CID - Sécurité, virus et assimilés::Spam

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

Diri-chan

Posté le 04/05/2007 23:05:11

Je m'excuse, je ne suis pas du tout la première sur ce sujet là. Comme tout les autres j'ai des fenêtres intempestives commencant par CiD toute les cinq minutes. Si quelqu'un pourrait m'aider pour la suite ^^ Merci !!

J'ai déjà utilisé Spybot pour essayer de supprimer le problème... Ca m'en a supprimé 154 autres mais pas celui-là.

-->Message édité par Diri-chan le 04/05/2007 23:08:26<--

chercheur_

Posté le 04/05/2007 23:11:10

Bonjour

Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse ici.

Diri-chan

Posté le 04/05/2007 23:13:33

Logfile of HijackThis v1.99.1
Scan saved at 23:03:57, on 04/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.fr/startpage/dialup/fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {025392B7-6DC5-480D-8A19-C5C3CE01088D} - C:\WINDOWS\system32\adptif32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [01stopdartplay] C:\Documents and Settings\All Users\Application Data\Lessfilm01stop\Phone Settings.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [support idol] C:\DOCUME~1\eric\APPLIC~1\DRIVEF~1\Move Intra Online.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Voilà.

chercheur_

Posté le 04/05/2007 23:19:16

Bien.
Poste aussi ce rapport.
Télécharge LopxpMH sur ton Bureau.
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.

Diri-chan

Posté le 04/05/2007 23:20:59

Euh.. je suis pas certaine que ce soit la même version. J'espère que ca ira quand même.

Rapport lopxpMH2 version 2.0 fait à 22:59:18,84 le 04/05/2007
C:\Documents and Settings\eric\Bureau\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\Default User\Application Data

14/05/2004 05:49 <REP> .
14/05/2004 05:49 <REP> ..
14/05/2004 05:49 <REP> Microsoft
14/05/2004 05:49 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 49 117 298 688 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

14/05/2004 05:49 <REP> .
14/05/2004 05:49 <REP> ..
0 fichier(s) 0 octets
2 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\All Users\Application Data

14/05/2004 05:49 <REP> .
14/05/2004 05:49 <REP> ..
15/10/2005 12:31 <REP> Adobe
06/02/2005 17:01 <REP> Autodesk
17/05/2004 23:30 <REP> CyberLink
28/10/2006 13:33 <REP> Google
14/05/2005 17:46 <REP> HP
03/04/2007 16:59 <REP> Lessfilm01stop
27/12/2004 13:06 <REP> Macrovision
14/05/2004 05:49 <REP> Microsoft
19/12/2004 11:57 <REP> MSN6
18/12/2004 18:38 <REP> NFS Underground
01/09/2006 11:56 <REP> Quark
25/10/2005 12:23 <REP> QuickTime
04/05/2007 21:03 <REP> Spybot - Search & Destroy
27/01/2007 18:53 <REP> Windows Genuine Advantage
24/09/2006 14:22 <REP> Windows Live Toolbar
14/05/2004 05:49 62 desktop.ini
14/05/2005 17:34 7 460 hpzinstall.log
2 fichier(s) 7 522 octets
17 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\eric\Application Data

14/05/2004 05:55 <REP> .
14/05/2004 05:55 <REP> ..
06/02/2005 16:31 <REP> Adobe
03/04/2007 17:00 <REP> BitDownload
18/05/2004 08:54 <REP> CyberLink
10/02/2007 16:27 <REP> DesktopPlayer
03/04/2007 16:59 <REP> driveford
23/03/2007 23:11 <REP> dvdcss
08/01/2005 14:26 <REP> EuroTalk
23/09/2006 11:35 <REP> FotoWire
13/08/2006 14:42 <REP> Google
18/05/2004 09:05 <REP> Help
14/05/2004 06:07 <REP> Identities
24/09/2005 11:37 <REP> InterTrust
25/10/2005 12:24 <REP> iShell
27/12/2004 13:06 <REP> Macromedia
05/05/2005 17:21 <REP> Micro Application
14/05/2004 05:55 <REP> Microsoft
26/10/2006 01:13 <REP> Mozilla
19/12/2004 11:57 <REP> MSN6
22/09/2006 21:57 <REP> NetMedia Providers
28/10/2006 11:00 <REP> Nvu
22/09/2006 21:57 <REP> Publish Providers
17/08/2006 10:52 <REP> Quark
04/08/2006 16:24 <REP> Shareaza
22/09/2006 21:57 <REP> Sony
13/08/2006 14:42 <REP> Sun
26/10/2006 01:14 <REP> Talkback
07/03/2007 19:29 <REP> THQ
01/10/2006 12:15 <REP> vlc
09/12/2005 19:52 36 864 CDRusersDB.v12
14/05/2004 05:55 62 desktop.ini
2 fichier(s) 36 926 octets
30 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\eric\Local Settings\Application Data

14/05/2004 05:55 <REP> .
14/05/2004 05:55 <REP> ..
06/08/2006 17:07 <REP> Adobe
14/05/2005 17:53 <REP> ApplicationHistory
17/08/2006 22:23 <REP> Google
18/05/2004 09:05 <REP> Help
14/05/2005 17:53 <REP> HP
28/03/2005 15:24 <REP> Identities
14/05/2005 17:53 <REP> IsolatedStorage
27/12/2004 13:01 <REP> Macromedia
14/05/2004 06:07 <REP> Microsoft
26/10/2006 01:13 <REP> Mozilla
25/09/2005 19:01 <REP> NFS Underground 2
04/08/2006 16:24 <REP> Shareaza
18/05/2004 21:24 <REP> WMTools Downloaded Files
18/05/2004 23:44 150 528 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
14/05/2005 17:53 127 fusioncache.dat
18/05/2004 21:13 27 832 GDIPFONTCACHEV1.DAT
14/05/2004 06:09 4 238 410 IconCache.db
4 fichier(s) 4 416 897 octets
15 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\NetworkService\Application Data

14/05/2004 06:05 <REP> .
14/05/2004 06:05 <REP> ..
14/05/2004 06:05 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

14/05/2004 06:05 <REP> .
14/05/2004 06:05 <REP> ..
14/05/2004 06:05 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\LocalService\Application Data

14/05/2004 06:05 <REP> .
14/05/2004 06:05 <REP> ..
14/05/2004 06:05 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

14/05/2004 06:05 <REP> .
14/05/2004 06:05 <REP> ..
14/05/2004 06:05 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

14/05/2004 05:58 <REP> .
14/05/2004 05:58 <REP> ..
14/05/2004 05:58 <REP> Microsoft
14/05/2004 05:58 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 49 117 265 920 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

14/05/2004 05:58 <REP> .
14/05/2004 05:58 <REP> ..
18/05/2004 21:13 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 49 117 265 920 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

C:\WINDOWS\Tasks\Démarrage
Démarrage inexploitable

C:\WINDOWS\Tasks\Check
Check inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\Program Files

13/05/2004 08:33 <REP> .
13/05/2004 08:33 <REP> ..
19/01/2005 10:10 <REP> 3DO
18/05/2004 23:19 <REP> 3ivx
23/05/2005 17:04 <REP> AbiSuite2
13/05/2004 08:33 <REP> Accessoires
05/11/2005 20:32 <REP> Activision Value
19/12/2004 11:33 <REP> Adobe
17/05/2004 23:23 <REP> AI - Series
04/08/2006 12:45 <REP> Alice
30/08/2006 13:06 <REP> Alice SSID
15/10/2006 10:44 <REP> Alwil Software
14/08/2006 18:26 <REP> Amiglobe 2002
17/05/2004 23:17 <REP> Analog Devices
18/05/2004 20:43 <REP> Anuman Interactive
19/12/2004 11:32 <REP> ArcSoft
01/10/2006 01:46 <REP> ArtixMedia Menu Studio
19/12/2004 18:28 <REP> Aspyr
17/05/2004 23:21 <REP> ASUS
05/05/2005 20:25 <REP> Atari
18/05/2004 09:03 <REP> ATI Technologies
06/02/2005 17:02 <REP> backburner 2
28/04/2007 08:34 <REP> Beneton Software
03/04/2007 16:59 <REP> BitDownload
29/08/2006 16:37 <REP> Buena Vista Interactive
13/05/2004 08:33 <REP> CHAT
14/05/2004 05:53 <REP> ComPlus Applications
18/05/2004 20:36 <REP> Computer Artworks
17/05/2004 23:30 <REP> CyberLink
04/08/2006 14:33 <REP> DAP
04/08/2006 14:32 6 048 544 DAP8.exe
18/05/2004 20:37 <REP> directx
19/12/2004 18:12 <REP> Disciples 2
18/05/2004 23:20 <REP> DivX
03/04/2007 16:59 <REP> driveford
25/05/2004 04:28 <REP> EA GAMES
12/01/2005 13:41 <REP> Eidos Interactive
16/08/2005 13:13 <REP> eMule
19/12/2004 11:29 <REP> EPSON
08/01/2005 14:26 <REP> EuroTalk
13/05/2004 08:33 <REP> Fichiers communs
13/05/2004 08:33 <REP> FrontPage Express
13/05/2004 08:34 <REP> FRX
26/10/2006 20:02 <REP> GameHouse
18/05/2004 19:53 <REP> Ganymede
26/12/2006 12:32 <REP> GiveMeTac 1.1
13/08/2006 14:42 <REP> Google
12/08/2005 13:40 <REP> GT Interactive
03/03/2007 00:52 <REP> Guitar Pro 5
13/02/2006 13:35 <REP> Hewlett-Packard
04/05/2007 22:25 <REP> HijackThis
14/05/2005 17:35 <REP> HP
08/08/2006 19:11 <REP> Ihsv
14/04/2007 17:51 <REP> Interapple
13/05/2004 08:33 <REP> Internet Explorer
13/08/2006 14:40 <REP> Java
23/09/2006 11:32 <REP> Logitech
15/10/2006 10:43 <REP> Maïdo Production
31/07/2006 15:20 <REP> Maxis
14/05/2004 05:52 <REP> Messenger
05/03/2005 12:46 <REP> Micro Application
14/05/2004 05:55 <REP> microsoft frontpage
06/11/2005 13:59 <REP> Microsoft Office
14/05/2004 05:53 <REP> Movie Maker
26/10/2006 01:13 <REP> Mozilla Firefox
18/02/2006 11:55 <REP> MP3 Player Utilities 1.47
14/05/2004 05:52 <REP> MSN
14/05/2004 05:52 <REP> MSN Gaming Zone
06/08/2006 22:16 <REP> MSN Messenger
18/11/2006 03:00 <REP> MSXML 4.0
13/05/2004 08:33 <REP> NetMeeting
18/05/2005 13:08 <REP> NovaLogic
28/10/2006 11:00 <REP> Nvu
13/05/2004 08:33 <REP> Outlook Express
19/06/2006 20:23 <REP> Painter 7
13/05/2004 08:33 <REP> PLUS!
17/08/2006 10:51 <REP> Quark
26/07/2005 19:23 <REP> QuickTime
03/04/2007 23:34 <REP> RAR Password Cracker
26/07/2005 19:21 <REP> Red Orb
19/05/2005 11:22 <REP> Rockstar Games
13/05/2004 08:33 <REP> Services en ligne
02/03/2005 13:43 <REP> Sierra On-Line
22/09/2006 21:51 <REP> Sony Setup
04/05/2007 21:03 <REP> Spybot - Search & Destroy
24/09/2005 11:59 <REP> Strategy First
31/07/2006 14:17 <REP> TechCity Solutions
17/05/2004 08:47 <REP> The Playa
07/03/2007 19:23 <REP> THQ
04/09/2005 10:49 <REP> Titus
10/02/2007 16:27 <REP> Tokio Hotel Player
17/05/2004 23:22 <REP> Trend Micro
29/05/2006 18:50 <REP> UBISOFT
13/05/2004 08:55 <REP> Uninstall Information
01/10/2006 10:09 <REP> VideoLAN
10/11/2006 23:15 <REP> WebMediaPlayer
16/12/2006 07:26 <REP> Widelands
17/09/2005 15:59 <REP> WinAce
09/08/2006 01:37 <REP> Windows Live Safety Center
24/09/2006 14:05 <REP> Windows Live Toolbar
27/01/2007 18:46 <REP> Windows Media Connect 2
14/05/2004 05:52 <REP> Windows Media Player
06/11/2005 14:00 <REP> Windows Messaging
14/05/2004 05:52 <REP> Windows NT
25/10/2006 20:24 <REP> WinHTTrack
15/09/2006 22:07 <REP> Wireless 802.11g Monitor
14/05/2004 05:55 <REP> xerox
18/05/2004 23:20 <REP> XviD
21/01/2006 14:10 <REP> Yahoo!
25/05/2005 15:27 <REP> ZC2.10
1 fichier(s) 6 048 544 octets
109 Rép(s) 49 117 233 152 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.hotmail.msn.com REG_BINARY
www2.blogger.com REG_BINARY
www.fanfiction.net REG_BINARY
www.maisonsdumonde.com REG_BINARY
www.ateliers-lofts.com REG_BINARY
www.jingoo.com REG_BINARY
www.reflexphoto.fr REG_BINARY
lovable.xooit.com REG_BINARY

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\ERIC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L32UU00D.DEFAULT\HOSTPERM.1

******************************************
## Registre

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
01stopdartplay REG_SZ C:\Documents and Settings\All Users\Application Data\Lessfilm01stop\Phone Settings.exe

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
support idol REG_SZ C:\DOCUME~1\eric\APPLIC~1\DRIVEF~1\Move Intra Online.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 351F-0FEE

Répertoire de C:\WINDOWS

01/01/1980 00:00 520 HTMLHELP.HTM
01/01/1980 00:00 630 LISEZMOI.HTM
14/05/2004 05:25 2 910 upgrade.htm
3 fichier(s) 4 060 octets
0 Rép(s) 49 117 167 616 octets libres

*************** Fin du rapport ****************

chercheur_

Posté le 05/05/2007 00:12:54

C'est le bon rapport.
Au travail.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

AVG Anti-Spyware
http://www.ewido.net/en/download/
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {025392B7-6DC5-480D-8A19-C5C3CE01088D} - C:\WINDOWS\system32\adptif32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [01stopdartplay] C:\Documents and Settings\All Users\Application Data\Lessfilm01stop\Phone Settings.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [support idol] C:\DOCUME~1\eric\APPLIC~1\DRIVEF~1\Move Intra Online.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Documents and Settings\All Users\Application Data\Lessfilm01stop
C:\Documents and Settings\eric\Application Data\BitDownload
C:\Documents and Settings\eric\Application Data\driveford
C:\Program Files\BitDownload
C:\Program Files\driveford

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

6 Lance le nettoyage avec CCleaner.

7 Lance AVG Anti-Spyware.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

8 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'AVG Anti-Spyware

Diri-chan

Posté le 05/05/2007 01:16:56

heu... j'espère vraiment ne pas avoir fait de bétise. ( C'est bizarre, une zone Yahoo s'est installé en haut de mes pages web.. ma foi... )

Logfile of HijackThis v1.99.1
Scan saved at 01:14:17, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.fr/startpage/dialup/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Et là... ben je sais même pas si je te donne le bon truc.

; Application Cleaning file
; WARNING - DO NOT EDIT THIS FILE
;
; If you would like to create custom entries then create a new file
; called winapp2.ini which follows the same format as this one.
; CCleaner will automatically pick up the new file.
;
; Copyright ©2004-2007 Piriform Ltd, All Rights Reserved.
; This file and it's contents may not be copied or distributed
; without the express permission of the author.
;
; Notes
; ---------------------------------------
; LangSecRef
; 3021 = Applications
; 3022 = Internet
; 3023 = Multimedia
; 3024 = Utilities
; 3025 = Windows
; 3026 = Firefox/Mozilla
; 3027 = Opera

[Mozilla - Internet Cache]
LangSecRef=3026
LangRef=3161
Default=True
SpecialDetect=DET_MOZILLA
SpecialKey1=N_MOZ_CACHE

[Mozilla - Internet History]
LangSecRef=3026
LangRef=3162
Default=True
SpecialDetect=DET_MOZILLA
SpecialKey1=N_MOZ_HISTORY

[Mozilla - Download History]
LangSecRef=3026
LangRef=3163
Default=True
SpecialDetect=DET_MOZILLA
SpecialKey1=N_MOZ_DOWNLOAD

[Mozilla - Cookies]
LangSecRef=3026
LangRef=3102
Default=True
SpecialDetect=DET_MOZILLA
SpecialKey1=N_MOZ_COOKIES

[Mozilla - Saved Form Information]
LangSecRef=3026
LangRef=3164
Default=False
SpecialDetect=DET_MOZILLA
SpecialKey1=N_MOZ_FORM

[Opera - Internet Cache]
LangSecRef=3027
LangRef=3161
Default=True
SpecialDetect=DET_OPERA
SpecialKey1=N_OPERA_CACHE

[Opera - Internet History]
LangSecRef=3027
LangRef=3162
Default=True
SpecialDetect=DET_OPERA
SpecialKey1=N_OPERA_HISTORY

[Opera - Cookies]
LangSecRef=3027
LangRef=3102
Default=False
SpecialDetect=DET_OPERA
SpecialKey1=N_OPERA_COOKIES

[Adobe Acrobat Reader 5.0]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Acrobat Reader\5.0\AVGeneral\cRecentFiles
Default=True
RegKey1=HKCU\Software\Adobe\Acrobat Reader\5.0\AVGeneral\cRecentFiles

[Adobe Acrobat Reader 6.0]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Acrobat Reader\6.0\AVGeneral
Default=True
RegKey1=HKCU\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles

[Adobe Acrobat Reader 7.0]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Acrobat Reader\7.0\AVGeneral
Default=True
RegKey1=HKCU\Software\Adobe\Acrobat Reader\7.0\AVGeneral\cRecentFiles
FileKey1=%userprofile%\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70|*.*
FileKey2=%ProgramFiles%\Adobe\Acrobat 7.0\Reader|*.bak
FileKey3=%ProgramFiles%\Adobe\Acrobat 7.0\ActiveX|*.bak
FileKey4=%ProgramFiles%\Adobe\Acrobat 7.0\Reader\plug_ins|*.bak
FileKey5=%ProgramFiles%\Adobe\Acrobat 7.0\Reader\Updater|*.bak

[Adobe Reader 8.0]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Acrobat Reader\8.0\AVGeneral
Default=True
RegKey1=HKCU\Software\Adobe\Acrobat Reader\8.0\AVGeneral\cRecentFiles
FileKey1=%userprofile%\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80|*.*

[Adobe ImageReady 7.0]
LangSecRef=3021
Default=True
Detect=HKCU\Software\Adobe\ImageReady 7.0
RegKey1=HKCU\Software\Adobe\ImageReady 7.0\Preferences\URLHistory
RegKey2=HKCU\Software\Adobe\ImageReady 7.0\Preferences|SaveDir
RegKey3=HKCU\Software\Adobe\ImageReady 7.0\Preferences\RecentFiles

[Adobe Photoshop 6.0]
LangSecRef=3021
Default=True
Detect=HKCU\Software\Adobe\Photoshop\6.0
RegKey1=HKCU\Software\Adobe\Photoshop\6.0\VisitedDirs

[Adobe Photoshop 7.0]
LangSecRef=3021
Default=True
Detect=HKCU\Software\Adobe\Photoshop\7.0
RegKey1=HKCU\Software\Adobe\Photoshop\7.0\VisitedDirs

[Adobe Photoshop CS]
LangSecRef=3021
Default=True
Detect=HKCU\Software\Adobe\Photoshop\8.0
RegKey1=HKCU\Software\Adobe\Photoshop\8.0\VisitedDirs

[Adobe Photoshop CS2]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Photoshop\9.0
Default=True
RegKey1=HKCU\Software\Adobe\Photoshop\9.0\VisitedDirs
RegKey2=HKCU\Software\Adobe\MediaBrowser\MRU\Photoshop\FileList
FileKey1=%appdata%\Adobe\CameraRaw\Cache|*.*

[Windows Live Toolbar]
LangSecRef=3022
Detect=HKCU\Software\Microsoft\MSN Apps\SearchBox
Default=True
RegKey1=HKCU\Software\Microsoft\MSN Apps\SearchBox|History

[Google Toolbar]
LangSecRef=3022
Detect=HKCU\Software\Google\NavClient\1.1
Default=True
RegKey1=HKCU\Software\Google\NavClient\1.1\History
RegKey2=HKCU\Software\Google\NavClient\1.1\Options|KillPopupCount

[Google Toolbar 4.0]
LangSecRef=3022
Detect=HKCU\Software\Google\Google Toolbar
Default=True
FileKey1=%appdata%\Google\Local Search History|*.*

[Google Deskbar]
LangSecRef=3022
Detect=HKCU\Software\Google\Deskbar
Default=True
RegKey1=HKCU\Software\Google\Deskbar\termhistory
RegKey2=HKCU\Software\Google\Deskbar\urlhistory

[Windows Media Player]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\MediaPlayer\Player
Default=True
RegKey1=HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList
RegKey2=HKCU\Software\Microsoft\MediaPlayer\Player\RecentURLList
RegKey3=HKCU\Software\Microsoft\MediaPlayer\Preferences|LastPlayList
RegKey4=HKCU\Software\Microsoft\MediaPlayer\Preferences|LastPlayListIndex
RegKey5=HKCU\Software\Microsoft\MediaPlayer\Player\Settings|SaveAsDir
RegKey6=HKCU\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit
RegKey7=HKCU\Software\Microsoft\MediaPlayer\Radio\MRUList

[Real Player]
LangSecRef=3023
Detect=HKCU\Software\RealNetworks\RealPlayer\6.0
Default=True
RegKey1=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips1
RegKey2=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips2
RegKey3=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips3
RegKey4=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips4
RegKey5=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips5
RegKey6=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips6
RegKey7=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips7
RegKey8=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips8
RegKey9=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins1
RegKey10=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins2
RegKey11=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins3
RegKey12=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins4
RegKey13=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins5
RegKey14=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins6
RegKey15=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins7
RegKey16=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins8
RegKey17=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir
RegKey18=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips1
RegKey19=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips2
RegKey20=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips3
RegKey21=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips4
RegKey22=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips5
RegKey23=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips6
RegKey24=HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips7
FileKey1=%appdata%\Real\RealOne Player|cookies.txt
FileKey2=%appdata%\Real\RealOne Player|ctd.dat
FileKey3=%appdata%\Real\RealOne Player|realplayer.ste
FileKey4=%appdata%\Real\RealOne Player\History|*.*
FileKey5=%appdata%\Real\RealPlayer|cookies.txt
FileKey6=%appdata%\Real\RealPlayer|ctd.dat
FileKey7=%appdata%\Real\RealPlayer|realplayer.ste
FileKey8=%appdata%\Real\RealPlayer\History|*.*
FileKey9=%ProgramFiles%\Common Files\Real\Update_OB|RealPlayer-log.txt

[Quicktime Player]
LangSecRef=3023
Detect=HKLM\Software\Apple Computer, Inc.\QuickTime
Default=True
RegKey1=HKLM\Software\Apple Computer, Inc.\QuickTime\Recent Movies
FileKey1=%userprofile%|QTPlayerSession.xml
FileKey2=%appdata%\Apple Computer\QuickTime|QTPlayerSession.xml

[Quicktime Player Cache]
LangSecRef=3023
Detect=HKLM\Software\Apple Computer, Inc.\QuickTime
Default=True
FileKey1=%userprofile%\Local Settings\Application Data\Apple Computer\QuickTime\downloads|*.*|RECURSE

[AVI Preview]
LangSecRef=3023
Detect=HKCU\Software\Andrei Jefremov\AVIPreview by Andrei Jefremov, visit www.avipreview.com for more
Default=True
RegKey1=HKCU\Software\Andrei Jefremov\AVIPreview by Andrei Jefremov, visit www.avipreview.com for more\Recent File List

[XML Spy]
LangSecRef=3021
Detect=HKCU\Software\Altova\XML Spy
Default=True
RegKey1=HKCU\Software\Altova\XML Spy\Recent File List
RegKey2=HKCU\Software\Altova\XML Spy\Recent Project List

[SWiSH]
LangSecRef=3023
Detect=HKCU\Software\DJJ Holdings\SWiSH
Default=True
RegKey1=HKCU\Software\DJJ Holdings\SWiSH\Recent File List

[Paint Shop Pro 7.0]
LangSecRef=3023
Detect=HKCU\Software\Jasc\Paint Shop Pro 7
Default=True
RegKey1=HKCU\Software\Jasc\Paint Shop Pro 7\Recent File List
RegKey2=HKCU\Software\Jasc\Animation Shop 3\Recent File List
RegKey3=HKCU\Software\Jasc\Paint Shop Pro 7\General|FolderHistory
RegKey4=HKCU\Software\Jasc\Paint Shop Pro 7\General|SaveAsDirectory
RegKey5=HKCU\Software\Jasc\Paint Shop Pro 7\General|SaveCopyDirectory

[Paint Shop Pro 8.0]
LangSecRef=3023
Detect=HKCU\Software\Jasc\Paint Shop Pro 8
Default=True
RegKey1=HKCU\Software\Jasc\Paint Shop Pro 8\Recent File List
RegKey2=HKCU\Software\Jasc\Paint Shop Pro 8\WorkspaceMRU
RegKey3=HKCU\Software\Jasc\Paint Shop Pro 8\JascCmdPyScript\RunScript|FileName
RegKey4=HKCU\Software\Jasc\Paint Shop Pro 8\JascCmdFile\FileSaveAs|FileFolder
RegKey5=HKCU\Software\Jasc\Paint Shop Pro 8\JascCmdNonGraphic\SaveWorkspace|WorkspaceFilename
RegKey6=HKCU\Software\Jasc\Paint Shop Pro 8\ScriptMRU

[Paint Shop Pro 9.0]
LangSecRef=3023
Detect=HKCU\Software\Jasc\Paint Shop Pro 9
Default=True
RegKey1=HKCU\Software\Jasc\Paint Shop Pro 9\Recent File List
RegKey2=HKCU\Software\Jasc\Paint Shop Pro 9\WorkspaceMRU
Regkey3=HKCU\Software\Jasc\Paint Shop Pro 9\JascCmdFile\FileSaveAs|FileFolder
RegKey4=HKCU\Software\Jasc\Paint Shop Pro 9\JascCmdFile\FileOpen|Folder

[Paint Shop Pro X]
LangSecRef=3023
Detect=HKCU\Software\Corel\Paint Shop Pro\10
Default=True
RegKey1=HKCU\Software\Corel\Paint Shop Pro\10\Recent File List
RegKey2=HKCU\Software\Corel\Paint Shop Pro\10\WorkspaceMRU
Regkey3=HKCU\Software\Corel\Paint Shop Pro\10\CmdFile\FileSaveAs|FileFolder
RegKey4=HKCU\Software\Corel\Paint Shop Pro\10\CmdFile\FileOpen|Folder

[Paint Shop Pro XI]
LangSecRef=3023
Detect=HKCU\Software\Corel\Paint Shop Pro\11
Default=True
RegKey1=HKCU\Software\Corel\Paint Shop Pro\11\Recent File List
RegKey2=HKCU\Software\Corel\Paint Shop Pro\11\WorkspaceMRU
Regkey3=HKCU\Software\Corel\Paint Shop Pro\11\CmdFile\FileSaveAs|FileFolder
RegKey4=HKCU\Software\Corel\Paint Shop Pro\11\CmdFile\FileOpen|Folder

[MS Works 4.0]
LangSecRef=3021
Detect= HKCU\Software\Microsoft\Works\4.0
Default=True
RegKey1=HKCU\Software\Microsoft\Works\4.0\Recent File List

[Office 97]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\Office\8.0\Common
Default=True
FileKey1=%appdata%\Microsoft\Office\Recent|*.*
RegKey1=HKCU\Software\Microsoft\Office\8.0\Excel\Recent File List
RegKey2=HKCU\Software\Microsoft\Office\8.0\Project\Recent File List
RegKey3=HKCU\Software\Microsoft\Office\8.0\PowerPoint\Recent File List
RegKey4=HKCU\Software\Microsoft\Office\8.0\PowerPoint\Recent Folder List
RegKey5=HKCU\Software\Microsoft\Office\8.0\Common\Internet\LocationOfComponents
RegKey6=HKCU\Software\Microsoft\Office\8.0\Access\Settings

[Office XP]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\Office\10.0\Common
Default=True
FileKey1=%appdata%\Microsoft\Office\Recent|*.*
RegKey1=HKCU\Software\Microsoft\Office\10.0\PowerPoint\Recent File List
RegKey2=HKCU\Software\Microsoft\Office\10.0\Excel\Recent Files
RegKey3=HKCU\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
RegKey4=HKCU\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List
RegKey5=HKCU\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List
RegKey6=HKCU\Software\Microsoft\Office\10.0\Word\Recent Templates
RegKey7=HKCU\Software\Microsoft\Office\10.0\Common\Internet|UseRWHlinkNavigation
RegKey8=HKCU\Software\Microsoft\Office\10.0\Word\Data|Settings
RegKey9=HKCU\Software\Microsoft\Office\10.0\Access\Settings

[Office 2003]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\Office\11.0\Common
Default=True
FileKey1=%appdata%\Microsoft\Office\Recent|*.*
RegKey1=HKCU\Software\Microsoft\Office\11.0\Excel\Recent Files
RegKey2=HKCU\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Save As\File Name MRU
Regkey3=HKCU\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
Regkey4=HKCU\Software\Microsoft\Office\11.0\Publisher\Recent File List
Regkey5=HKCU\Software\Microsoft\Office\11.0\InfoPath\Recent File List
RegKey6=HKCU\Software\Microsoft\Office\11.0\Common\Internet\Server Cache
RegKey7=HKCU\Software\Microsoft\Office\11.0\Common\Internet|UseRWHlinkNavigation
RegKey8=HKCU\Software\Microsoft\MSPaper 11.0\Persist File Name
RegKey9=HKCU\Software\Microsoft\MSPaper 11.0\Recent File List
RegKey10=HKCU\Software\Microsoft\Office\11.0\Word\Data|Settings
RegKey11=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile1
RegKey12=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile2
RegKey13=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile3
RegKey14=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile4
RegKey15=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile5
RegKey16=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile6
RegKey17=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile7
RegKey18=HKCU\Software\Microsoft\Office\11.0\Visio\Application|LastFile8
RegKey19=HKCU\Software\Microsoft\Office\11.0\Outlook\Contact|QuickFindMRU
RegKey20=HKCU\Software\Microsoft\Office\11.0\Outlook\Contact|StripSearchMRU
RegKey21=HKCU\Software\Microsoft\Office\11.0\Outlook\Preferences|LocationMRU

[Office 2007]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\Office\12.0\Common
Default=True
FileKey1=%appdata%\Microsoft\Office\Recent|*.*
RegKey1=HKCU\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Word\Settings\Save As\File Name MRU
RegKey2=HKCU\Software\Microsoft\Office\12.0\Word\File MRU
RegKey3=HKCU\Software\Microsoft\Office\12.0\Excel\File MRU
RegKey4=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU1
RegKey5=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU2
RegKey6=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU3
RegKey7=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU4
RegKey8=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU5
RegKey9=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU6
RegKey10=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU7
RegKey11=HKCU\Software\Microsoft\Office\12.0\Access\Settings|MRU8
RegKey12=HKCU\Software\Microsoft\Office\12.0\PowerPoint\File MRU
RegKey13=HKCU\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office PowerPoint\Settings\Save As\File Name MRU
RegKey14=HKCU\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office InfoPath\Settings\Open\File Name MRU
RegKey15=HKCU\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office InfoPath\Settings\Save As\File Name MRU
RegKey16=HKCU\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Excel\Settings\Save As\File Name MRU
RegKey17=HKCU\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Publisher\Settings\Save As\File Name MRU
RegKey18=HKCU\Software\Microsoft\Office\12.0\Publisher\Recent File List
RegKey19=HKCU\Software\Microsoft\Office\12.0\InfoPath\Recent File List

[Installshield Developer 7.0]
LangSecRef=3021
Detect=HKCU\Software\InstallShield\Developer\7.0
Default=True
RegKey1=HKCU\Software\InstallShield\Developer\7.0\Recent File List

[Macromedia Flash 4.0]
LangSecRef=3023
Detect=HKCU\Software\Macromedia\Flash 4
Default=True
RegKey1=HKCU\Software\Macromedia\Flash 4\Recent File List

[Macromedia Flash 5.0]
LangSecRef=3023
Detect=HKCU\Software\Macromedia\Flash 5
Default=True
RegKey1=HKCU\Software\Macromedia\Flash 5\Recent File List

[Macromedia Flash MX]
LangSecRef=3023
Detect=HKCU\Software\Macromedia\Flash 6
Default=True
RegKey1=HKCU\Software\Macromedia\Flash 6\Recent File List

[Macromedia Flash MX 2004]
LangSecRef=3023
Detect=HKCU\Software\Macromedia\Flash 7
Default=True
RegKey1=HKCU\Software\Macromedia\Flash 7\Recent File List

[Adobe Flash Player]
LangSecRef=3023
Detect=HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}
Default=True
FileKey1=%appdata%\Macromedia\Flash Player|*.*|RECURSE

[Macromedia Homesite 5.0]
LangSecRef=3021
Detect=HKCU\Software\Macromedia\HomeSite5
Default=True
RegKey1=HKCU\Software\Macromedia\HomeSite5\RecentFiles

[Macromedia Fireworks 6.0]
LangSecRef=3021
Default=True
Detect=HKCU\Software\Macromedia\Firework 6
RegKey1=HKCU\Software\Macromedia\Firework 6\Recent File List

[Macromedia Dreamweaver MX]
LangSecRef=3021
Default=True
Detect=HKCU\Software\Macromedia\Dreamweaver MX 2004
RegKey1=HKCU\Software\Macromedia\Dreamweaver MX 2004\Recent File List

[Ulead Smart Saver Pro 3.0]
LangSecRef=3023
Detect=HKCU\Software\Ulead Systems\Ulead SmartSaver Pro\3.0
Default=True
RegKey1=HKCU\Software\Ulead Systems\Ulead SmartSaver Pro\3.0\Recent File List

[Norton AntiVirus]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Symantec\Norton AntiVirus NT\Install\7.50
Default=True
FileKey1=%allusersprofile%\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Logs|*.log
FileKey2=%userprofile%\Local Settings\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Logs|*.log
FileKey3=%allusersprofile%\Application Data\Symantec\LiveUpdate\Downloads|*.*

[Symantec AntiVirus]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50
Default=True
FileKey1=%allusersprofile%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs|*.log
FileKey2=%userprofile%\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs|*.log
FileKey3=%allusersprofile%\Application Data\Symantec\LiveUpdate\Downloads|*.*

[MS Snapshot Viewer]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Snapshot Viewer
Default=True
RegKey1=HKCU\Software\Microsoft\Snapshot Viewer\Recent File List

[Remote Desktop]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Terminal Server Client
Default=True
FileKey1=%userprofile%\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache|*.*
RegKey1=HKCU\Software\Microsoft\Terminal Server Client\Default

[MS Management Console]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Microsoft Management Console\Recent File List
Default=True
RegKey1=HKCU\Software\Microsoft\Microsoft Management Console\Recent File List

[MS Wordpad]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad
Default=True
RegKey1=HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

[MS Paint]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint
Default=True
RegKey1=HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

[MS Photo Editor]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor
Default=True
RegKey1=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastFile1
RegKey2=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastFile2
RegKey3=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastFile3
RegKey4=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastFile4
RegKey5=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastType1
RegKey6=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastType2
RegKey7=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastType3
RegKey8=HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor|LastType4

[Nero Burning ROM]
LangSecRef=3021
Detect=HKCU\Software\ahead\Nero - Burning Rom
Default=True
RegKey1=HKCU\Software\ahead\Nero - Burning Rom\Settings|BrowserDir
RegKey2=HKCU\Software\ahead\Nero - Burning Rom\Settings|ImageDir
RegKey3=HKCU\Software\ahead\Nero - Burning Rom\Settings|WorkingDir
RegKey4=HKLM\Software\Ahead\Nero - Burning Rom\Settings|ImageDir
RegKey5=HKLM\Software\Ahead\Nero - Burning Rom\Settings|BootImageDir
RegKey6=HKCU\Software\Ahead\Nero - Burning Rom\Recent File List
RegKey7=HKCU\Software\Ahead\Cover Designer\Recent File List
RegKey8=HKCU\Software\Ahead\Nero Wave Editor\Recent File List
FileKey1=%ProgramFiles%\Ahead\Nero|NeroHistory.log

[WinAce 2.0]
LangSecRef=3024
Detect=HKCU\Software\e-merge\WinAce\2.0
Default=True
RegKey1=HKCU\Software\e-merge\WinAce\2.0\Favorites
RegKey2=HKCU\Software\e-merge\WinAce\2.0\MRU Items

[SpyBot Search and Destroy]
LangSecRef=3024
Detect=HKCU\Software\PepiMK Software\SpybotSnD
Default=True
FileKey1=%allusersprofile%\Application Data\Spybot - Search & Destroy\Logs|*.*
FileKey2=%ProgramFiles%\Spybot - Search & Destroy|advdebug.txt
FileKey3=%allusersprofile%\Application Data\Spybot - Search & Destroy|Statistics.ini
FileKey4=%windir%\All Users\Application Data\Spybot - Search & Destroy\Logs|*.*
FileKey5=%windir%\All Users\Application Data\Spybot - Search & Destroy|Statistics.ini

[Ad-Aware SE Personal]
LangSecRef=3024
DetectFile=%ProgramFiles%\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Default=True
FileKey1=%ProgramFiles%\Lavasoft\Ad-Aware SE Personal|defs.ref.old
FileKey2=%userprofile%\Application Data\Lavasoft\Ad-Aware\Logs|*.txt

[Ad-Aware SE Professional]
LangSecRef=3024
DetectFile=%ProgramFiles%\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
Default=True
FileKey1=%ProgramFiles%\Lavasoft\Ad-Aware SE Professional|defs.ref.old
FileKey2=%userprofile%\Application Data\Lavasoft\Ad-Aware\Logs|*.txt

[Ad-Aware SE Plus]
LangSecRef=3024
DetectFile=%ProgramFiles%\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe
Default=True
FileKey1=%ProgramFiles%\Lavasoft\Ad-Aware SE Plus|defs.ref.old
FileKey2=%userprofile%\Application Data\Lavasoft\Ad-Aware\Logs|*.txt

[Webroot SpySweeper]
LangSecRef=3024
Detect=HKCU\Software\Webroot\SpySweeper
FileKey1=%ProgramFiles%\Webroot\Spy Sweeper\Temp|*.*
FileKey2=%userprofile%\Application Data\Webroot\Spy Sweeper\Logs|*Log.txt

[Driver Cleaner Pro]
LangSecRef=3024
DetectFile=%ProgramFiles%\Driver Cleaner Pro\DCleaner.exe
Default=True
FileKey1=%ProgramFiles%\Driver Cleaner Pro\Log|*.log

[Kazaa (Search History)]
LangSecRef=3022
Detect=HKCU\Software\Kazaa
Default=True
RegKey1=HKCU\Software\Kazaa\Search

[Netscape Navigator 4.x]
LangSecRef=3022
Detect=HKCU\Software\Netscape\Netscape Navigator\Main
Default=True
FileKey1=%ProgramFiles%\Netscape\Users\default|netscape.hst
FileKey2=%ProgramFiles%\Netscape\Users\default|cookies.txt
FileKey3=%ProgramFiles%\Netscape\Users\default\cache|*.*

[Microsoft Visual Studio 6.0]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\VisualStudio\6.0
Default=True
RegKey1=HKCU\Software\Microsoft\VisualStudio\6.0\FileMRUList
RegKey2=HKCU\Software\Microsoft\VisualStudio\6.0\MenuMRUList
RegKey3=HKCU\Software\Microsoft\VisualStudio\6.0\ProjectMRUList
RegKey4=HKCU\Software\Microsoft\Visual Basic\6.0\RecentFiles

[Axialis IconWorkshop]
LangSecRef=3023
Detect=HKCU\Software\Axialis\IconWorkshop
Default=True
RegKey1=HKCU\Software\Axialis\IconWorkshop\Recent File List
RegKey2=HKCU\Software\Axialis\IconWorkshop\CoolBarList
FileKey1=%userprofile%\Application Data\Axialis\Temporary Preview Files|*.*|RECURSE

[eMule (Search History)]
LangSecRef=3022
Detect=HKCU\Software\eMule
Default=True
FileKey1=%ProgramFiles%\eMule\config|AC_SearchStrings.dat

[eMule (File Hashes)]
LangSecRef=3022
Detect=HKCU\Software\eMule
Default=False
FileKey1=%ProgramFiles%\eMule\config|known.met
FileKey2=%ProgramFiles%\eMule\config|known2.met

[WinISO]
LangSecRef=3024
Detect=HKLM\Software\WinISO
Default=True
RegKey1=HKLM\Software\WinISO\Reopen

[IsoBuster]
LangSecRef=3021
Detect=HKCU\Software\Smart Projects\IsoBuster
Default=True
RegKey1=HKCU\Software\Smart Projects\IsoBuster|ImageFilePath

[Media Player Classic]
LangSecRef=3023
Detect=HKCU\Software\Gabest\Media Player Classic
Default=True
RegKey1=HKCU\Software\Gabest\Media Player Classic\Recent File List
RegKey2=HKCU\Software\Gabest\Media Player Classic\Recent Dub List
RegKey3=HKCU\Software\Gabest\Media Player Classic\Capture|FileName

[BSPlayer]
LangSecRef=3023
Detect=HKCU\Software\BST\bsplayer
Default=True
RegKey1=HKCU\Software\BST\bsplayer|File0
RegKey2=HKCU\Software\BST\bsplayer|File1
RegKey3=HKCU\Software\BST\bsplayer|File2
RegKey4=HKCU\Software\BST\bsplayer|File3
RegKey5=HKCU\Software\BST\bsplayer|File4
RegKey6=HKCU\Software\BST\bsplayer|File5
RegKey7=HKCU\Software\BST\bsplayer|File6
RegKey8=HKCU\Software\BST\bsplayer|File7
RegKey9=HKCU\Software\BST\bsplayer|File8
RegKey10=HKCU\Software\BST\bsplayer|File9

[Sound Forge 6.0]
LangSecRef=3022
Detect=HKCU\Software\Sonic Foundry\Sound Forge\6.0\Metrics
Default=True
RegKey1=HKCU\Software\Sonic Foundry\Sound Forge\6.0\Metrics|S30110
RegKey2=HKCU\Software\Sonic Foundry\Sound Forge\6.0\Metrics|S30111
RegKey3=HKCU\Software\Sonic Foundry\Sound Forge\6.0\Metrics|S30112
RegKey4=HKCU\Software\Sonic Foundry\Sound Forge\6.0\Metrics|S30113
RegKey5=HKCU\Software\Sonic Foundry\Sound Forge\6.0\Metrics|S30114
RegKey6=HKCU\Software\Sonic Foundry\Sound Forge\6.0\Metrics|S30115

[MSN Messenger]
LangSecRef=3022
Detect=HKCU\Software\Microsoft\MSNMessenger\PerPassportSettings
Default=True
RegKey1=HKCU\Software\Microsoft\MessengerService\ListCache\.NET Messenger Service

[WinZip]
LangSecRef=3024
Detect=HKCU\Software\Nico Mak Computing\WinZip
Default=True
RegKey1=HKCU\Software\Nico Mak Computing\WinZip\filemenu
RegKey2=HKCU\Software\Nico Mak Computing\WinZip\extract
RegKey3=HKCU\Software\Nico Mak Computing\WinZip\directories|DefDir
RegKey4=HKCU\Software\Nico Mak Computing\WinZip\directories|ExtractTo
RegKey5=HKCU\Software\Nico Mak Computing\WinZip\directories|gzAddDir
RegKey6=HKCU\Software\Nico Mak Computing\WinZip\directories|zDefDir
RegKey7=HKCU\Software\Nico Mak Computing\WinZip\directories|AddDir
RegKey8=HKCU\Software\Nico Mak Computing\WinZip\directories|gzExtractTo
RegKey9=HKCU\Software\Nico Mak Computing\WinZip\rrs\Opened

[WinRAR]
LangSecRef=3024
Detect=HKCU\Software\WinRAR
Default=True
RegKey1=HKCU\Software\WinRAR\ArcHistory
RegKey2=HKCU\Software\WinRAR\General|LastFolder
RegKey3=HKCU\Software\WinRAR\DialogEditHistory\Arcname
RegKey4=HKCU\Software\WinRAR\DialogEditHistory\ExtrPath

[7-Zip]
LangSecRef=3024
Default=True
Detect=HKCU\SOFTWARE\7-ZIP\
RegKey1=HKCU\SOFTWARE\7-ZIP\Compression\ArcHistory
RegKey2=HKCU\SOFTWARE\7-ZIP\Extraction\PathHistory
RegKey3=HKCU\Software\7-Zip\FM|CopyHistory
RegKey4=HKCU\Software\7-Zip\FM|FolderHistory
RegKey5=HKCU\Software\7-Zip\FM|PanelPath0

[PowerArchiver]
LangSecRef=3024
Detect=HKCU\Software\PowerArchiver
Default=True
RegKey1=HKCU\Software\PowerArchiver\Files|Active_File1
RegKey2=HKCU\Software\PowerArchiver\Files|Active_File2
RegKey3=HKCU\Software\PowerArchiver\Files|Active_File3
RegKey4=HKCU\Software\PowerArchiver\Files|Active_File4
RegKey5=HKCU\Software\PowerArchiver\Files|Active_File5
RegKey6=HKCU\Software\PowerArchiver\Files|Extract1
RegKey7=HKCU\Software\PowerArchiver\Files|Extract2
RegKey8=HKCU\Software\PowerArchiver\Files|Extract3
RegKey9=HKCU\Software\PowerArchiver\Files|Extract4
RegKey10=HKCU\Software\PowerArchiver\Files|Extract5
RegKey11=HKCU\Software\PowerArchiver\Files|Last open dir
RegKey12=HKCU\Software\PowerArchiver\Files|Last backup dir
RegKey13=HKCU\Software\PowerArchiver\Files|Last add dir

[ZipMagic]
LangSecRef=3024
Default=True
Detect=HKCU\Software\Mijenix\ZipMagic
RegKey1=HKCU\Software\Mijenix\ZipMagic\CurrentVersion\Recent
RegKey2=HKCU\Software\Mijenix\ZipMagic\CurrentVersion\Archive Manager\UnZip To
RegKey3=HKCU\Software\Mijenix\ZipMagic\CurrentVersion\UnZip To
RegKey4=HKCU\Software\Mijenix\ZipMagic\CurrentVersion\Zip To

[PicoZip]
LangSecRef=3024
Detect=HKCU\Software\PicoZip
Default=True
RegKey1=HKCU\Software\PicoZip\MRU Items
RegKey2=HKCU\Software\PicoZip\MRUExtract

[Sun Java]
LangSecRef=3022
Detect=HKLM\SOFTWARE\JavaSoft\Java Plug-in
Default=True
FileKey1=%userprofile%\Application Data\Sun\Java\Deployment\cache|*.*|RECURSE
FileKey2=%userprofile%\Application Data\Sun\Java\Deployment\javaws\cache|*.*|RECURSE

[FreshDownload]
LangSecRef=3022
Detect=HKCU\Software\FreshDevices\FreshDownload
Default=True
RegKey1=HKCU\Software\FreshDevices\FreshDownload\History

[Windows Movie Maker]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\MovieMaker
Default=True
FileKey1=%userprofile%\Local Settings\Application Data\Microsoft\Movie Maker|MEDIATAB0.DAT

[TextPad]
LangSecRef=3021
Detect=HKCU\Software\Helios\TextPad 4
Default=True
RegKey1=HKCU\Software\Helios\TextPad 4\Recent File List
RegKey2=HKCU\Software\Helios\TextPad 4\Recent Strings

[VirtualDub]
LangSecRef=3023
Default=True
Detect=HKCU\Software\Freeware\VirtualDub
RegKey1=HKCU\Software\Freeware\VirtualDub\MRU List

[RegEdit]
LangSecRef=3025
Default=True
RegKey1=HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit|LastKey

[AceHTML 5]
LangSecRef=3024
Default=True
Detect=HKCU\Software\Visicom Media\AceHTML 5 Freeware
RegKey1=HKCU\Software\Visicom Media\AceHTML 5 Freeware\Last URLs
RegKey2=HKCU\Software\Visicom Media\AceHTML 5 Freeware\Last Projects
RegKey3=HKCU\Software\Visicom Media\AceHTML 5 Freeware\Last Open
RegKey4=HKCU\Software\Visicom Media\AceHTML 5 Freeware\Last Files

[Alcohol 120%]
LangSecRef=3024
Default=True
Detect=HKCU\Software\Alcohol Soft\Alcohol 120%
RegKey1=HKCU\Software\Alcohol Soft\Alcohol 120%\MountedMRU

[LeechGet]
LangSecRef=3022
Default=True
Detect=HKCU\Software\Cronosoft\LeechGet
RegKey1=HKCU\Software\Cronosoft\LeechGet\History

[GetRight]
LangSecRef=3022
Default=True
Detect=HKCU\Software\Headlight\GetRight\
RegKey1=HKCU\Software\Headlight\GetRight\MRU
RegKey2=HKCU\Software\Headlight\GetRight\TypedURLS
RegKey3=HKCU\Software\Headlight\GetRight\Recent File List
FileKey1=%ProgramFiles%\GetRight|GetRight.hst

[Download Accelerator Plus]
LangSecRef=3022
Detect=HKCU\Software\SpeedBit\Download Accelerator
Default=True
RegKey1=HKLM\SOFTWARE\SpeedBit\Download Accelerator\FileList
RegKey2=HKCU\Software\SpeedBit\Download Accelerator\HistoryCombo
RegKey3=HKCU\Software\SpeedBit\Download Accelerator\ADS\SecondMedia
FileKey1=%ProgramFiles%\DAP\Temp|*.*
FileKey2=%ProgramFiles%\DAP\Ads|*.*
FileKey3=%ProgramFiles%\DAP\Log|*.*

[Morpheus]
LangSecRef=3022
Default=True
Detect=HKCU\Software\Morpheus
RegKey1=HKCU\Software\Morpheus\Morpheus\Recent File List

[VNCViewer 3]
LangSecRef=3024
Default=True
Detect=HKCU\Software\ORL\VNCviewer
RegKey1=HKCU\Software\ORL\VNCviewer\MRU

[VNCViewer 4]
LangSecRef=3024
Default=True
Detect=HKCU\Software\RealVNC\VNCviewer4
RegKey1=HKCU\Software\RealVNC\VNCviewer4\MRU

[DVD Shrink]
LangSecRef=3023
Default=True
Detect=HKCU\Software\DVD Shrink\
RegKey1=HKCU\Software\DVD Shrink\DVD Shrink 3.2\Recent Targets
RegKey2=HKCU\Software\DVD Shrink\DVD Shrink 3.2\Recent File List
RegKey3=HKCU\Software\DVD Shrink\DVDSHRINK103\TargetFiles
RegKey4=HKCU\Software\DVD Shrink\DVDSHRINK103\SourceFolders

[Tivo Desktop]
LangSecRef=3023
Default=True
Detect=HKCU\SOFTWARE\TiVo\Desktop
FileKey1=%userprofile%\Local Settings\Application Data\TiVo Desktop\Cache|*.*

[CA Anti-Virus]
LangSecRef=3024
Default=True
Detect=HKLM\SOFTWARE\ComputerAssociates\Anti-Virus
FileKey1=%ProgramFiles%\CA\eTrust Internet Security Suite\eTrust EZ Antivirus|*.log
FileKey2=%ProgramFiles%\CA\eTrust Internet Security Suite\eTrust EZ Antivirus|*log.txt
FileKey3=%ProgramFiles%\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ArcTemp|*.tmp
FileKey4=%allusersprofile%\Application Data\CA\Consumer\AV|*.tmp|RECURSE
FileKey5=%allusersprofile%\Application Data\CA\Consumer\AV|*.txt|RECURSE
FileKey6=%allusersprofile%\Application Data\CA\Consumer\CCube|*.tmp|RECURSE
FileKey7=%allusersprofile%\Application Data\CA\Consumer\CCube|*.txt|RECURSE
FileKey8=%allusersprofile%\Application Data\CA\Consumer\ISS\FeedStore|*.txt|RECURSE
FileKey9=%ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\ArcTemp|*.*
FileKey10=%ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\tmp|*.*

[ZoneAlarm (Logs)]
LangSecRef=3022
Detect=HKLM\SOFTWARE\Zone Labs\ZoneAlarm
Default=True
FileKey1=%windir%\Internet Logs|ZALog*.*

[Google Earth]
LangSecRef=3021
Detect=HKLM\SOFTWARE\Google\Google Earth Plus
Default=True
FileKey1=%userprofile%\Application Data\Google\GoogleEarth|dbcache.dat
FileKey2=%userprofile%\Application Data\Google\GoogleEarth|dbcache.dat.index
RegKey1=HKCU\Software\Google\Google Earth Plus\Search

[Microsoft AntiSpyware]
LangSecRef=3024
DetectFile=%ProgramFiles%\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
Default=True
FileKey1=%ProgramFiles%\Microsoft AntiSpyware|errors.log
FileKey2=%ProgramFiles%\Microsoft AntiSpyware|tracksEraser.log
FileKey3=%ProgramFiles%\Microsoft AntiSpyware|cleaner.log

[PerfectDisk 7.0]
LangSecRef=3024
Detect=HKCU\Software\Raxco\PerfectDisk\7.0
Default=True
FileKey1=%allusersprofile%\Application Data\Raxco\PerfectDisk\7.0|PerfectDisk.log

[PerfectDisk 8.0]
LangSecRef=3024
Detect=HKCU\Software\Raxco\PerfectDisk\8.0
Default=True
FileKey1=%allusersprofile%\Application Data\Raxco\PerfectDisk\8.0|PerfectDisk.log

[Azureus]
LangSecRef=3022
Detect=HKCU\Software\Azureus
Default=True
FileKey1=%userprofile%\Application Data\Azureus\logs|*.log
FileKey2=%userprofile%\Application Data\Azureus\logs\save|*.log

[CuteFTP Pro 7.0]
LangSecRef=3022
Detect=HKLM\SOFTWARE\GlobalSCAPE\CuteFTP 7 Professional
Default=True
FileKey1=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP Pro\7.0\Cache|*.*|RECURSE
FileKey2=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP Pro\7.0\CacheThumbs|*.*|RECURSE

[CuteFTP Home 7.0]
LangSecRef=3022
Detect=HKLM\SOFTWARE\GlobalSCAPE\CuteFTP 7 Home
Default=True
FileKey1=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP\7.0\Cache|*.*|RECURSE
FileKey2=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP\7.0\CacheThumbs|*.*|RECURSE

[CuteFTP Pro 8.0]
LangSecRef=3022
Detect=HKLM\SOFTWARE\GlobalSCAPE\CuteFTP 8 Professional
Default=True
FileKey1=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP Pro\8.0\Cache|*.*|RECURSE
FileKey2=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP Pro\8.0\CacheThumbs|*.*|RECURSE

[CuteFTP Home 8.0]
LangSecRef=3022
Detect=HKLM\SOFTWARE\GlobalSCAPE\CuteFTP 8 Home
Default=True
FileKey1=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP\8.0\Cache|*.*|RECURSE
FileKey2=%userprofile%\Local Settings\Application Data\GlobalSCAPE\CuteFTP\8.0\CacheThumbs|*.*|RECURSE

[ClamWin]
LangSecRef=3024
Detect=HKCU\Software\ClamWin
Default=True
FileKey1=%allusersprofile%\.clamwin\log|*.*
FileKey2=%userprofile%\.clamwin\log|*.*
FileKey3=%windir%\All Users\.clamwin\log|*.*

[Ewido Anti-Malware (Log)]
LangSecRef=3024
Detect=HKLM\Software\ewido
Default=True
FileKey1=%ProgramFiles%\Ewido\Security Suite|logfile.txt
FileKey2=%ProgramFiles%\Ewido Anti-Malware|logfile.txt

[AVG Anti-Spyware]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Grisoft\AVGAntiSpyware
Default=True
FileKey1=%ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5|logfile.txt

[Foxit Reader]
LangSecRef=3021
Detect=HKCU\Software\Foxit Software\Foxit Reader
Default=True
RegKey1=HKCU\Software\Foxit Software\Foxit Reader\Recent File List

[Paint.NET]
LangSecRef=3021
Detect=HKCU\Software\Paint.NET
Default=True
RegKey1=HKCU\Software\Paint.NET|MRU0
RegKey2=HKCU\Software\Paint.NET|MRU1
RegKey3=HKCU\Software\Paint.NET|MRU2
RegKey4=HKCU\Software\Paint.NET|MRU3
RegKey5=HKCU\Software\Paint.NET|MRU4
RegKey6=HKCU\Software\Paint.NET|MRU5
RegKey7=HKCU\Software\Paint.NET|MRU6
RegKey8=HKCU\Software\Paint.NET|MRU7
RegKey9=HKCU\Software\Paint.NET|MRU0Thumb
RegKey10=HKCU\Software\Paint.NET|MRU1Thumb
RegKey11=HKCU\Software\Paint.NET|MRU2Thumb
RegKey12=HKCU\Software\Paint.NET|MRU3Thumb
RegKey13=HKCU\Software\Paint.NET|MRU4Thumb
RegKey14=HKCU\Software\Paint.NET|MRU5Thumb
RegKey15=HKCU\Software\Paint.NET|MRU6Thumb
RegKey16=HKCU\Software\Paint.NET|MRU7Thumb

[OpenOffice 1.14]
LangSecRef=3021
DetectFile=%ProgramFiles%\OpenOffice.org1.1.4\program\soffice.exe
Default=True
FileKey1=%ProgramFiles%\OpenOffice.org1.1.4\user\registry\data\org\openoffice\Office|Common.xcu

[OpenOffice 2.0]
LangSecRef=3021
Detect=HKLM\SOFTWARE\OpenOffice.org\OpenOffice.org\2.0
Default=True
FileKey1=%appdata%\OpenOffice.org2\user\registry\data\org\openoffice\Office|Common.xcu

[OpenOffice 2.1]
LangSecRef=3021
Detect=HKLM\SOFTWARE\OpenOffice.org\OpenOffice.org\2.1
Default=True
FileKey1=%appdata%\OpenOffice.org2\user\registry\data\org\openoffice\Office|Common.xcu

[Grisoft AVG 7.0]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Grisoft\Avg7
Default=True
FileKey1=%allusersprofile%\Application Data\Grisoft\Avg7Data|*.log
FileKey2=%allusersprofile%\Application Data\Grisoft\Avg7Data\upd7bin|*.*
FileKey3=%allusersprofile%\Application Data\Grisoft\Avg7Data\$history|*.*
FileKey4=%allusersprofile%\Application Data\Grisoft\Avg7Data\avg7upd|*.log
FileKey5=%windir%\All Users\Application Data\Grisoft\Avg7Data\upd7bin|*.*
FileKey6=%windir%\All Users\Application Data\Grisoft\Avg7Data\avg7upd|$history
FileKey7=%windir%\All Users\Application Data\Grisoft\Avg7Data\avg7upd|*.log
FileKey8=%windir%\All Users\Application Data\Grisoft\Avg7Data|*.log
FileKey9=%windir%\Application Data\AVG7\Log|*.log

[AntiVir Personal Edition]
LangSecRef=3024
DetectFile=%ProgramFiles%\AVPersonal\AVGUARD.exe
Default=True
FileKey1=%ProgramFiles%\AVPersonal\AVTEST|*.*
FileKey2=%ProgramFiles%\AVPersonal\FAILSAVE|*.*
FileKey3=%ProgramFiles%\AVPersonal\INFECTED|*.*
FileKey4=%ProgramFiles%\AVPersonal\LOGFILES|*.*
FileKey5=%ProgramFiles%\AVPersonal\SYSSAVE|*.*
FileKey6=%ProgramFiles%\AVPersonal\TEMP|*.*
FileKey7=%ProgramFiles%\AVPersonal\TESTPATH|*.*
FileKey8=%ProgramFiles%\AVPersonal\UPDATE|*.*

[TUGZip]
LangSecRef=3024
Detect=HKCU\Software\TUGZip
Default=True
RegKey1=HKCU\Software\TUGZip|mainRecent
RegKey2=HKCU\Software\TUGZip|extrRecent
RegKey3=HKCU\Software\TUGZip|cmpWorkingDir

[Windows Defender]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows Defender
Default=True
FileKey1=%allusersprofile%\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick|*.*
FileKey2=%allusersprofile%\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource|*.*

[IZArc]
LangSecRef=3024
Detect=HKCU\Software\IZSoftware\IZArc
Default=True
RegKey1=HKCU\Software\IZSoftware\IZArc|AppCurrentDir
RegKey2=HKCU\Software\IZSoftware\IZArc|AppCurrentDir
RegKey3=HKCU\Software\IZSoftware\IZArc\Recent

PLus de CiD depuis plus de dix minutes, ca a marché ?

-->Message édité par Diri-chan le 05/05/2007 01:46:05<--

chercheur_

Posté le 05/05/2007 12:11:02

Bonjour

Hijackthis est propre.

Pour la barre Yahoo, va dans Ajout/Suppression de preogramme et désinstalle là.
Tu l'a installée en même temps que CCleaner, il fallait lire cequi était marqué et décocher la case "Ajouter la Barre d'Outils Yahoo!"

Tu n'as pas mis le rapport d'Avg anti-spyware.

Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Diri-chan

Posté le 05/05/2007 22:49:55

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:02:57 05/05/2007

+ Résultat de l'analyse:

C:\Documents and Settings\eric\Bureau\WinRAR.v3.51+ crack.zip/WinRAR.v3.51.WinALL.Cracked-CORE.zip/crack.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\eric\Bureau\WinRAR.v3.51+ crack.zip/crack.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

et pour Kaspersky... internet explorer à planté au bout de deux heures... Kaspersky n'en été même pas à 30%. Il faut que je recommence, heins ? :pleure:

chercheur_

Posté le 05/05/2007 23:02:56

Re

Les joies du PeerToPeer ... ---> WinRAR.v3.51+ crack.zip

C'est préfèrable de faire le scan avec Kaspersky, il y a peut être d'autres surprises.

Diri-chan