SaveSettings"=hex:00,00,00,00,00,04,00,03,00,00,00,00,00,04,00,03,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{B09633A7-C71F-46B7-9BD4-74EC57A61BCE}\0000]
"SaveSettings"=hex:00,00,00,00,00,05,00,04,00,00,00,00,00,05,00,04,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VGASAVE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VGASAVE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VGASAVE\0000]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VGASAVE\0000]
"DeviceDesc"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VGASAVE\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VGASAVE\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VGASAVE\0000\Control]
"ActiveService"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Save Dump]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave]
"Group"="Video Save"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave\Device0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave\Video]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave\Video]
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave\Enum]
"0"="Root\\LEGACY_VGASAVE\\0000"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaveTimeOut"="600"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaveActive"="1"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"SCRNSAVE.EXE"="logon.scr"

[HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.3DFlyingObj]

[HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.3DPipes]

[HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.Bezier]

[HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.Marquee]

[HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.Mystify]

[HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.Stars]

[HKEY_USERS\.DEFAULT\Software\Microsoft\RegEdt32\Settings]
"SaveSettings"="1"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=hex:3c,00,00,00,e6,04,00,00,09,00,00,00,00,00,00,00,00,\

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Gest. des utilisateurs pour les domaines]
"SaveSettings"="1"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire de serveur]
"SaveSettings"="1"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire des utilisateurs]
"SaveSettings"="1"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Observateur d'événements]
"SaveSettings"="1"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
"SaveConnections"="yes"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
"NoSaveSettings"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Settings]
"SaveSettings"=dword:00000001

[HKEY_USERS\S-1-5-19\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"

[HKEY_USERS\S-1-5-19\Control Panel\Desktop]
"ScreenSaveTimeOut"="600"

[HKEY_USERS\S-1-5-19\Control Panel\Desktop]
"ScreenSaveActive"="1"

[HKEY_USERS\S-1-5-19\Control Panel\Desktop]
"SCRNSAVE.EXE"="%SystemRoot%\\System32\\logon.scr"

[HKEY_USERS\S-1-5-19\Control Panel\Screen Saver.3DFlyingObj]

[HKEY_USERS\S-1-5-19\Control Panel\Screen Saver.3DPipes]

[HKEY_USERS\S-1-5-19\Control Panel\Screen Saver.Bezier]

[HKEY_USERS\S-1-5-19\Control Panel\Screen Saver.Marquee]

[HKEY_USERS\S-1-5-19\Control Panel\Screen Saver.Mystify]

[HKEY_USERS\S-1-5-19\Control Panel\Screen Saver.Stars]

[HKEY_USERS\S-1-5-19\Software\Microsoft\RegEdt32\Settings]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=hex:3c,00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\Gest. des utilisateurs pour les domaines]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire de serveur]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire des utilisateurs]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\Observateur d'événements]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
"SaveConnections"="yes"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
"NoSaveSettings"=dword:00000000

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Settings]
"SaveSettings"=dword:00000001

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-19\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-20\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"

[HKEY_USERS\S-1-5-20\Control Panel\Desktop]
"ScreenSaveTimeOut"="600"

[HKEY_USERS\S-1-5-20\Control Panel\Desktop]
"ScreenSaveActive"="1"

[HKEY_USERS\S-1-5-20\Control Panel\Desktop]
"SCRNSAVE.EXE"="%SystemRoot%\\System32\\logon.scr"

[HKEY_USERS\S-1-5-20\Control Panel\Screen Saver.3DFlyingObj]

[HKEY_USERS\S-1-5-20\Control Panel\Screen Saver.3DPipes]

[HKEY_USERS\S-1-5-20\Control Panel\Screen Saver.Bezier]

[HKEY_USERS\S-1-5-20\Control Panel\Screen Saver.Marquee]

[HKEY_USERS\S-1-5-20\Control Panel\Screen Saver.Mystify]

[HKEY_USERS\S-1-5-20\Control Panel\Screen Saver.Stars]

[HKEY_USERS\S-1-5-20\Software\Microsoft\RegEdt32\Settings]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=hex:3c,00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\Gest. des utilisateurs pour les domaines]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire de serveur]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire des utilisateurs]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\Observateur d'événements]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
"SaveConnections"="yes"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
"NoSaveSettings"=dword:00000000

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Settings]
"SaveSettings"=dword:00000001

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-20\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveAll]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle]
"DisplayName"="Current Settings SaveNoVisualStyle"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"LegacyName"="Current Settings SaveNoVisualStyle"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Desktop]
"ScreenSaveTimeOut"="600"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Desktop]
"ScreenSaveActive"="1"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Desktop]
"SCRNSAVE.EXE"="C:\\WINDOWS\\System32\\Matrix3D.scr"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Screen Saver.3DFlyingObj]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Screen Saver.3DPipes]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Screen Saver.Bezier]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Screen Saver.Marquee]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Screen Saver.Mystify]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Control Panel\Screen Saver.Stars]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Identities\{9D0E92A4-732E-4B41-B050-B3F30692126D}\Software\Microsoft\Outlook Express\5.0]
"Saved Toolbar Settings"=hex:11,9e,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,\

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Identities\{9D0E92A4-732E-4B41-B050-B3F30692126D}\Software\Microsoft\Outlook Express\5.0]
"Saved Toolbar Settings Version"=dword:00000011

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Identities\{9D0E92A4-732E-4B41-B050-B3F30692126D}\Software\Microsoft\Outlook Express\5.0\MailNote]
"Saved Toolbar Settings Version"=dword:0000000f

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Identities\{9D0E92A4-732E-4B41-B050-B3F30692126D}\Software\Microsoft\Outlook Express\5.0\News]
"Saved Toolbar Settings"=hex:12,9e,00,00,f2,9c,00,00,f0,9c,00,00,f4,9c,00,00,\

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Identities\{9D0E92A4-732E-4B41-B050-B3F30692126D}\Software\Microsoft\Outlook Express\5.0\News]
"Saved Toolbar Settings Version"=dword:00000011

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterAI.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterAiff.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterASF.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterBarsAndTone.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterBitmap.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterBlackMatte.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterColorMatte.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterDV.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterFilmStrip.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterLeader.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterMp3.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterMpeg.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterMultiStill.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterPcx.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterPhotoshop.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterPict.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterQT.prm\Importer]
"ImpCanSave"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterTarga.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterTiff.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterTitle.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterVfw.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Adobe\Premiere\7.0\PluginCache\ImporterWave.prm\Importer]
"ImpCanSave"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\Database]
"UseDbDuringSaveTrack"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\Database]
"SavePlayList"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\General]
"SaveTrackPath"="C:\\DOCUME~1\\Dr@fty\\LOCALS~1\\Temp\\"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\General]
"SaveTrackFileName"="Track"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\General]
"SaveInnerWindowPos"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\General]
"NEShowSaveProjectOnTheEnd"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\General]
"PrintOrSaveLog"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\SaveTrackOptions]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\SaveTrackOptions]
"DontShowAlertDuringSave"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Ahead\Nero - Burning Rom\Settings]
"TrackSaveDir"=""

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\GSpot Appliance Corp\GSpot\v2.5 Settings]
"SaveWindowSize"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\Main]
"Save_Session_History_On_Exit"="no"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\MS Design Tools\MDTDBD]
"AutoSaveChangeScript"="0"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Notepad]
"fSaveWindowPositions"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Office\11.0\PowerPoint\Options]
"ToolbarConfigSaved"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Office\Common\Smart Tag\Applications\OpusApp]
"Save"=hex:01,00,00,00

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Plus!\Themes\Apply]
"Screen saver"="1"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\RegEdt32\Settings]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=hex:3c,00,00,00,4e,0d,00,00,01,00,00,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Gest. des utilisateurs pour les domaines]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire de serveur]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire des utilisateurs]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Observateur d'événements]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
"SaveConnections"="yes"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
"NoSaveSettings"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Settings]
"SaveSettings"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\RabidHaMsTeR\R2eScreensaver]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\SolidWorks\Startup\Applications\Save As PDF]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Valve\Steam]
"SSAVersion"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\VB and VBA Program Settings\CCleaner\Options]
"(App)Mozilla - Saved Form Information"="Faux"

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\WinRAR\Profiles\0]
"SaveStreams"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\WinRAR\Profiles\1]
"SaveStreams"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\WinRAR\Profiles\2]
"SaveStreams"=dword:00000001

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\WinRAR\Profiles\3]
"SaveStreams"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\WinRAR\Profiles\4]
"SaveStreams"=dword:00000000

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-21-1004336348-1580818891-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-18\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"

[HKEY_USERS\S-1-5-18\Control Panel\Desktop]
"ScreenSaveTimeOut"="600"

[HKEY_USERS\S-1-5-18\Control Panel\Desktop]
"ScreenSaveActive"="1"

[HKEY_USERS\S-1-5-18\Control Panel\Desktop]
"SCRNSAVE.EXE"="logon.scr"

[HKEY_USERS\S-1-5-18\Control Panel\Screen Saver.3DFlyingObj]

[HKEY_USERS\S-1-5-18\Control Panel\Screen Saver.3DPipes]

[HKEY_USERS\S-1-5-18\Control Panel\Screen Saver.Bezier]

[HKEY_USERS\S-1-5-18\Control Panel\Screen Saver.Marquee]

[HKEY_USERS\S-1-5-18\Control Panel\Screen Saver.Mystify]

[HKEY_USERS\S-1-5-18\Control Panel\Screen Saver.Stars]

[HKEY_USERS\S-1-5-18\Software\Microsoft\RegEdt32\Settings]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=hex:3c,00,00,00,e6,04,00,00,09,00,00,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\savehits.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\saveli.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\screensaver.it\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\dl]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\targetsaver.com\www.dl]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\Gest. des utilisateurs pour les domaines]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire de serveur]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\Gestionnaire des utilisateurs]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\Observateur d'événements]
"SaveSettings"="1"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
"SaveConnections"="yes"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions]
"NoSaveSettings"=dword:00000000

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Settings]
"SaveSettings"=dword:00000001

Répondre à lo38
Angeldark   19-05-2006 à 18:41:39
- 0 +

Dans Executer tape Regedit
Supprime:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg

Refais la meme chose en tapant Vog cette fois ci.

Répondre à Angeldark
lo38   19-05-2006 à 18:45:17
- 0 +

Voici le résultat

Merci pour ton aide

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "vog" 19/05/2006 18:44:06

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\RIVATNT]
"Dll"="nvoglnt"

Répondre à lo38
Angeldark   19-05-2006 à 18:54:47
- 0 +

Rien de concluant.

Petite precision:

Spyware Cookies: tu en auras toujours (des que tu te connecte, c'est comme ca pour tout le monde je te rassure)
Passe un coup de Ccleaner.

Tu peux verifier si dans le scan Panda.
Adware/Save a disparu.
Pour vog je ne connais ce spyware.
---------
Sélectionne les lignes dans ce cadre :

Citation :

cd \
dir "%PROGRAMFILES%" > resultat.txt
dir "%PROGRAMFILES%\fichiers communs\" >> resultat.txt
dir "%PROGRAMFILES%\common files\" >> resultat.txt
dir C:\*.exe >> resultat.txt
dir /a /s /o:n /b c:\*.exe |find "Documents" >> resultat.txt
notepad resultat.txt



--> clic droit / copier

- Ouvre le bloc-note et clic sur menu edition puis coller
- Enregistre le fichier sur ton bureau et nomme le cherche.cmd
Verifie que l'option "Tous les fichiers" soit selectionnee
- Double clic sur cherche.cmd --> Cela va t'ouvrir une fenêtre, attends.. cela peut durer longtemps.
- Le bloc-note va s'ouvrir, copie/colle le contenu ici

Répondre à Angeldark
lo38   19-05-2006 à 19:10:08
- 0 +

angel dark dit :

Verifie que l'option "Tous les fichiers" soit selectionnee

Je ne comprend pas ce que tu veux dire par là...

Répondre à lo38
Angeldark   19-05-2006 à 19:31:16
- 0 +

Fichier-> Enregistrer Sous-> Types: "Tous les fichiers"

Répondre à Angeldark
lo38   19-05-2006 à 22:03:47
- 0 +

voici le résultat :

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C082-B080

R‚pertoire de C:\Program Files

19/05/2006 19:04 <REP> .
19/05/2006 19:04 <REP> ..
19/05/2006 17:50 <REP> a-squared
11/03/2006 12:17 <REP> Adobe
29/01/2006 17:34 <REP> Ahead
21/02/2006 13:13 <REP> AndreaMosaic
18/05/2006 18:43 <REP> ATI Multimedia
28/01/2006 09:55 <REP> BearShare
31/12/2005 09:40 <REP> Bluebeam Software
16/01/2006 22:39 <REP> Boris FX, Inc
09/05/2006 20:10 <REP> CCleaner
25/02/2006 21:44 <REP> ChaosSoft
28/12/2005 16:31 <REP> ComPlus Applications
19/05/2006 18:01 <REP> ewido anti-malware
21/02/2006 13:09 <REP> Fichiers communs
28/12/2005 19:16 <REP> Grisoft
19/05/2006 18:04 <REP> Internet Explorer
03/02/2006 17:41 <REP> InterVideo
01/02/2006 22:01 <REP> K-Lite Codec Pack
17/05/2006 16:27 <REP> Kaspersky Lab
19/05/2006 16:31 <REP> Lavasoft
20/02/2006 22:37 <REP> Matrix
19/05/2006 18:04 <REP> Messenger
28/12/2005 16:35 <REP> microsoft frontpage
28/12/2005 19:39 <REP> Microsoft Office
28/12/2005 19:39 <REP> Microsoft.NET
26/01/2006 19:51 <REP> Movie Maker
19/05/2006 19:08 <REP> Mozilla Firefox
01/01/2006 16:35 <REP> MSN
28/12/2005 16:31 <REP> MSN Gaming Zone
19/05/2006 18:05 <REP> MSN Messenger
26/01/2006 19:46 <REP> NetMeeting
29/12/2005 11:49 <REP> NVIDIA Corporation
26/01/2006 19:46 <REP> Outlook Express
29/12/2005 20:37 <REP> QuickTime
25/02/2006 23:25 <REP> RamBoost XP
02/01/2006 17:27 <REP> Realtek AC97
28/12/2005 16:31 <REP> Services en ligne
28/12/2005 19:33 <REP> Skype
09/02/2006 21:21 <REP> SlDB
01/03/2006 00:19 <REP> Sleep Helper
31/12/2005 09:43 <REP> SolidWorks
19/05/2006 18:08 <REP> Spybot - Search & Destroy
19/05/2006 18:30 <REP> Spyware Terminator
08/03/2006 22:18 <REP> Steam
21/02/2006 12:56 <REP> Switch Off
20/02/2006 11:55 <REP> The All-Seeing Eye
13/01/2006 20:19 <REP> Trapcode
13/01/2006 20:19 36ÿ868 uninst-shine.exe
20/02/2006 22:37 <REP> UselessCreations
20/02/2006 10:59 <REP> viewsonic
27/08/2002 18:40 55ÿ313 viewsonicinstruct_xp.pdf
28/01/2006 01:20 <REP> Webteh
19/05/2006 18:09 <REP> Winamp
26/01/2006 19:51 <REP> Windows Media Player
26/01/2006 19:46 <REP> Windows NT
19/05/2006 18:10 <REP> WinRAR
28/12/2005 16:35 <REP> xerox
2 fichier(s) 92ÿ181 octets
56 R‚p(s) 6ÿ574ÿ624ÿ768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C082-B080

R‚pertoire de C:\Program Files\fichiers communs

Répondre à lo38
lo38   19-05-2006 à 22:07:15
- 0 +

lol excuse j'ai oublié la fin :

je remet donc tout:

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C082-B080

R‚pertoire de C:\Program Files

19/05/2006 19:04 <REP> .
19/05/2006 19:04 <REP> ..
19/05/2006 17:50 <REP> a-squared
11/03/2006 12:17 <REP> Adobe
29/01/2006 17:34 <REP> Ahead
21/02/2006 13:13 <REP> AndreaMosaic
18/05/2006 18:43 <REP> ATI Multimedia
28/01/2006 09:55 <REP> BearShare
31/12/2005 09:40 <REP> Bluebeam Software
16/01/2006 22:39 <REP> Boris FX, Inc
09/05/2006 20:10 <REP> CCleaner
25/02/2006 21:44 <REP> ChaosSoft
28/12/2005 16:31 <REP> ComPlus Applications
19/05/2006 18:01 <REP> ewido anti-malware
21/02/2006 13:09 <REP> Fichiers communs
28/12/2005 19:16 <REP> Grisoft
19/05/2006 18:04 <REP> Internet Explorer
03/02/2006 17:41 <REP> InterVideo
01/02/2006 22:01 <REP> K-Lite Codec Pack
17/05/2006 16:27 <REP> Kaspersky Lab
19/05/2006 16:31 <REP> Lavasoft
20/02/2006 22:37 <REP> Matrix
19/05/2006 18:04 <REP> Messenger
28/12/2005 16:35 <REP> microsoft frontpage
28/12/2005 19:39 <REP> Microsoft Office
28/12/2005 19:39 <REP> Microsoft.NET
26/01/2006 19:51 <REP> Movie Maker
19/05/2006 19:08 <REP> Mozilla Firefox
01/01/2006 16:35 <REP> MSN
28/12/2005 16:31 <REP> MSN Gaming Zone
19/05/2006 18:05 <REP> MSN Messenger
26/01/2006 19:46 <REP> NetMeeting
29/12/2005 11:49 <REP> NVIDIA Corporation
26/01/2006 19:46 <REP> Outlook Express
29/12/2005 20:37 <REP> QuickTime
25/02/2006 23:25 <REP> RamBoost XP
02/01/2006 17:27 <REP> Realtek AC97
28/12/2005 16:31 <REP> Services en ligne
28/12/2005 19:33 <REP> Skype
09/02/2006 21:21 <REP> SlDB
01/03/2006 00:19 <REP> Sleep Helper
31/12/2005 09:43 <REP> SolidWorks
19/05/2006 18:08 <REP> Spybot - Search & Destroy
19/05/2006 18:30 <REP> Spyware Terminator
08/03/2006 22:18 <REP> Steam
21/02/2006 12:56 <REP> Switch Off
20/02/2006 11:55 <REP> The All-Seeing Eye
13/01/2006 20:19 <REP> Trapcode
13/01/2006 20:19 36ÿ868 uninst-shine.exe
20/02/2006 22:37 <REP> UselessCreations
20/02/2006 10:59 <REP> viewsonic
27/08/2002 18:40 55ÿ313 viewsonicinstruct_xp.pdf
28/01/2006 01:20 <REP> Webteh
19/05/2006 18:09 <REP> Winamp
26/01/2006 19:51 <REP> Windows Media Player
26/01/2006 19:46 <REP> Windows NT
19/05/2006 18:10 <REP> WinRAR
28/12/2005 16:35 <REP> xerox
2 fichier(s) 92ÿ181 octets
56 R‚p(s) 6ÿ574ÿ624ÿ768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C082-B080

R‚pertoire de C:\Program Files\fichiers communs

21/02/2006 13:09 <REP> .
21/02/2006 13:09 <REP> ..
11/03/2006 12:13 <REP> Adobe
28/12/2005 19:48 <REP> Adobe Systems Shared
29/01/2006 17:34 <REP> Ahead
21/02/2006 13:09 <REP> ATI
31/12/2005 09:40 <REP> Bluebeam Software
31/12/2005 09:40 <REP> DESIGNER
29/12/2005 11:48 <REP> InstallShield
18/01/2006 22:55 <REP> Microsoft Shared
28/12/2005 16:32 <REP> MSSoap
20/02/2006 13:17 <REP> NSV
29/12/2005 11:48 <REP> NVIDIA Shared
28/12/2005 23:22 <REP> ODBC
28/12/2005 16:32 <REP> Services
31/12/2005 09:37 <REP> Solidworks Data
31/12/2005 09:40 <REP> SolidWorks Shared
28/12/2005 23:22 <REP> SpeechEngines
18/05/2006 18:45 <REP> System
28/12/2005 22:35 <REP> Vbox
0 fichier(s) 0 octets
20 R‚p(s) 6ÿ574ÿ620ÿ672 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C082-B080

R‚pertoire de C:\

c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
c:\Documents and Settings\Dr@fty\Bureau\Virtual Dub.exe
c:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\BindsCS16.Exe
c:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\EyeInstaller.exe
c:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\Half-Life CD-Key Generator\Half-Life CD-Key Generator.exe
c:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\Steam\steam_install.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\xfire_installer_17902.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\a2setup.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\aawsepersonal.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\ccsetup129.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\ewido-setup.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\Fixwareout.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\HijackThis.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\spybot.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SpywareTerminator.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\KillBox\KillBox.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\restart.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\swreg.exe
c:\Documents and Settings\Dr@fty\Mes documents\Logiciels\Log protection virus\SmitfraudFix\swsc.exe

Répondre à lo38
Angeldark   19-05-2006 à 22:15:15
- 0 +

Supprime si possible

C:\Program Files\viewsonicinstruct_xp.pdf
C:\Program Files\uninst-shine.exe

C:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\BindsCS16.Exe
C:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\EyeInstaller.exe
C:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\Half-Life CD-Key Generator\

Répondre à Angeldark
lo38   19-05-2006 à 22:29:55
- 0 +

euh ce sont tous des logociels ou plugin que j'ai installé.
Je le svire quand meme?

Répondre à lo38
Angeldark   19-05-2006 à 22:35:04
- 0 +

On va reprendre point par point

C:\Program Files\viewsonicinstruct_xp.pdf
-> fichier .pdf donc supprimable sans probleme

C:\Program Files\uninst-shine.exe
-> exe supprime (sauf si tu en as besoin)

C:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\BindsCS16.Exe
-> si tu connais garde le

C:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\EyeInstaller.exe
-> idem

C:\Documents and Settings\Dr@fty\Mes documents\Counter Strike\Half-Life CD-Key Generator\
-> Si une Keygen apparit avec Cherche.cmd c'est qu'elle est infectee, supprime la

Répondre à Angeldark
lo38   19-05-2006 à 23:24:36
- 0 +

salut,

j'ai effacé les fichiers indiqués.

toutefois savenow semble persister tel que le montre le derneir rapport panda:

Merci pour ton aide



Incident Statut Analyse

Adware:adware/vog No Désinfecté Registre Windows
Adware:adware/savenow No Désinfecté Registre Windows
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Dr@fty\Application Data\Mozilla\Firefox\Profiles\c3v4gibm.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dr@fty\Cookies\dr@fty@xiti[1].txt

Répondre à lo38
Page Précédente
1 2
Page Suivante
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > scan avec hijackthis
Aller à :

Il y a 294 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,417 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens