Se connecter / S'enregistrer
Votre question

Tr / dldr.agent.dfhk ( Résolu )

Tags :
  • Agent
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Mars 2010 15:34:27

bonjour , j'ai grandement besoin de votre aide voila a chaque fois que j'allume

mon pc mon antivirus détecte ce virus tr / dldr.agent.dfhk et il m'est impossible

de le supprimer , de plus j'ai plusieurs autres problème quand j'essaye d'aller

sur un site comme celui ci par exemple je suis très souvent dirigé sur un site

pour de la pub et aussi defois j'ai un message en anglais disant you request quelque chose avec un timer qui s'affiche en bas de la page , et mon autre problème c'est quand j'essaye d'éteindre mon pc

j'ai toujours le message "fin de programme internet explorer.exe

voila étant pas très bon en informatique je sollicite votre aide merci :) 

Autres pages sur : dldr agent dfhk resolu

22 Mars 2010 15:49:35

Salut,


on va regardé cela ...


Fait ce qui suit pour avoir un diagnostique précis de la situation :


Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau :

-> http://telechargement.zebulon.fr/zhpdiag.html

!! déconnecte toi et ferme toutes tes applications en cours !!

  • Double-clique sur "ZHPDiag.exe" pour lancer l'installation de l'outil et laisse toi guider ( ne modifie pas les paramètres d'installe et coche bien la case "créer une icone sur le bureau" afin d'avoir les raccourcis "ZHPDiag" et "ZHPFix" ) .

  • Lance ZHPDiag depuis le raccourci du bureau .

  • Une fois ZHPDiag ouvert, clique sur le bouton "option" en haut sur la droite ( celui avec le tournevis ) :

    une liste apparait dans l'encadré principal > vérifie que toutes les lignes soient bien cochées sauf les 045 et 061 ( important ! ) .

  • Puis clique sur le bouton de "la loupe" ( en haut à gauche ) pour lancer le scan .

    > Laisses travailler l'outil ...

  • Une fois terminé , le rapport s'affiche : clique sur bouton "disquette" pour sauvegarder le rapport obtenu ...
    Enregistre bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).

    ( Sinon le rapport sera en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag)


    Puis ferme le programme ...


    > rends toi ensuite sur ce site : http://www.cijoint.fr/

  • Clique sur "parcourir" et va jusqu'au rapport que tu as sauvegardé .
  • Clique ensuite sur "cliquer ici pour déposer le fichier" et patiente ...
  • Une fois l'upload finit , un lien apparait > copie/colle le dans ta prochaine réponse stp ....

    Contenus similaires
    22 Mars 2010 18:00:42

    Bien ....



    plusieurs infections ! ....



    /!\ Pour le bon déroulement de la désinfection :
  • Ne pas utiliser ce PC autrement que pour venir ici poursuivre la désinfection .
  • N'entreprends rien avec le PC sans mon autorisation et suis à la lettre les procédures qui vont suivre .
  • Prends bien connaisance de l'ensemble de ces procédures avant de te lancer .
  • Si tu as un quelconque problème, n' hésite pas à m'en faire part ( évite les prises de décision hasardeuses ).

    =============================================================


    Commence par ceci dans l'ordre :




    1- Tu as deux Antivirus actifs sur ton PC ( F-Sécure d'Orange et AntiVir ) : c'est 1 de trop ! Ralentissement et instabilité du système + conflit entre les AV + grosse faille de sécurité ...

    Donc, suivant si tu payes une licence chez l'un des deux , désinstalle en un proprement dès maintenant !...


    une fois ceci fait , enchaine ....


    ===============================

    2- Utilisation de l'outil ZHPFix :

    * Copie le tout le texte présent dans l'encadré ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )


    C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\iMSPCLOj.sys
    O2 - BHO: (no name) - {5B6986F0-8E5D-4DE7-A01A-74C61F2A6943} . (.Microsoft Corporation - DLL de configuration de Microsoft Connectio.) -- c:\windows\system32\zejskpv.dll
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At10.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At11.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At12.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At13.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At14.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At15.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At16.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At17.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At18.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At19.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At20.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At21.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At22.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At23.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At24.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At25.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At26.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At27.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At28.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At29.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At3.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At30.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At31.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At32.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At33.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At34.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At35.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At36.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At37.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At38.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At39.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At4.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At40.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At41.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At42.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At43.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At44.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At45.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At46.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At47.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At48.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At5.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At6.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At7.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At8.job
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At9.job
    O47 - AAKE:Key Export SP - "..." [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Documents and Settings\KIWANIS ARRAS\Mes documents\Téléchargements\PICT11032010JPG.scr:*:Enabled:Userinit
    O47 - AAKE:Key Export SP - "C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\22.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\22.exe
    O47 - AAKE:Key Export SP - "C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\58.jpg" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- NVIDIA Monitoring:*:Enabled:(null)
    O64 - Services: CurCS - C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\iMSPCLOj.sys - iMSPCLOj (iMSPCLOj) .(.Pas de propriétaire - Pas de description.) - LEGACY_IMSPCLOJ



    > Puis Lance ZHPFix depuis le raccouci du bureau .

    * Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

    * Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .


    Vérifie :
    - que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
    - que les lignes soient disposées les unes en dessous des autres lorsque tu les copies dans ZHPFix .

    * Puis clique sur le bouton [ OK ] .
    > à ce moment là , il apparaitra au début de chaque ligne une petite case vide . Ne touche plus à rien !

    !! Déconnecte toi, désactive tes défenses ( anti-virus,anti-spyware ) et ferme bien toutes autres applications ( navigateurs compris ) !!


    * Clique sur le bouton [ Tous ] . Vérifies que toutes les lignes soient bien cochées ( au niveau des 047 il y a un bug > coche seulement une sur deux ).


    * Enfin clique sur le bouton [ Nettoyer ] .


    -> laisse travailler l'outil et ne touche à rien ...


    -> Si il t'est demandé de redémarrer le PC pour finir le nettoyage , fais le !

    Une fois terminé , un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...

    ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ZHPFixReport.txt )

    Pense à réactiver tes défenses !...



    =========================


    3- Télécharge UsbFix ( de C_XX, Chimay8 & El desaparecido ) sur ton bureau :

    ici http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFi...
    ou ici http://chiquitine.changelog.fr/UsbFix.exe

    ! Déconnecte toi d'internet et ferme toutes applications en cours !


    Impératif :
    Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .


    # Double clique sur UsbFix.exe présent sur ton bureau pour lancer l'outil.

    # Choisis l' option 1 ( Recherche )

    # Laisse travailler l'outil et ne touche à rien pendant le scan .

    # Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.

    Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


    Note :
    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


    Site de l'auteur > http://pagesperso-orange.fr/NosTools/usbfix.html
    22 Mars 2010 19:00:24

    OK pour l'antivirus f secure de orange je n'arrive pas a le désinstaller j'ai paumer le cd d'installation et depuis il m'est impossible de l'enlever et je suis plus chez orange depuis un moment
    22 Mars 2010 19:22:35

    re,


    pas besoin du CD pour virer F-secure !....


    regarde dans ce dossier > C:\Program Files\Orange\AntivirusFirewall

    trouve et utilise l'utilitaire de désinstalle ....


    sinon fait ceci à la place :


    télécharge ce-ci sur ton bureau :


    > ftp://ftp.f-secure.com/support/tools/uitool/Uninstallat...

    Démarrer en mode sans echec .

    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    Comment aller en Mode sans échec :
    1) Redémarre ton ordi .
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
    3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
    4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
    5) Choisis ton compte habituel ( et pas Administrateur ).
    attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

    Lance " uninstallationTool.exe " et laisse toi guider ...


    une fois finit , redémarre ton PC ( retour mode normal ) et poursuit la manipe ....



    22 Mars 2010 20:02:22

    Bon ca a du fonctionner je ne trouve plus l'icône sur la barre de démarrer je vais pouvoir commencer la manip que vous m'avez demander de faire
    22 Mars 2010 20:03:07

    hatom62 a dit :
    Bon ca a du fonctionner je ne trouve plus l'icône sur la barre de démarrer je vais pouvoir commencer la manip que vous m'avez demander de faire



    Impec ...

    vas y donc ... J'attends les rapports demandés ....
    22 Mars 2010 20:12:58

    voici le rapport
    Fichier d'export Registre : C:\ZHPExportRegistry-22-03-2010-20-10-40.txt
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.ht...


    Processus mémoire :
    C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\iMSPCLOj.sys => Supprimé et mis en quarantaine
    C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\22.exe => Fichier absent

    Module mémoire :
    (Néant)

    Clé du Registre :
    O2 - BHO: (no name) - {5B6986F0-8E5D-4DE7-A01A-74C61F2A6943} . (.Microsoft Corporation - DLL de configuration de Microsoft Connectio.) -- c:\windows\system32\zejskpv.dll => Clé non supprimée

    Valeur du Registre :
    O47 - AAKE:Key Export SP - "..." [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Documents and Settings\KIWANIS ARRAS\Mes => Valeur absente
    O47 - AAKE:Key Export SP - "C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\22.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- => Valeur supprimée avec succès
    O47 - AAKE:Key Export SP - "C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\58.jpg" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- NVIDIA => Valeur supprimée avec succès

    Elément de données du Registre :
    (Néant)

    Dossier :
    (Néant)

    Fichier :
    c:\windows\system32\zejskpv.dll => Fichier supprimé au reboot
    c:\windows\tasks\at1.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at10.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at11.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at12.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at13.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at14.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at15.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at16.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at17.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at18.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at19.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at2.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at20.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at21.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at22.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at23.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at24.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at25.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at26.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at27.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at28.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at29.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at3.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at30.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at31.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at32.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at33.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at34.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at35.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at36.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at37.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at38.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at39.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at4.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at40.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at41.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at42.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at43.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at44.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at45.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at46.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at47.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at48.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at5.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at6.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at7.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at8.job => Supprimé et mis en quarantaine
    c:\windows\tasks\at9.job => Supprimé et mis en quarantaine

    Logiciel :
    (Néant)

    Script Registre :
    (Néant)

    Autre :
    documents\Téléchargements\PICT11032010JPG.scr:*:Enabled:Userinit => Format Non supporté
    Monitoring:*:Enabled:( null) => Format Non supporté


    Récapitulatif :
    Processus mémoire : 2
    Module mémoire : 0
    Clé du Registre : 1
    Valeur du Registre : 3
    Elément de données du Registre : 0
    Dossier : 0
    Fichier : 49
    Logiciel : 0
    Autre : 2


    End of the scan
    22 Mars 2010 20:22:28

    et voici le rapport avec usbfix

    User : KIWANIS ARRAS (Administrateurs) # KIWANIS-NKBT8XT
    Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 20:19:46 | 22/03/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Celeron(R) CPU 2.00GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 73,21 Go (29,15 Go free) # NTFS
    D:\ -> Disque CD-ROM

    ################## | Elements infectieux |

    C:\WINDOWS\cretae.dll.vbs
    C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\QDF.exe
    C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\QRC.exe
    C:\autorun.inf
    C:\a.txt

    ################## | Registre |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "mcafee"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\C
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cretae.dll.vbs

    HKCU\..\..\Explorer\MountPoints2\F
    Shell\AutoRun\command =F:\Info.exe folder.htt 480 480

    ################## | Vaccin |


    ################## | ! Fin du rapport # UsbFix V6.100 ! |

    22 Mars 2010 20:25:57

    Bien ....




    la suite dans l'ordre :



    1- ! Déconnecte toi d'internet et ferme toutes applications en cours !

    Impératif :
    Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .

    # Double clique sur UsbFix.exe présent sur ton bureau pour lancer l'outil .

    # Cette fois ci , tu choisis l' option 2 ( Suppression ) .

    > Ton bureau disparaitra et le pc redémarrera ( c'est normal ).

    # Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .

    # Une fois terminé, poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .


    ( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).

    /!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr pour ouvrir le Gestionnaire des Tâches > Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide ) /!\



    ============================


    2- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...

    22 Mars 2010 20:54:14

    voila le nouveau rapport usb fix
    Intel(R) Celeron(R) CPU 2.00GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 73,21 Go (29,1 Go free) # NTFS
    D:\ -> Disque CD-ROM

    ################## | Elements infectieux |

    Supprimé ! C:\WINDOWS\cretae.dll.vbs
    Supprimé ! C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\QDF.exe
    Supprimé ! C:\DOCUME~1\KIWANI~1\LOCALS~1\Temp\QRC.exe
    Supprimé ! C:\autorun.inf
    Supprimé ! C:\a.txt
    Supprimé ! C:\Recycler\S-1-5-21-527237240-1960408961-725345543-1004

    ################## | Registre |

    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "mcafee"

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\C\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [25/06/2004 09:35|--a------|0] C:\AUTOEXEC.BAT
    [18/01/2010 10:53|-rahs----|216] C:\boot.ini
    [24/04/2003 13:00|-rahs----|4952] C:\Bootfont.bin
    [17/09/2008 15:32|--a------|74] C:\CMLoader.log
    [25/06/2004 09:35|--a------|0] C:\CONFIG.SYS
    [28/06/2004 16:20|--a------|291] C:\hpfr5100.log
    [25/06/2004 09:35|-rahs----|0] C:\IO.SYS
    [25/06/2004 09:35|-rahs----|0] C:\MSDOS.SYS
    [22/07/2008 12:40|-rahs----|47564] C:\NTDETECT.COM
    [24/07/2008 16:07|-rahs----|252240] C:\ntldr
    [29/02/2004 16:44|--a------|52576] C:\orange.bmp
    [?|?|?] C:\pagefile.sys
    [06/09/2008 08:56|--a------|137654] C:\SystemEvent.log
    [22/03/2010 20:50|--a------|1955] C:\UsbFix.txt
    [06/09/2008 08:55|--a------|30228] C:\WinSSEvent.log
    [22/03/2010 20:10|--a------|12720] C:\ZHPExportRegistry-22-03-2010-20-10-40.txt

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | Upload |

    Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip : http://chiquitine.changelog.fr/Sample/Upload.php
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.100 ! |
    22 Mars 2010 21:34:19

    Bien ....



    on continue dans l'ordre :



    1- si ce n'est pas déjà fait , rends sur cette page :
    > http://chiquitine.changelog.fr/Sample/Upload.php

    * clique sur "parcourir" et va jusqu'au fichier C:\UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip .


    * En dessous de "Sélectionnez l'outil que vous venez d'utiliser", choisis UsbFix .

    * puis clique sur "envoyer le fichier" ... patiente le temps du transfère ...

    * Une fois terminé , tu peux supprimer le fichier UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip


    merci d'avoir fait cette remonté qui permettra aux auteurs de l'outil de travailler sur ce type d'infection et d'aider ainsi à ce que UsbFix soit de plus en plus performant ... :) 


    =========================


    2- Télécharge CCleaner :
    ici http://www.infos-du-net.com/telecharger/CCleaner,0301-1...
    ou ici http://www.commentcamarche.net/telecharger/telecharger-...

    Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
    Lors de l'installation:
    -choisis bien "français" en langue .
    -avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

    Un tuto ( aide ):
    http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.h...


    ---> Utilisation :
    *Décocher dans le menu Options - sous-menu Avancé :
    Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

    ! déconnecte toi et ferme toutes applications en cours !

    * va dans "nettoyeur" : fais -analyse- puis -nettoyage-
    * va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
    ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

    ( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


    ===============================

    3- Télécharge Malwarebytes :
    ici http://www.commentcamarche.net/telecharger/telecharger-...
    ou ici : http://www.malwarebytes.org/mbam.php
    ou ici : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    * Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour .

    (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : http://www.malekal.com/download/comctl32.ocx )

    * Potasse ce tuto pour te familiariser avec le prg :
    http://forum.pcastuces.com/sujet.asp?f=31&s=3
    ( cela dis, il est très simple d'utilisation ).

    ! Déconnecte toi et ferme toutes applications en cours !

    * Lance 'Malwarebytes' .

    Fais un examen dit " RAPIDE " .

    --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    --> à la fin tu cliques sur "résultat" .
    --> Vérifie que tous les objets infectés soient validés, puis clique sur "suppression".

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes', le dernier en date) pour analyse ...

    =========================


    4- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...


    22 Mars 2010 21:56:51

    merci encore pour votre aide j'ai un problème pour l'envoie C:\UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip . le dossier fait 7mo et sur le site ca me dit que je peut envoyer max 2 mo
    22 Mars 2010 22:06:43

    pas grave ...


    supprime le fichier zip et passe à la suite directement ...
    22 Mars 2010 22:53:26

    Voila le rapport malwarebytes' Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3901
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    22/03/2010 22:47:59
    mbam-log-2010-03-22 (22-47-59).txt

    Type de recherche: Examen rapide
    Eléments examinés: 115721
    Temps écoulé: 11 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b6986f0-8e5d-4de7-a01a-74c61f2a6943} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5b6986f0-8e5d-4de7-a01a-74c61f2a6943} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dspzgyun (Rootkit.Agent.BO) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Temp/tscflroa.dat (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tscflroa.dat (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tscflroa.dat (Rootkit.Agent) -> Delete on reboot.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\WINDOWS\system32\zejskpv.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\WINDOWS\system32\Drivers\dspzgyun.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\tscflroa.dat (Rootkit.Agent) -> Delete on reboot.
    22 Mars 2010 23:06:10

    Bien ....



    on avance .... ;) 


    fais ceci maintenant :


    1- Supprime tout ce qui se trouve dans la quarataine de Malwarebytes .


    =======================


    2- Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  • Ferme tes applications en cours ( ainsi que ton navigateur ) .
  • DESACTIVE TOUTES TES DEFENSES (anti-virus, garde anti spy-ware, pare-feu) le temps de la manipe.
    En effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !
    > Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
  • Tuto ( aide ) ici : http://www.bleepingcomputer.com/combofix/fr/comment-uti...
  • Note : pour XP, il est IMPERATIF d'installer la Console de Récupération de Windows si l'outil le demande ( voir tuto ci-dessus ).
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[ ! ATTENTION ! ]<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


    Ensuite :
    > Double-clique sur l'icône "Combofix.exe" pour lancer l'outil .
    > A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ...


    -- Pour XP, l' installation de la Console de Récupération sera demandé :
    * Laisse toi guider et fais l'installe de la "console de récupération" ( en anglais, "Windows Recovery Console" ) lorsque l'outil te le demandera ( important ! ).
    image > http://img.photobucket.com/albums/v706/ried7/RcAuto1.gi...
    *Une fois la console installée,
    image > http://img.photobucket.com/albums/v706/ried7/whatnext.p...
    Déconnecte toi si possible avant de cliquer sur "yes" pour lancer le scan --


    Notes importantes :
    -> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
    -> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
    -> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
    -> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

    Le rapport sera crée ici : C:\Combofix.txt

    Réactive bien tes défenses .


    > Poste le rapport Combofix pour analyse et attends la suite ...
    23 Mars 2010 12:17:53

    Bonjour, voici le rapport qui vous m'aviez demander hier soir ComboFix 10-03-22.03 - KIWANIS ARRAS 23/03/2010 12:02:51.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.283 [GMT 1:00]
    Lancé depuis: c:\documents and settings\KIWANIS ARRAS\Mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\extensions\{a32c327e-61ac-4fb4-82a2-6dd3b90a9f17}
    c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\extensions\{a32c327e-61ac-4fb4-82a2-6dd3b90a9f17}\chrome.manifest
    c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\extensions\{a32c327e-61ac-4fb4-82a2-6dd3b90a9f17}\chrome\xulcache.jar
    c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\extensions\{a32c327e-61ac-4fb4-82a2-6dd3b90a9f17}\defaults\preferences\xulcache.js
    c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\extensions\{a32c327e-61ac-4fb4-82a2-6dd3b90a9f17}\install.rdf
    c:\documents and settings\KIWANIS ARRAS\Application Data\screensaver_City.scr
    c:\windows\system32\reboot.txt

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-23 au 2010-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-22 21:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-22 21:16 . 2010-03-22 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-22 21:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-22 21:01 . 2010-03-22 21:01 -------- d-----w- c:\program files\CCleaner
    2010-03-22 19:50 . 2010-03-22 19:50 7431950 ----a-w- C:\UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip
    2010-03-22 19:17 . 2010-03-22 19:50 -------- d-----w- C:\UsbFix
    2010-03-22 18:17 . 2010-03-22 18:36 -------- d-----w- c:\program files\VS Revo Group
    2010-03-22 15:59 . 2010-03-22 19:10 -------- d-----w- c:\program files\ZHPDiag
    2010-03-19 13:16 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-03-19 13:16 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-03-19 13:16 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-03-19 13:16 . 2010-03-19 13:16 -------- d-----w- c:\program files\Avira
    2010-03-19 13:16 . 2010-03-19 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-03-16 15:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-16 14:06 . 2010-03-16 14:06 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
    2010-03-16 10:45 . 2010-03-16 10:45 -------- d-----w- c:\program files\Alwil Software
    2010-03-16 10:45 . 2010-03-16 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-03-12 15:06 . 2010-03-23 10:52 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Axialis
    2010-03-11 06:09 . 2010-03-11 06:09 -------- d-----w- C:\e369972bd0bfa6ac5802ef4b
    2010-03-02 20:20 . 2010-03-02 20:21 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft
    2010-03-02 20:20 . 2010-03-02 20:20 -------- d-----w- c:\program files\DVDVideoSoft
    2010-02-23 11:11 . 2010-02-23 11:11 -------- d-----w- c:\program files\Windows Live SkyDrive

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-21 14:06 . 2008-07-12 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-03-20 14:17 . 2008-10-13 19:25 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Application Data\teamspeak2
    2010-03-19 13:25 . 2009-07-03 12:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-03-16 14:52 . 2010-03-16 14:52 96512 ----a-w- c:\windows\system32\drivers\OLD355.tmp
    2010-03-16 14:30 . 2010-03-16 14:30 96512 ----a-w- c:\windows\system32\drivers\OLD280.tmp
    2010-03-12 12:12 . 2008-10-03 17:09 -------- d-----w- c:\program files\World of Warcraft
    2010-03-02 20:31 . 2009-11-02 18:20 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Application Data\vlc
    2010-02-28 11:17 . 2007-11-28 15:57 90112 ----a-w- c:\windows\DUMP8d1d.tmp
    2010-02-23 11:15 . 2009-05-07 13:44 -------- d-----w- c:\program files\Windows Live
    2010-02-17 11:59 . 2009-07-05 16:00 -------- d-----w- c:\program files\ma-config.com
    2010-02-17 11:59 . 2009-07-05 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2010-01-29 17:38 . 2007-11-28 17:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-29 17:18 . 2010-01-29 16:43 -------- d-----w- c:\program files\Micro Application
    2010-01-25 11:47 . 2007-11-28 15:57 90112 ----a-w- c:\windows\DUMP74f1.tmp
    2010-01-23 11:55 . 2009-05-07 13:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-05 09:56 . 2006-06-23 11:28 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 09:56 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 09:56 . 2003-04-24 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:50 . 2003-04-24 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Google Update"="c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "anvshell"="anvshell.exe" [2003-07-24 380928]
    "LiveNote"="livenote.exe" [2002-07-11 40960]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "Protect"="SHVRTF.EXE" [2003-12-02 1011712]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 1622016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\KIWANIS ARRAS\Menu D‚marrer\Programmes\D‚marrage\
    Magnifier.lnk - c:\windows\system32\magnify.exe [2004-6-25 73216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:56a6a6e2b

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [25/06/2004 09:53 231064]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/03/2010 14:16 108289]
    S0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]
    S2 oixscnjc;Player Recovery Device Control Helper;c:\windows\System32\svchost.exe -k netsvcs [24/04/2003 13:00 14336]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [?]
    S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\KIWANI~1\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\KIWANI~1\LOCALS~1\Temp\iMSPCLOj.sys [?]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [26/11/2009 18:03 131072]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [26/11/2009 18:03 79104]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [?]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    oixscnjc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1960408961-725345543-1004Core.job
    - c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 13:22]

    2010-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1960408961-725345543-1004UA.job
    - c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 13:22]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    FF - ProfilePath - c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/default.aspx
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/?mkt=fr-fr&FORM=MICI05&q=
    FF - plugin: c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    ShellIconOverlayIdentifiers-{5B6986F0-8E5D-4DE7-A01A-74C61F2A6943} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-23 12:10
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    Heure de fin: 2010-03-23 12:13:01
    ComboFix-quarantined-files.txt 2010-03-23 11:12

    Avant-CF: 32 063 283 200 octets libres
    Après-CF: 32 045 785 088 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

    Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=3,4,5,6
    - - End Of File - - D7B0F7DBB59E88E4727C15E5C7BA9E4E
    23 Mars 2010 12:44:16

    hello,


    on continue :


    1- Créer un doc texte sur ton bureau :
  • Pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

  • Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :


    File::
    C:\docume~1\KIWANI~1\LOCALS~1\Temp\iMSPCLOj.sys
    C:\UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip

    Driver::
    iMSPCLOj

    NetSvc::
    oixscnjc




  • Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : CFScript puis valide ...



    2- Nettoyage :

    !! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

    --> Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

    Regarde ici :


    Cette manipulation va relancer Combofix !

    Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

    ! Ne touches à rien tant que le scan n'est pas terminé !

    Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    -> Une fois le scan achevé, un rapport va s'afficher : poste le pour analyse ...


    ( Attention : cette manipe a été faite spécialement pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )


    ==========================

    3- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...

    23 Mars 2010 13:42:54

    Re, ok mais j'ai pas l'icône combo fix sur le bureau :) 
    23 Mars 2010 13:55:20

    hatom62 a dit :
    Re, ok mais j'ai pas l'icône combo fix sur le bureau :) 



    C'est que tu ne l'a pas téléchargé sur ton bureau comme je te l'avais demandé ! .... :pfff: 
    ( tu l'as mis ici > Mes documents\Téléchargements\ComboFix.exe )

    faut faire les manipes à la lettre ...


    Donc déplace le sur ton bureau !


    Puis fait la manipe demandé ...


    J'attends le rapport obtenu ....
    23 Mars 2010 14:22:25

    Voila j'ai fait comme vous m'avez demander j'ai déplacer CFScript sur l'icône combofix

    quand je l'ai déplacer dessus j'ai eut la fenêtre ou c'est marquer exécuter ou annuler

    donc voici le rapport : ComboFix 10-03-22.03 - KIWANIS ARRAS 23/03/2010 13:59:58.2.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.348 [GMT 1:00]
    Lancé depuis: c:\documents and settings\KIWANIS ARRAS\Mes documents\Téléchargements\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\KIWANIS ARRAS\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\docume~1\KIWANI~1\LOCALS~1\Temp\iMSPCLOj.sys"
    "C:\UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\UsbFix_Upload_Me_KIWANIS-NKBT8XT.zip

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IMSPCLOJ
    -------\Service_iMSPCLOj


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-23 au 2010-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-22 21:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-22 21:16 . 2010-03-22 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-22 21:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-22 21:01 . 2010-03-22 21:01 -------- d-----w- c:\program files\CCleaner
    2010-03-22 19:17 . 2010-03-22 19:50 -------- d-----w- C:\UsbFix
    2010-03-22 18:17 . 2010-03-22 18:36 -------- d-----w- c:\program files\VS Revo Group
    2010-03-22 15:59 . 2010-03-22 19:10 -------- d-----w- c:\program files\ZHPDiag
    2010-03-19 13:16 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-03-19 13:16 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-03-19 13:16 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-03-19 13:16 . 2010-03-19 13:16 -------- d-----w- c:\program files\Avira
    2010-03-19 13:16 . 2010-03-19 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-03-16 15:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-16 14:06 . 2010-03-16 14:06 96512 ------w- c:\windows\system32\drivers\atapi.sys
    2010-03-16 10:45 . 2010-03-16 10:45 -------- d-----w- c:\program files\Alwil Software
    2010-03-16 10:45 . 2010-03-16 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-03-12 15:06 . 2010-03-23 10:52 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Axialis
    2010-03-11 06:09 . 2010-03-11 06:09 -------- d-----w- C:\e369972bd0bfa6ac5802ef4b
    2010-03-02 20:20 . 2010-03-02 20:21 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft
    2010-03-02 20:20 . 2010-03-02 20:20 -------- d-----w- c:\program files\DVDVideoSoft
    2010-02-23 11:11 . 2010-02-23 11:11 -------- d-----w- c:\program files\Windows Live SkyDrive

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-21 14:06 . 2008-07-12 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-03-20 14:17 . 2008-10-13 19:25 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Application Data\teamspeak2
    2010-03-19 13:25 . 2009-07-03 12:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-03-16 14:52 . 2010-03-16 14:52 96512 ----a-w- c:\windows\system32\drivers\OLD355.tmp
    2010-03-16 14:30 . 2010-03-16 14:30 96512 ----a-w- c:\windows\system32\drivers\OLD280.tmp
    2010-03-12 12:12 . 2008-10-03 17:09 -------- d-----w- c:\program files\World of Warcraft
    2010-03-02 20:31 . 2009-11-02 18:20 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Application Data\vlc
    2010-02-28 11:17 . 2007-11-28 15:57 90112 ----a-w- c:\windows\DUMP8d1d.tmp
    2010-02-23 11:15 . 2009-05-07 13:44 -------- d-----w- c:\program files\Windows Live
    2010-02-17 11:59 . 2009-07-05 16:00 -------- d-----w- c:\program files\ma-config.com
    2010-02-17 11:59 . 2009-07-05 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2010-01-29 17:38 . 2007-11-28 17:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-29 17:18 . 2010-01-29 16:43 -------- d-----w- c:\program files\Micro Application
    2010-01-25 11:47 . 2007-11-28 15:57 90112 ----a-w- c:\windows\DUMP74f1.tmp
    2010-01-23 11:55 . 2009-05-07 13:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-05 09:56 . 2006-06-23 11:28 832512 ------w- c:\windows\system32\wininet.dll
    2010-01-05 09:56 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 09:56 . 2003-04-24 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:50 . 2003-04-24 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Google Update"="c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "anvshell"="anvshell.exe" [2003-07-24 380928]
    "LiveNote"="livenote.exe" [2002-07-11 40960]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "Protect"="SHVRTF.EXE" [2003-12-02 1011712]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 1622016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\KIWANIS ARRAS\Menu D‚marrer\Programmes\D‚marrage\
    Magnifier.lnk - c:\windows\system32\magnify.exe [2004-6-25 73216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:56a6a6e2b

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [25/06/2004 09:53 231064]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/03/2010 14:16 108289]
    S0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]
    S2 oixscnjc;Player Recovery Device Control Helper;c:\windows\System32\svchost.exe -k netsvcs [24/04/2003 13:00 14336]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [?]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [26/11/2009 18:03 131072]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [26/11/2009 18:03 79104]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [?]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1960408961-725345543-1004Core.job
    - c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 13:22]

    2010-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1960408961-725345543-1004UA.job
    - c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 13:22]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    FF - ProfilePath - c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/default.aspx
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/?mkt=fr-fr&FORM=MICI05&q=
    FF - plugin: c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-23 14:09
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(3140)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-03-23 14:13:22 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-03-23 13:13
    ComboFix2.txt 2010-03-23 11:13

    Avant-CF: 32 030 183 424 octets libres
    Après-CF: 31 935 266 816 octets libres

    Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=3,4,5,6
    - - End Of File - - E263FE2E217C056AA40E334C3461C511
    23 Mars 2010 16:37:46

    Bon ....



    1- on va reprendre la même manipe et tu vas mettre ceci dans le CFScript :


    Driver::
    oixscnjc
    FSFW
    F-Secure Gatekeeper
    F-Secure Filter
    F-Secure Recognizer
    F-Secure Gatekeeper Handler Starter
    F-Secure HIPS
    FSDFWD
    FSAUA
    FSMA
    dspzgyun
    mountmgr



    Poste moi le nouveau rapport ComboFix obtenu ....


    ============================

    2- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...


    23 Mars 2010 17:20:26

    Ok je vais faire de suite et merci encore de consacrer un peu de votre temps a ressoudre mon problème :) 
    23 Mars 2010 17:56:42

    Re , j'ai eut un problème après le scan combofix le pc a redémarrer et la j'ai eut un écran bleu avec marquer dessus 000000x21a erreur irrécupérable système arrêter j'ai du redémarrer le pc et taper f5 pour faire dernière bonne configuration sinon il m'était impossible de démarrer le pc j'ai quand même eut le résultat du scan combofix : ComboFix 10-03-22.04 - KIWANIS ARRAS 23/03/2010 17:28:36.3.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.292 [GMT 1:00]
    Lancé depuis: c:\documents and settings\KIWANIS ARRAS\Mes documents\Téléchargements\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\KIWANIS ARRAS\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DSPZGYUN
    -------\Legacy_F-SECURE_FILTER
    -------\Legacy_F-SECURE_GATEKEEPER
    -------\Legacy_F-SECURE_GATEKEEPER_HANDLER_STARTER
    -------\Legacy_F-SECURE_HIPS
    -------\Legacy_F-SECURE_RECOGNIZER
    -------\Legacy_FSAUA
    -------\Legacy_FSDFWD
    -------\Legacy_FSFW
    -------\Legacy_FSMA
    -------\Legacy_MOUNTMGR
    -------\Legacy_OIXSCNJC
    -------\Service_F-Secure Filter
    -------\Service_F-Secure Gatekeeper
    -------\Service_F-Secure Gatekeeper Handler Starter
    -------\Service_F-Secure Recognizer
    -------\Service_FSAUA
    -------\Service_FSDFWD
    -------\Service_FSFW
    -------\Service_FSMA
    -------\Service_MountMgr
    -------\Service_oixscnjc


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-23 au 2010-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-22 21:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-22 21:16 . 2010-03-22 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-22 21:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-22 21:01 . 2010-03-22 21:01 -------- d-----w- c:\program files\CCleaner
    2010-03-22 19:17 . 2010-03-22 19:50 -------- d-----w- C:\UsbFix
    2010-03-22 18:17 . 2010-03-22 18:36 -------- d-----w- c:\program files\VS Revo Group
    2010-03-22 15:59 . 2010-03-22 19:10 -------- d-----w- c:\program files\ZHPDiag
    2010-03-19 13:16 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-03-19 13:16 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-03-19 13:16 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-03-19 13:16 . 2010-03-19 13:16 -------- d-----w- c:\program files\Avira
    2010-03-19 13:16 . 2010-03-19 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-03-16 15:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-16 14:06 . 2010-03-16 14:06 96512 ------w- c:\windows\system32\drivers\atapi.sys
    2010-03-16 10:45 . 2010-03-16 10:45 -------- d-----w- c:\program files\Alwil Software
    2010-03-16 10:45 . 2010-03-16 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-03-12 15:06 . 2010-03-23 10:52 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Axialis
    2010-03-11 06:09 . 2010-03-11 06:09 -------- d-----w- C:\e369972bd0bfa6ac5802ef4b
    2010-03-02 20:20 . 2010-03-02 20:21 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft
    2010-03-02 20:20 . 2010-03-02 20:20 -------- d-----w- c:\program files\DVDVideoSoft
    2010-02-23 11:11 . 2010-02-23 11:11 -------- d-----w- c:\program files\Windows Live SkyDrive

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-21 14:06 . 2008-07-12 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-03-20 14:17 . 2008-10-13 19:25 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Application Data\teamspeak2
    2010-03-19 13:25 . 2009-07-03 12:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-03-16 14:52 . 2010-03-16 14:52 96512 ----a-w- c:\windows\system32\drivers\OLD355.tmp
    2010-03-16 14:30 . 2010-03-16 14:30 96512 ----a-w- c:\windows\system32\drivers\OLD280.tmp
    2010-03-12 12:12 . 2008-10-03 17:09 -------- d-----w- c:\program files\World of Warcraft
    2010-03-02 20:31 . 2009-11-02 18:20 -------- d-----w- c:\documents and settings\KIWANIS ARRAS\Application Data\vlc
    2010-02-28 11:17 . 2007-11-28 15:57 90112 ----a-w- c:\windows\DUMP8d1d.tmp
    2010-02-23 11:15 . 2009-05-07 13:44 -------- d-----w- c:\program files\Windows Live
    2010-02-17 11:59 . 2009-07-05 16:00 -------- d-----w- c:\program files\ma-config.com
    2010-02-17 11:59 . 2009-07-05 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2010-01-29 17:38 . 2007-11-28 17:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-29 17:18 . 2010-01-29 16:43 -------- d-----w- c:\program files\Micro Application
    2010-01-25 11:47 . 2007-11-28 15:57 90112 ----a-w- c:\windows\DUMP74f1.tmp
    2010-01-23 11:55 . 2009-05-07 13:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-05 09:56 . 2006-06-23 11:28 832512 ------w- c:\windows\system32\wininet.dll
    2010-01-05 09:56 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 09:56 . 2003-04-24 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:50 . 2003-04-24 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Google Update"="c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "anvshell"="anvshell.exe" [2003-07-24 380928]
    "LiveNote"="livenote.exe" [2002-07-11 40960]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "Protect"="SHVRTF.EXE" [2003-12-02 1011712]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 1622016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\KIWANIS ARRAS\Menu D‚marrer\Programmes\D‚marrage\
    Magnifier.lnk - c:\windows\system32\magnify.exe [2004-6-25 73216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:56a6a6e2b

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [25/06/2004 09:53 231064]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/03/2010 14:16 108289]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [26/11/2009 18:03 131072]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [26/11/2009 18:03 79104]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1960408961-725345543-1004Core.job
    - c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 13:22]

    2010-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1960408961-725345543-1004UA.job
    - c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 13:22]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    FF - ProfilePath - c:\documents and settings\KIWANIS ARRAS\Application Data\Mozilla\Firefox\Profiles\iy4ux319.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/default.aspx
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/?mkt=fr-fr&FORM=MICI05&q=
    FF - plugin: c:\documents and settings\KIWANIS ARRAS\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-23 17:45
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...
    23 Mars 2010 17:59:39

    re,


    bizard ce crach ...


    supprime ce dossier stp > c:\documents and settings\All Users\Application Data\F-Secure



    Puis refait ZHPdiag comme demandé stp ...
    23 Mars 2010 18:03:28

    je relance le scan ZHpdiag je vous envoi ca de suite
    23 Mars 2010 18:26:41

    Bon ....


    une salté s'accroche sévèrement ... il me faut plus d'info ...



    fait ceci :


    1- Télécharge gmer sur le bureau et dézippe-le (clic droit et "extraire ici") :

    http://www.gmer.net/gmer.zip

    !! Déconnecte toi, désactive tes défenses ( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe ( naviguateurs compris ) !!

    * Double-clique sur gmer.exe pour lancer l'outil.
    * Met toi bien sur l'onglet "rootkit", puis clique sur [scan] .
    * A la fin du scan, clique sur le bouton copy.
    * Puis va dans le menu "démarrer"> "programmes" > accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.

    > poste le contenu du rapport stp ...


    ========================

    2- Télécharge SEAF ( de C__XX ) sur ton bureau :

    ici http://pagesperso-orange.fr/NosTools/C_XX/SEAF.exe
    ou ici http://forum-aide-contre-virus.be/download/C_XX/SEAF.ex...

    ! Ferme toutes applications en cours !

  • Double clique sur "SEAF.exe" ( clique droit et "Exécuter en tant qu'administrateur" pour Vista / 7 ) pour lancer l'outil.
  • Dans l'encardré blanc " Entrez ci dessous...." copie/colle ceci :

    dspzgyun,oixscnjc,mountmgr


  • Au niveau des "options des fichiers ", fait les réglages suivant :
    > A "Calculer le checksum" , choisis : MD5
    > Coche la case devant " Info. supplémentaire ".
    > Coche la case devant " Afficher les ADS "

  • Au niveau des " options du registre " :
    > coche " chercher également dans le registre "

    ( ne touche à aucun autre réglage )

  • Clique sur " Lancer la recherche " et laisse travailler l'outil ...

    ( cela peut-être plus ou moins long suivant les cas ).

    --> Une fois terminé, une fenêtre avec un log .txt va s'afficher. Enregistre ce rapport de façon à le retrouver facilement ( sur le bureau par exemple ). Sinon il sera en outre sauvegardé à la racine de ton disque dur ( ici > C:\SEAFLog.txt )

    --> Copie/colle le contenu de ce rapport dans ta prochaine réponse . Si le rapport est trop long, utilise le site d'uplaod "Cijoint" pour me le faire parvenir > http://www.cijoint.fr/



    23 Mars 2010 20:51:07

    voila le rapport SEAF :1. ========================= SEAF 1.0.0.7 - C_XX
    2.
    3. Commencé à: 20:47:53 le 23/03/2010
    4.
    5. Valeur(s) recherchée(s):
    6.
    7. dspzgyun
    8. oixscnjc
    9. mountmgr
    10.
    11. (!) --- Calcul du Hash "MD5"
    12. (!) --- Affichage des ADS
    13. (!) --- Informations supplémentaires
    14. (!) --- Recherche registre
    15.
    16. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
    17.
    18. "c:\WINDOWS\system32\drivers\mountmgr.sys" [ ----A---- | 42368 ]
    19. TC: 24/04/2003,13:00:00 | TM: 13/04/2008,19:39:46 | DA: 23/03/2010,20:05:28
    20. MD5: a80b9a0bad1b73637dbcbba7df72d3fd
    21.
    22.
    23. CompagnyName: Microsoft Corporation
    24. ProductName: Microsoft® Windows® Operating System
    25. InternalName: mountmgr.sys
    26. OriginalFilename: mountmgr.sys
    27. LegalCopyright: © Microsoft Corporation. All rights reserved.
    28. ProductVersion: 5.1.2600.5512
    29. FileVersion: 5.1.2600.5512 (xpsp.080413-2108)
    30.
    31. =========================
    32.
    33. "c:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\mountmgr.sys" [ ----A---- | 42240 ]
    34. TC: 04/08/2004,06:58:30 | TM: 04/08/2004,06:58:30 | DA: 19/03/2010,16:00:59
    35. MD5: 65653f3b4477f3c63e68a9659f85ee2e
    36.
    37.
    38. CompagnyName: Microsoft Corporation
    39. ProductName: Microsoft® Windows® Operating System
    40. InternalName: mountmgr.sys
    41. OriginalFilename: mountmgr.sys
    42. LegalCopyright: © Microsoft Corporation. All rights reserved.
    43. ProductVersion: 5.1.2600.2180
    44. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    45.
    46. =========================
    47.
    48. "c:\WINDOWS\ServicePackFiles\i386\mountmgr.sys" [ ----N---- | 42368 ]
    49. TC: 04/08/2004,06:58:30 | TM: 13/04/2008,19:39:46 | DA: 19/03/2010,15:56:57
    50. MD5: a80b9a0bad1b73637dbcbba7df72d3fd
    51.
    52.
    53. CompagnyName: Microsoft Corporation
    54. ProductName: Microsoft® Windows® Operating System
    55. InternalName: mountmgr.sys
    56. OriginalFilename: mountmgr.sys
    57. LegalCopyright: © Microsoft Corporation. All rights reserved.
    58. ProductVersion: 5.1.2600.5512
    59. FileVersion: 5.1.2600.5512 (xpsp.080413-2108)
    60.
    61. =========================
    62.
    63. "c:\Qoobox\Quarantine\Registry_backups\Legacy_DSPZGYUN.reg.dat" [ ----A---- | 1044 ]
    64. TC: 23/03/2010,17:33:28 | TM: 23/03/2010,17:33:28 | DA: 23/03/2010,17:33:28
    65. MD5: daeaa04e331f31d7b5c144fee000a545
    66.
    67.
    68.
    69. =========================
    70.
    71. "c:\Qoobox\Quarantine\Registry_backups\Legacy_MOUNTMGR.reg.dat" [ ----A---- | 1438 ]
    72. TC: 23/03/2010,17:33:28 | TM: 23/03/2010,17:33:28 | DA: 23/03/2010,17:33:28
    73. MD5: db044a5cbda628dfb3185c34c38fc525
    74.
    75.
    76.
    77. =========================
    78.
    79. "c:\Qoobox\Quarantine\Registry_backups\Legacy_OIXSCNJC.reg.dat" [ ----A---- | 864 ]
    80. TC: 23/03/2010,17:33:28 | TM: 23/03/2010,17:33:28 | DA: 23/03/2010,17:33:28
    81. MD5: def831380cea42b497e30c34221b62f3
    82.
    83.
    84.
    85. =========================
    86.
    87. "c:\Qoobox\Quarantine\Registry_backups\Service_MountMgr.reg.dat" [ ----A---- | 964 ]
    88. TC: 23/03/2010,17:33:35 | TM: 23/03/2010,17:33:35 | DA: 23/03/2010,17:33:35
    89. MD5: 7450f430fb0fc950d0ec08903d333a16
    90.
    91.
    92.
    93. =========================
    94.
    95. "c:\Qoobox\Quarantine\Registry_backups\Service_oixscnjc.reg.dat" [ ----A---- | 2184 ]
    96. TC: 23/03/2010,17:33:35 | TM: 23/03/2010,17:33:35 | DA: 23/03/2010,17:33:35
    97. MD5: b63c8c5dc87ca884d48cb0c4917f1884
    98.
    99.
    100.
    101. =========================
    102.
    103. "c:\cmdcons\MOUNTMGR.SY_" [ ----A---- | 20981 ]
    104. TC: 03/08/2004,22:58:32 | TM: 03/08/2004,22:58:32 | DA: 23/03/2010,12:01:00
    105. MD5: 987b2083aa3cdb84e6739573eebff92e
    106.
    107.
    108.
    109. =========================
    110.
    111. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
    112.
    113. Aucun dossier trouvé
    114.
    115.
    116. ====== Entrée(s) du registre ======
    117.
    118.
    119.
    120. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DSPZGYUN\0000]
    121. "DeviceDesc"="dspzgyun"
    122.
    123. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DSPZGYUN\0000]
    124. "Service"="dspzgyun"
    125.
    126. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_DSPZGYUN\0000]
    127. "DeviceDesc"="dspzgyun"
    128.
    129. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_DSPZGYUN\0000]
    130. "Service"="dspzgyun"
    131.
    132. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSPZGYUN\0000]
    133. "DeviceDesc"="dspzgyun"
    134.
    135. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSPZGYUN\0000]
    136. "Service"="dspzgyun"
    137.
    138.
    139.
    140. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OIXSCNJC\0000]
    141. "Service"="oixscnjc"
    142.
    143. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_BEEP\xx_oixscnjc_xx]
    144. "Service"="oixscnjc"
    145.
    146. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OIXSCNJC\0000]
    147. "Service"="oixscnjc"
    148.
    149. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OIXSCNJC\0000]
    150. "Service"="oixscnjc"
    151.
    152.
    153.
    154. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MOUNTMGR\0000]
    155. "Service"="MountMgr"
    156.
    157. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    158. "DeviceDesc"="mountmgr"
    159.
    160. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    161. "Service"="mountmgr"
    162.
    163. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_BEEP\xx_MountMgr_xx]
    164. "Service"="MountMgr"
    165.
    166. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    167. "DeviceDesc"="mountmgr"
    168.
    169. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    170. "Service"="mountmgr"
    171.
    172. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_MOUNTMGR\0000]
    173. "Service"="MountMgr"
    174.
    175. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_MOUNTMGR\0000\Control]
    176. "ActiveService"="MountMgr"
    177.
    178. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    179. "DeviceDesc"="mountmgr"
    180.
    181. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    182. "Service"="mountmgr"
    183.
    184. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_ÍOUNTMGR\0000\Control]
    185. "ActiveService"="MountMgr"
    186.
    187. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOUNTMGR\0000]
    188. "Service"="MountMgr"
    189.
    190. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOUNTMGR\0000\Control]
    191. "ActiveService"="MountMgr"
    192.
    193. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    194. "DeviceDesc"="mountmgr"
    195.
    196. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ÍOUNTMGR\0000]
    197. "Service"="mountmgr"
    198.
    199. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ÍOUNTMGR\0000\Control]
    200. "ActiveService"="MountMgr"
    201.
    202. =========================
    203.
    204. Fin à: 20:49:56 le 23/03/2010 ( E.O.F )
    23 Mars 2010 21:34:38

    bien ...


    le crach est dû à une mauvaise interprétation de ma part ... désolé ! ... :sweat: 




    fait ceci dans l'ordre :



    1- Télécharge OTM (de Old_Timer) sur ton bureau :

    http://oldtimer.geekstogo.com/OTM.exe


    Double clique sur "OTM.exe" pour ouvrir le prg .

    Puis copie ce qui se trouve en citation ci-dessous,


    :Services
    dspzgyun
    oixscnjc

    :Reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DSPZGYUN]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_DSPZGYUN]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSPZGYUN]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OIXSCNJC]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_BEEP\xx_oixscnjc_xx]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OIXSCNJC]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OIXSCNJC]

    :Commands
    [purity]
    [emptytemp]
    [Reboot]



    et colle le dans le cadre de gauche de OTM (Paste Instructions for items to be moved ).
    Ne touche à rien d'autre !

    ! Déconnecte toi et ferme toutes tes applications en cours ( navigateurs compris ) !

    -> clique sur MoveIt! pour lancer le nettoyage .

    -> laisse travailler l'outil ...

    -> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .

    Ton PC va redémarrer de lui même pour finir la suppression ...

    Lors du redémarrage , si on te demande d'autoriser l'exécution d' OTM , accepte ( pour que l'outil finisse son boulot ... ).

    --> Poste le contenu du rapport qui se trouve dans le dossier " C:\_OTM\MovedFiles "
    ( c'est " xxxx2010_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).


    =========================

    2- Rends toi sur ce site :

    http://www.virustotal.com/

    Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
    c:\WINDOWS\system32\ntoskrnl.exe

    Clique sur Send File ( = " Envoyer le fichier " ).

    Un rapport va s'élaborer ligne à ligne.

    Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note .

    Copie le dans ta prochaine réponse ...

    ( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Ré-analyse le fichier maintenant" )

    petit tuto > http://www.commentcamarche.net/faq/sujet-8633-legitimit...


    ===========================


    3- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...




    24 Mars 2010 11:40:26

    Bonjour, voici le rapport OTM :All processes killed
    ========== SERVICES/DRIVERS ==========
    Error: No service named dspzgyun was found to stop!
    Service\Driver key dspzgyun not found.
    Service oixscnjc stopped successfully!
    Service oixscnjc deleted successfully!
    ========== REGISTRY ==========
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DSPZGYUN\ scheduled to be deleted on reboot.
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_DSPZGYUN\ scheduled to be deleted on reboot.
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSPZGYUN\ scheduled to be deleted on reboot.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OIXSCNJC\ not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_BEEP\xx_oixscnjc_xx\ not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OIXSCNJC\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OIXSCNJC\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: KIWANIS ARRAS
    ->Temp folder emptied: 2698 bytes
    ->Temporary Internet Files folder emptied: 704312 bytes
    ->FireFox cache emptied: 32434062 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 7045 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 671878 bytes
    ->Flash cache emptied: 1508 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1338954 bytes
    %systemroot%\System32 .tmp files removed: 10504920 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 193024 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 10081323 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 53,00 mb


    OTM by OldTimer - Version 3.1.10.1 log created on 03242010_113540

    Files moved on Reboot...

    Registry entries deleted on Reboot...
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DSPZGYUN\ scheduled to be deleted on reboot.
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_DSPZGYUN\ scheduled to be deleted on reboot.
    Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DSPZGYUN\ scheduled to be deleted on reboot.
    24 Mars 2010 11:49:30

    voila le rapport virus total :
    a-squared 4.5.0.50 2010.03.24 -
    AhnLab-V3 5.0.0.2 2010.03.24 -
    AntiVir 8.2.1.196 2010.03.24 -
    Antiy-AVL 2.0.3.7 2010.03.24 -
    Authentium 5.2.0.5 2010.03.24 -
    Avast 4.8.1351.0 2010.03.23 -
    Avast5 5.0.332.0 2010.03.23 -
    AVG 9.0.0.787 2010.03.23 -
    BitDefender 7.2 2010.03.24 -
    CAT-QuickHeal 10.00 2010.03.24 -
    ClamAV 0.96.0.0-git 2010.03.24 -
    Comodo 4366 2010.03.24 -
    DrWeb 5.0.1.12222 2010.03.24 -
    eSafe 7.0.17.0 2010.03.23 -
    eTrust-Vet 35.2.7385 2010.03.23 -
    F-Prot 4.5.1.85 2010.03.23 -
    F-Secure 9.0.15370.0 2010.03.24 -
    Fortinet 4.0.14.0 2010.03.24 -
    GData 19 2010.03.24 -
    Ikarus T3.1.1.80.0 2010.03.24 -
    Jiangmin 13.0.900 2010.03.24 -
    K7AntiVirus 7.10.1004 2010.03.22 -
    Kaspersky 7.0.0.125 2010.03.24 -
    McAfee 5929 2010.03.23 -
    McAfee+Artemis 5929 2010.03.23 -
    McAfee-GW-Edition 6.8.5 2010.03.24 -
    Microsoft 1.5605 2010.03.24 -
    NOD32 4969 2010.03.23 -
    Norman 6.04.10 2010.03.23 -
    nProtect 2009.1.8.0 2010.03.24 -
    Panda 10.0.2.2 2010.03.23 -
    PCTools 7.0.3.5 2010.03.24 -
    Prevx 3.0 2010.03.24 -
    Rising 22.40.02.03 2010.03.24 -
    Sophos 4.51.0 2010.03.24 -
    Sunbelt 6031 2010.03.22 -
    Symantec 20091.2.0.41 2010.03.24 -
    TheHacker 6.5.2.0.242 2010.03.24 -
    TrendMicro 9.120.0.1004 2010.03.24 -
    VBA32 3.12.12.2 2010.03.23 -
    ViRobot 2010.3.24.2241 2010.03.24 -
    VirusBuster 5.0.27.0 2010.03.23 -
    Information additionnelle
    File size: 2191232 bytes
    MD5...: 904558eaa6adfd08a93410e2f6a68c53
    SHA1..: cdd69d1d1ca060e2fe73841e63736f3481f70601
    SHA256: b2c11b0138fcca5ce7bba94893828bc2c1dbe9d262952fae42282e8d2df8e0f0
    ssdeep: 49152:limqe1Mink0sjoModo/9GVlMetENtAxz:lye1MiZy/elMfmx
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1d7bac
    timedatestamp.....: 0x4b1ea8ac (Tue Dec 08 19:27:40 2009)
    machinetype.......: 0x14c (I386)

    ( 21 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x580 0x72521 0x72580 6.62 68ccdd9947c2fe40471499d8c09350b5
    POOLMI 0x72b00 0x12b3 0x1300 6.28 971f10b8936dffc64970c9d7855a3e12
    MISYSPTE 0x73e00 0x700 0x700 6.26 23d3bb46ddc742f01f4bc0a3baaf1a3b
    POOLCODE 0x74500 0x15a0 0x1600 6.40 67c9cf5065e4a228cd0ddf671363d99c
    .data 0x75b00 0x16da0 0x16e00 0.46 208ebb6a665a149f4ed30c874a290137
    PAGE 0x8c900 0xfa0e4 0xfa100 6.65 57e1c4ba38cee89bfbc16fa12f05bc41
    PAGELK 0x186a00 0xe3b9 0xe400 6.71 bbaaae9686c1d981f60743a9a42791f1
    PAGEVRFY 0x194e00 0xf1cd 0xf200 6.67 e8806f66a180f1c9a165f375588e6273
    PAGEWMI 0x1a4000 0x17e0 0x1800 6.48 4275fe4e3418729159d1dd923c28fc8c
    PAGEKD 0x1a5800 0x4052 0x4080 6.49 7a9d22cc7a84582cf8c7bfe32fd80926
    PAGESPEC 0x1a9880 0xc43 0xc80 6.31 ba7f91a7afaa7768f8fdd54d9080f9dc
    PAGEHDLS 0x1aa500 0x1dd8 0x1e00 6.27 4631f59b2db66946a137f6c648158a40
    .edata 0x1ac300 0xb5a2 0xb600 5.96 7388b2c5db024d2cc536a13cc40b80ec
    PAGEDATA 0x1b7900 0x1558 0x1580 2.72 d2de4ca0fd2beb0c4c76d34410a54857
    PAGEKD 0x1b8e80 0xc021 0xc080 0.00 985030816eb9f5d6e3ed6d4394e66fa4
    PAGECONS 0x1c4f00 0x18c 0x200 2.21 e7f2cfd3dd6abf36dc7de4e57c095f15
    PAGEVRFC 0x1c5100 0x3449 0x3480 5.24 5c36d4a120000ea88170d0f4b5c1c70e
    PAGEVRFD 0x1c8580 0x648 0x680 2.77 91c316ff5e5f7523bd72871f2e70aaa3
    INIT 0x1c8c00 0x2d938 0x2d980 6.50 675c7968ee9c3315d95c98e1299cb1b2
    .rsrc 0x1f6580 0x10f78 0x10f80 5.29 b90f706a0289ec73c5a5ce9614ea4c03
    .reloc 0x207500 0xfa54 0xfa80 6.78 36caa0f6224a67799dfa2c099c38d23d

    ( 3 imports )
    > BOOTVID.dll: VidInitialize, VidDisplayString, VidSetTextColor, VidSolidColorFill, VidBitBlt, VidBufferToScreenBlt, VidScreenToBufferBlt, VidResetDisplay, VidCleanUp, VidSetScrollRegion
    > HAL.dll: HalReportResourceUsage, HalAllProcessorsStarted, HalQueryRealTimeClock, HalAllocateAdapterChannel, KeStallExecutionProcessor, HalTranslateBusAddress, KfReleaseSpinLock, KfAcquireSpinLock, HalGetBusDataByOffset, HalSetBusDataByOffset, KeQueryPerformanceCounter, HalReturnToFirmware, READ_PORT_UCHAR, READ_PORT_USHORT, READ_PORT_ULONG, WRITE_PORT_UCHAR, WRITE_PORT_USHORT, WRITE_PORT_ULONG, HalInitializeProcessor, HalCalibratePerformanceCounter, HalSetRealTimeClock, HalHandleNMI, HalBeginSystemInterrupt, HalEndSystemInterrupt, KeRaiseIrqlToSynchLevel, KeAcquireInStackQueuedSpinLockRaiseToSynch, HalInitSystem, HalDisableSystemInterrupt, HalEnableSystemInterrupt, KeRaiseIrql, KeLowerIrql, HalClearSoftwareInterrupt, KeReleaseSpinLock, KeAcquireSpinLock, ExTryToAcquireFastMutex, KeAcquireSpinLockRaiseToSynch, KeFlushWriteBuffer, HalProcessorIdle, HalReadDmaCounter, IoMapTransfer, IoFreeMapRegisters, IoFreeAdapterChannel, IoFlushAdapterBuffers, HalFreeCommonBuffer, HalAllocateCommonBuffer, HalAllocateCrashDumpRegisters, HalGetAdapter, HalSetTimeIncrement, HalGetEnvironmentVariable, HalSetEnvironmentVariable, KfRaiseIrql, HalGetInterruptVector, KeGetCurrentIrql, HalRequestSoftwareInterrupt, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeRaiseIrqlToDpcLevel, HalSystemVectorDispatchEntry, KfLowerIrql, HalStartProfileInterrupt, HalSetProfileInterval, HalStopProfileInterrupt
    > KDCOM.dll: KdD0Transition, KdD3Transition, KdRestore, KdReceivePacket, KdDebuggerInitialize0, KdSave, KdDebuggerInitialize1, KdSendPacket

    ( 1487 exports )
    CcCanIWrite, CcCopyRead, CcCopyWrite, CcDeferWrite, CcFastCopyRead, CcFastCopyWrite, CcFastMdlReadWait, CcFastReadNotPossible, CcFastReadWait, CcFlushCache, CcGetDirtyPages, CcGetFileObjectFromBcb, CcGetFileObjectFromSectionPtrs, CcGetFlushedValidData, CcGetLsnForFileObject, CcInitializeCacheMap, CcIsThereDirtyData, CcMapData, CcMdlRead, CcMdlReadComplete, CcMdlWriteAbort, CcMdlWriteComplete, CcPinMappedData, CcPinRead, CcPrepareMdlWrite, CcPreparePinWrite, CcPurgeCacheSection, CcRemapBcb, CcRepinBcb, CcScheduleReadAhead, CcSetAdditionalCacheAttributes, CcSetBcbOwnerPointer, CcSetDirtyPageThreshold, CcSetDirtyPinnedData, CcSetFileSizes, CcSetLogHandleForFile, CcSetReadAheadGranularity, CcUninitializeCacheMap, CcUnpinData, CcUnpinDataForThread, CcUnpinRepinnedBcb, CcWaitForCurrentLazyWriterActivity, CcZeroData, CmRegisterCallback, CmUnRegisterCallback, DbgBreakPoint, DbgBreakPointWithStatus, DbgLoadImageSymbols, DbgPrint, DbgPrintEx, DbgPrintReturnControlC, DbgPrompt, DbgQueryDebugFilterState, DbgSetDebugFilterState, ExAcquireFastMutexUnsafe, ExAcquireResourceExclusiveLite, ExAcquireResourceSharedLite, ExAcquireRundownProtection, ExAcquireRundownProtectionEx, ExAcquireSharedStarveExclusive, ExAcquireSharedWaitForExclusive, ExAllocateFromPagedLookasideList, ExAllocatePool, ExAllocatePoolWithQuota, ExAllocatePoolWithQuotaTag, ExAllocatePoolWithTag, ExAllocatePoolWithTagPriority, ExConvertExclusiveToSharedLite, ExCreateCallback, ExDeleteNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteResourceLite, ExDesktopObjectType, ExDisableResourceBoostLite, ExEnumHandleTable, ExEventObjectType, ExExtendZone, ExFreePool, ExFreePoolWithTag, ExFreeToPagedLookasideList, ExGetCurrentProcessorCounts, ExGetCurrentProcessorCpuUsage, ExGetExclusiveWaiterCount, ExGetPreviousMode, ExGetSharedWaiterCount, ExInitializeNPagedLookasideList, ExInitializePagedLookasideList, ExInitializeResourceLite, ExInitializeRundownProtection, ExInitializeZone, ExInterlockedAddLargeInteger, ExInterlockedAddLargeStatistic, ExInterlockedAddUlong, ExInterlockedCompareExchange64, ExInterlockedDecrementLong, ExInterlockedExchangeUlong, ExInterlockedExtendZone, ExInterlockedFlushSList, ExInterlockedIncrementLong, ExInterlockedInsertHeadList, ExInterlockedInsertTailList, ExInterlockedPopEntryList, ExInterlockedPopEntrySList, ExInterlockedPushEntryList, ExInterlockedPushEntrySList, ExInterlockedRemoveHeadList, ExIsProcessorFeaturePresent, ExIsResourceAcquiredExclusiveLite, ExIsResourceAcquiredSharedLite, ExLocalTimeToSystemTime, ExNotifyCallback, ExQueryPoolBlockSize, ExQueueWorkItem, ExRaiseAccessViolation, ExRaiseDatatypeMisalignment, ExRaiseException, ExRaiseHardError, ExRaiseStatus, ExReInitializeRundownProtection, ExRegisterCallback, ExReinitializeResourceLite, ExReleaseFastMutexUnsafe, ExReleaseResourceForThreadLite, ExReleaseResourceLite, ExReleaseRundownProtection, ExReleaseRundownProtectionEx, ExRundownCompleted, ExSemaphoreObjectType, ExSetResourceOwnerPointer, ExSetTimerResolution, ExSystemExceptionFilter, ExSystemTimeToLocalTime, ExUnregisterCallback, ExUuidCreate, ExVerifySuite, ExWaitForRundownProtectionRelease, ExWindowStationObjectType, ExfAcquirePushLockExclusive, ExfAcquirePushLockShared, ExfInterlockedAddUlong, ExfInterlockedCompareExchange64, ExfInterlockedInsertHeadList, ExfInterlockedInsertTailList, ExfInterlockedPopEntryList, ExfInterlockedPushEntryList, ExfInterlockedRemoveHeadList, ExfReleasePushLock, Exfi386InterlockedDecrementLong, Exfi386InterlockedExchangeUlong, Exfi386InterlockedIncrementLong, Exi386InterlockedDecrementLong, Exi386InterlockedExchangeUlong, Exi386InterlockedIncrementLong, FsRtlAcquireFileExclusive, FsRtlAddLargeMcbEntry, FsRtlAddMcbEntry, FsRtlAddToTunnelCache, FsRtlAllocateFileLock, FsRtlAllocatePool, FsRtlAllocatePoolWithQuota, FsRtlAllocatePoolWithQuotaTag, FsRtlAllocatePoolWithTag, FsRtlAllocateResource, FsRtlAreNamesEqual, FsRtlBalanceReads, FsRtlCheckLockForReadAccess, FsRtlCheckLockForWriteAccess, FsRtlCheckOplock, FsRtlCopyRead, FsRtlCopyWrite, FsRtlCreateSectionForDataScan, FsRtlCurrentBatchOplock, FsRtlDeleteKeyFromTunnelCache, FsRtlDeleteTunnelCache, FsRtlDeregisterUncProvider, FsRtlDissectDbcs, FsRtlDissectName, FsRtlDoesDbcsContainWildCards, FsRtlDoesNameContainWildCards, FsRtlFastCheckLockForRead, FsRtlFastCheckLockForWrite, FsRtlFastUnlockAll, FsRtlFastUnlockAllByKey, FsRtlFastUnlockSingle, FsRtlFindInTunnelCache, FsRtlFreeFileLock, FsRtlGetFileSize, FsRtlGetNextFileLock, FsRtlGetNextLargeMcbEntry, FsRtlGetNextMcbEntry, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadNotPossible, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadWait, FsRtlInitializeFileLock, FsRtlInitializeLargeMcb, FsRtlInitializeMcb, FsRtlInitializeOplock, FsRtlInitializeTunnelCache, FsRtlInsertPerFileObjectContext, FsRtlInsertPerStreamContext, FsRtlIsDbcsInExpression, FsRtlIsFatDbcsLegal, FsRtlIsHpfsDbcsLegal, FsRtlIsNameInExpression, FsRtlIsNtstatusExpected, FsRtlIsPagingFile, FsRtlIsTotalDeviceFailure, FsRtlLegalAnsiCharacterArray, FsRtlLookupLargeMcbEntry, FsRtlLookupLastLargeMcbEntry, FsRtlLookupLastLargeMcbEntryAndIndex, FsRtlLookupLastMcbEntry, FsRtlLookupMcbEntry, FsRtlLookupPerFileObjectContext, FsRtlLookupPerStreamContextInternal, FsRtlMdlRead, FsRtlMdlReadComplete, FsRtlMdlReadCompleteDev, FsRtlMdlReadDev, FsRtlMdlWriteComplete, FsRtlMdlWriteCompleteDev, FsRtlNormalizeNtstatus, FsRtlNotifyChangeDirectory, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, FsRtlNotifyFilterReportChange, FsRtlNotifyFullChangeDirectory, FsRtlNotifyFullReportChange, FsRtlNotifyInitializeSync, FsRtlNotifyReportChange, FsRtlNotifyUninitializeSync, FsRtlNotifyVolumeEvent, FsRtlNumberOfRunsInLargeMcb, FsRtlNumberOfRunsInMcb, FsRtlOplockFsctrl, FsRtlOplockIsFastIoPossible, FsRtlPostPagingFileStackOverflow, FsRtlPostStackOverflow, FsRtlPrepareMdlWrite, FsRtlPrepareMdlWriteDev, FsRtlPrivateLock, FsRtlProcessFileLock, FsRtlRegisterFileSystemFilterCallbacks, FsRtlRegisterUncProvider, FsRtlReleaseFile, FsRtlRemoveLargeMcbEntry, FsRtlRemoveMcbEntry, FsRtlRemovePerFileObjectContext, FsRtlRemovePerStreamContext, FsRtlResetLargeMcb, FsRtlSplitLargeMcb, FsRtlSyncVolumes, FsRtlTeardownPerStreamContexts, FsRtlTruncateLargeMcb, FsRtlTruncateMcb, FsRtlUninitializeFileLock, FsRtlUninitializeLargeMcb, FsRtlUninitializeMcb, FsRtlUninitializeOplock, HalDispatchTable, HalExamineMBR, HalPrivateDispatchTable, HeadlessDispatch, InbvAcquireDisplayOwnership, InbvCheckDisplayOwnership, InbvDisplayString, InbvEnableBootDriver, InbvEnableDisplayString, InbvInstallDisplayStringFilter, InbvIsBootDriverInstalled, InbvNotifyDisplayOwnershipLost, InbvResetDisplay, InbvSetScrollRegion, InbvSetTextColor, InbvSolidColorFill, InitSafeBootMode, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedIncrement, InterlockedPopEntrySList, InterlockedPushEntrySList, IoAcquireCancelSpinLock, IoAcquireRemoveLockEx, IoAcquireVpbSpinLock, IoAdapterObjectType, IoAllocateAdapterChannel, IoAllocateController, IoAllocateDriverObjectExtension, IoAllocateErrorLogEntry, IoAllocateIrp, IoAllocateMdl, IoAllocateWorkItem, IoAssignDriveLetters, IoAssignResources, IoAttachDevice, IoAttachDeviceByPointer, IoAttachDeviceToDeviceStack, IoAttachDeviceToDeviceStackSafe, IoBuildAsynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoBuildPartialMdl, IoBuildSynchronousFsdRequest, IoCallDriver, IoCancelFileOpen, IoCancelIrp, IoCheckDesiredAccess, IoCheckEaBufferValidity, IoCheckFunctionAccess, IoCheckQuerySetFileInformation, IoCheckQuerySetVolumeInformation, IoCheckQuotaBufferValidity, IoCheckShareAccess, IoCompleteRequest, IoConnectInterrupt, IoCreateController, IoCreateDevice, IoCreateDisk, IoCreateDriver, IoCreateFile, IoCreateFileSpecifyDeviceObjectHint, IoCreateNotificationEvent, IoCreateStreamFileObject, IoCreateStreamFileObjectEx, IoCreateStreamFileObjectLite, IoCreateSymbolicLink, IoCreateSynchronizationEvent, IoCreateUnprotectedSymbolicLink, IoCsqInitialize, IoCsqInsertIrp, IoCsqRemoveIrp, IoCsqRemoveNextIrp, IoDeleteController, IoDeleteDevice, IoDeleteDriver, IoDeleteSymbolicLink, IoDetachDevice, IoDeviceHandlerObjectSize, IoDeviceHandlerObjectType, IoDeviceObjectType, IoDisconnectInterrupt, IoDriverObjectType, IoEnqueueIrp, IoEnumerateDeviceObjectList, IoEnumerateRegisteredFiltersList, IoFastQueryNetworkAttributes, IoFileObjectType, IoForwardAndCatchIrp, IoForwardIrpSynchronously, IoFreeController, IoFreeErrorLogEntry, IoFreeIrp, IoFreeMdl, IoFreeWorkItem, IoGetAttachedDevice, IoGetAttachedDeviceReference, IoGetBaseFileSystemDeviceObject, IoGetBootDiskInformation, IoGetConfigurationInformation, IoGetCurrentProcess, IoGetDeviceAttachmentBaseRef, IoGetDeviceInterfaceAlias, IoGetDeviceInterfaces, IoGetDeviceObjectPointer, IoGetDeviceProperty, IoGetDeviceToVerify, IoGetDiskDeviceObject, IoGetDmaAdapter, IoGetDriverObjectExtension, IoGetFileObjectGenericMapping, IoGetInitialStack, IoGetLowerDeviceObject, IoGetRelatedDeviceObject, IoGetRequestorProcess, IoGetRequestorProcessId, IoGetRequestorSessionId, IoGetStackLimits, IoGetTopLevelIrp, IoInitializeCrashDump, IoInitializeIrp, IoInitializeRemoveLockEx, IoInitializeTimer, IoInvalidateDeviceRelations, IoInvalidateDeviceState, IoIsFileOriginRemote, IoIsOperationSynchronous, IoIsSystemThread, IoIsValidNameGraftingBuffer, IoIsWdmVersionAvailable, IoMakeAssociatedIrp, IoOpenDeviceInterfaceRegistryKey, IoOpenDeviceRegistryKey, IoPageRead, IoPnPDeliverServicePowerNotification, IoQueryDeviceDescription, IoQueryFileDosDeviceName, IoQueryFileInformation, IoQueryVolumeInformation, IoQueueThreadIrp, IoQueueWorkItem, IoRaiseHardError, IoRaiseInformationalHardError, IoReadDiskSignature, IoReadOperationCount, IoReadPartitionTable, IoReadPartitionTableEx, IoReadTransferCount, IoRegisterBootDriverReinitialization, IoRegisterDeviceInterface, IoRegisterDriverReinitialization, IoRegisterFileSystem, IoRegisterFsRegistrationChange, IoRegisterLastChanceShutdownNotification, IoRegisterPlugPlayNotification, IoRegisterShutdownNotification, IoReleaseCancelSpinLock, IoReleaseRemoveLockAndWaitEx, IoReleaseRemoveLockEx, IoReleaseVpbSpinLock, IoRemoveShareAccess, IoReportDetectedDevice, IoReportHalResourceUsage, IoReportResourceForDetection, IoReportResourceUsage, IoReportTargetDeviceChange, IoReportTargetDeviceChangeAsynchronous, IoRequestDeviceEject, IoReuseIrp, IoSetCompletionRoutineEx, IoSetDeviceInterfaceState, IoSetDeviceToVerify, IoSetFileOrigin, IoSetHardErrorOrVerifyDevice, IoSetInformation, IoSetIoCompletion, IoSetPartitionInformation, IoSetPartitionInformationEx, IoSetShareAccess, IoSetStartIoAttributes, IoSetSystemPartition, IoSetThreadHardErrorMode, IoSetTopLevelIrp, IoStartNextPacket, IoStartNextPacketByKey, IoStartPacket, IoStartTimer, IoStatisticsLock, IoStopTimer, IoSynchronousInvalidateDeviceRelations, IoSynchronousPageWrite, IoThreadToProcess, IoUnregisterFileSystem, IoUnregisterFsRegistrationChange, IoUnregisterPlugPlayNotification, IoUnregisterShutdownNotification, IoUpdateShareAccess, IoValidateDeviceIoControlAccess, IoVerifyPartitionTable, IoVerifyVolume, IoVolumeDeviceToDosName, IoWMIAllocateInstanceIds, IoWMIDeviceObjectToInstanceName, IoWMIExecuteMethod, IoWMIHandleToInstanceName, IoWMIOpenBlock, IoWMIQueryAllData, IoWMIQueryAllDataMultiple, IoWMIQuerySingleInstance, IoWMIQuerySingleInstanceMultiple, IoWMIRegistrationControl, IoWMISetNotificationCallback, IoWMISetSingleInstance, IoWMISetSingleItem, IoWMISuggestInstanceName, IoWMIWriteEvent, IoWriteErrorLogEntry, IoWriteOperationCount, IoWritePartitionTable, IoWritePartitionTableEx, IoWriteTransferCount, IofCallDriver, IofCompleteRequest, KdDebuggerEnabled, KdDebuggerNotPresent, KdDisableDebugger, KdEnableDebugger, KdEnteredDebugger, KdPollBreakIn, KdPowerTransition, Ke386CallBios, Ke386IoSetAccessProcess, Ke386QueryIoAccessMap, Ke386SetIoAccessMap, KeAcquireInStackQueuedSpinLockAtDpcLevel, KeAcquireInterruptSpinLock, KeAcquireSpinLockAtDpcLevel, KeAddSystemServiceTable, KeAreApcsDisabled, KeAttachProcess, KeBugCheck, KeBugCheckEx, KeCancelTimer, KeCapturePersistentThreadState, KeClearEvent, KeConnectInterrupt, KeDcacheFlushCount, KeDelayExecutionThread, KeDeregisterBugCheckCallback, KeDeregisterBugCheckReasonCallback, KeDetachProcess, KeDisconnectInterrupt, KeEnterCriticalRegion, KeEnterKernelDebugger, KeFindConfigurationEntry, KeFindConfigurationNextEntry, KeFlushEntireTb, KeFlushQueuedDpcs, KeGetCurrentThread, KeGetPreviousMode, KeGetRecommendedSharedDataAlignment, KeI386AbiosCall, KeI386AllocateGdtSelectors, KeI386Call16BitCStyleFunction, KeI386Call16BitFunction, KeI386FlatToGdtSelector, KeI386GetLid, KeI386MachineType, KeI386ReleaseGdtSelectors, KeI386ReleaseLid, KeI386SetGdtSelector, KeIcacheFlushCount, KeInitializeApc, KeInitializeDeviceQueue, KeInitializeDpc, KeInitializeEvent, KeInitializeInterrupt, KeInitializeMutant, KeInitializeMutex, KeInitializeQueue, KeInitializeSemaphore, KeInitializeSpinLock, KeInitializeTimer, KeInitializeTimerEx, KeInsertByKeyDeviceQueue, KeInsertDeviceQueue, KeInsertHeadQueue, KeInsertQueue, KeInsertQueueApc, KeInsertQueueDpc, KeIsAttachedProcess, KeIsExecutingDpc, KeLeaveCriticalRegion, KeLoaderBlock, KeNumberProcessors, KeProfileInterrupt, KeProfileInterruptWithSource, KePulseEvent, KeQueryActiveProcessors, KeQueryInterruptTime, KeQueryPriorityThread, KeQueryRuntimeThread, KeQuerySystemTime, KeQueryTickCount, KeQueryTimeIncrement, KeRaiseUserException, KeReadStateEvent, KeReadStateMutant, KeReadStateMutex, KeReadStateQueue, KeReadStateSemaphore, KeReadStateTimer, KeRegisterBugCheckCallback, KeRegisterBugCheckReasonCallback, KeReleaseInStackQueuedSpinLockFromDpcLevel, KeReleaseInterruptSpinLock, KeReleaseMutant, KeReleaseMutex, KeReleaseSemaphore, KeReleaseSpinLockFromDpcLevel, KeRemoveByKeyDeviceQueue, KeRemoveByKeyDeviceQueueIfBusy, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, KeRemoveQueue, KeRemoveQueueDpc, KeRemoveSystemServiceTable, KeResetEvent, KeRestoreFloatingPointState, KeRevertToUserAffinityThread, KeRundownQueue, KeSaveFloatingPointState, KeSaveStateForHibernate, KeServiceDescriptorTable, KeSetAffinityThread, KeSetBasePriorityThread, KeSetDmaIoCoherency, KeSetEvent, KeSetEventBoostPriority, KeSetIdealProcessorThread, KeSetImportanceDpc, KeSetKernelStackSwapEnable, KeSetPriorityThread, KeSetProfileIrql, KeSetSystemAffinityThread, KeSetTargetProcessorDpc, KeSetTimeIncrement, KeSetTimeUpdateNotifyRoutine, KeSetTimer, KeSetTimerEx, KeStackAttachProcess, KeSynchronizeExecution, KeTerminateThread, KeTickCount, KeUnstackDetachProcess, KeUpdateRunTime, KeUpdateSystemTime, KeUserModeCallback, KeWaitForMultipleObjects, KeWaitForMutexObject, KeWaitForSingleObject, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, Kei386EoiHelper, KiAcquireSpinLock, KiBugCheckData, KiCoprocessorError, KiDeliverApc, KiDispatchInterrupt, KiEnableTimerWatchdog, KiIpiServiceRoutine, KiReleaseSpinLock, KiUnexpectedInterrupt, Kii386SpinOnSpinLock, LdrAccessResource, LdrEnumResources, LdrFindResourceDirectory_U, LdrFindResource_U, LpcPortObjectType, LpcRequestPort, LpcRequestWaitReplyPort, LsaCallAuthenticationPackage, LsaDeregisterLogonProcess, LsaFreeReturnBuffer, LsaLogonUser, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, Mm64BitPhysicalAddress, MmAddPhysicalMemory, MmAddVerifierThunks, MmAdjustWorkingSetSize, MmAdvanceMdl, MmAllocateContiguousMemory, MmAllocateContiguousMemorySpecifyCache, MmAllocateMappingAddress, MmAllocateNonCachedMemory, MmAllocatePagesForMdl, MmBuildMdlForNonPagedPool, MmCanFileBeTruncated, MmCommitSessionMappedView, MmCreateMdl, MmCreateSection, MmDisableModifiedWriteOfSection, MmFlushImageSection, MmForceSectionClosed, MmFreeContiguousMemory, MmFreeContiguousMemorySpecifyCache, MmFreeMappingAddress, MmFreeNonCachedMemory, MmFreePagesFromMdl, MmGetPhysicalAddress, MmGetPhysicalMemoryRanges, MmGetSystemRoutineAddress, MmGetVirtualForPhysical, MmGrowKernelStack, MmHighestUserAddress, MmIsAddressValid, MmIsDriverVerifying, MmIsNonPagedSystemAddressValid, MmIsRecursiveIoFault, MmIsThisAnNtAsSystem, MmIsVerifierEnabled, MmLockPagableDataSection, MmLockPagableImageSection, MmLockPagableSectionByHandle, MmMapIoSpace, MmMapLockedPages, MmMapLockedPagesSpecifyCache, MmMapLockedPagesWithReservedMapping, MmMapMemoryDumpMdl, MmMapUserAddressesToPage, MmMapVideoDisplay, MmMapViewInSessionSpace, MmMapViewInSystemSpace, MmMapViewOfSection, MmMarkPhysicalMemoryAsBad, MmMarkPhysicalMemoryAsGood, MmPageEntireDriver, MmPrefetchPages, MmProbeAndLockPages, MmProbeAndLockProcessPages, MmProbeAndLockSelectedPages, MmProtectMdlSystemAddress, MmQuerySystemSize, MmRemovePhysicalMemory, MmResetDriverPaging, MmSectionObjectType, MmSecureVirtualMemory, MmSetAddressRangeModified, MmSetBankedSection, MmSizeOfMdl, MmSystemRangeStart, MmTrimAllSystemPagableMemory, MmUnlockPagableImageSection, MmUnlockPages, MmUnmapIoSpace, MmUnmapLockedPages, MmUnmapReservedMapping, MmUnmapVideoDisplay, MmUnmapViewInSessionSpace, MmUnmapViewInSystemSpace, MmUnmapViewOfSection, MmUnsecureVirtualMemory, MmUserProbeAddress, NlsAnsiCodePage, NlsLeadByteInfo, NlsMbCodePageTag, NlsMbOemCodePageTag, NlsOemCodePage, NlsOemLeadByteInfo, NtAddAtom, NtAdjustPrivilegesToken, NtAllocateLocallyUniqueId, NtAllocateUuids, NtAllocateVirtualMemory, NtBuildNumber, NtClose, NtConnectPort, NtCreateEvent, NtCreateFile, NtCreateSection, NtDeleteAtom, NtDeleteFile, NtDeviceIoControlFile, NtDuplicateObject, NtDuplicateToken, NtFindAtom, NtFreeVirtualMemory, NtFsControlFile, NtGlobalFlag, NtLockFile, NtMakePermanentObject, NtMapViewOfSection, NtNotifyChangeDirectoryFile, NtOpenFile, NtOpenProcess, NtOpenProcessToken, NtOpenProcessTokenEx, NtOpenThread, NtOpenThreadToken, NtOpenThreadTokenEx, NtQueryDirectoryFile, NtQueryEaFile, NtQueryInformationAtom, NtQueryInformationFile, NtQueryInformationProcess, NtQueryInformationThread, NtQueryInformationToken, NtQueryQuotaInformationFile, NtQuerySecurityObject, NtQuerySystemInformation, NtQueryVolumeInformationFile, NtReadFile, NtRequestPort, NtRequestWaitReplyPort, NtSetEaFile, NtSetEvent, NtSetInformationFile, NtSetInformationProcess, NtSetInformationThread, NtSetQuotaInformationFile, NtSetSecurityObject, NtSetVolumeInformationFile, NtShutdownSystem, NtTraceEvent, NtUnlockFile, NtVdmControl, NtWaitForSingleObject, NtWriteFile, ObAssignSecurity, ObCheckCreateObjectAccess, ObCheckObjectAccess, ObCloseHandle, ObCreateObject, ObCreateObjectType, ObDereferenceObject, ObDereferenceSecurityDescriptor, ObFindHandleForObject, ObGetObjectSecurity, ObInsertObject, ObIsDosDeviceLocallyMapped, ObLogSecurityDescriptor, ObMakeTemporaryObject, ObOpenObjectByName, ObOpenObjectByPointer, ObQueryNameString, ObQueryObjectAuditingByHandle, ObReferenceObjectByHandle, ObReferenceObjectByName, ObReferenceObjectByPointer, ObReferenceSecurityDescriptor, ObReleaseObjectSecurity, ObSetHandleAttributes, ObSetSecurityDescriptorInfo, ObSetSecurityObjectByPointer, ObfDereferenceObject, ObfReferenceObject, PfxFindPrefix, PfxInitialize, PfxInsertPrefix, PfxRemovePrefix, PoCallDriver, PoCancelDeviceNotify, PoQueueShutdownWorkItem, PoRegisterDeviceForIdleDetection, PoRegisterDeviceNotify, PoRegisterSystemState, PoRequestPowerIrp, PoRequestShutdownEvent, PoSetHiberRange, PoSetPowerState, PoSetSystemState, PoShutdownBugCheck, PoStartNextPowerIrp, PoUnregisterSystemState, ProbeForRead, ProbeForWrite, PsAssignImpersonationToken, PsChargePoolQuota, PsChargeProcessNonPagedPoolQuota, PsChargeProcessPagedPoolQuota, PsChargeProcessPoolQuota, PsCreateSystemProcess, PsCreateSystemThread, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, PsDisableImpersonation, PsEstablishWin32Callouts, PsGetContextThread, PsGetCurrentProcess, PsGetCurrentProcessId, PsGetCurrentProcessSessionId, PsGetCurrentThread, PsGetCurrentThreadId, PsGetCurrentThreadPreviousMode, PsGetCurrentThreadStackBase, PsGetCurrentThreadStackLimit, PsGetJobLock, PsGetJobSessionId, PsGetJobUIRestrictionsClass, PsGetProcessCreateTimeQuadPart, PsGetProcessDebugPort, PsGetProcessExitProcessCalled, PsGetProcessExitStatus, PsGetProcessExitTime, PsGetProcessId, PsGetProcessImageFileName, PsGetProcessInheritedFromUniqueProcessId, PsGetProcessJob, PsGetProcessPeb, PsGetProcessPriorityClass, PsGetProcessSectionBaseAddress, PsGetProcessSecurityPort, PsGetProcessSessionId, PsGetProcessWin32Process, PsGetProcessWin32WindowStation, PsGetThreadFreezeCount, PsGetThreadHardErrorsAreDisabled, PsGetThreadId, PsGetThreadProcess, PsGetThreadProcessId, PsGetThreadSessionId, PsGetThreadTeb, PsGetThreadWin32Thread, PsGetVersion, PsImpersonateClient, PsInitialSystemProcess, PsIsProcessBeingDebugged, PsIsSystemThread, PsIsThreadImpersonating, PsIsThreadTerminating, PsJobType, PsLookupProcessByProcessId, PsLookupProcessThreadByCid, PsLookupThreadByThreadId, PsProcessType, PsReferenceImpersonationToken, PsReferencePrimaryToken, PsRemoveCreateThreadNotifyRoutine, PsRemoveLoadImageNotifyRoutine, PsRestoreImpersonation, PsReturnPoolQuota, PsReturnProcessNonPagedPoolQuota, PsReturnProcessPagedPoolQuota, PsRevertThreadToSelf, PsRevertToSelf, PsSetContextThread, PsSetCreateProcessNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetJobUIRestrictionsClass, PsSetLegoNotifyRoutine, PsSetLoadImageNotifyRoutine, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsSetProcessSecurityPort, PsSetProcessWin32Process, PsSetProcessWindowStation, PsSetThreadHardErrorsAreDisabled, PsSetThreadWin32Thread, PsTerminateSystemThread, PsThreadType, READ_REGISTER_BUFFER_UCHAR, READ_REGISTER_BUFFER_ULONG, READ_REGISTER_BUFFER_USHORT, READ_REGISTER_UCHAR, READ_REGISTER_ULONG, READ_REGISTER_USHORT, RtlAbsoluteToSelfRelativeSD, RtlAddAccessAllowedAce, RtlAddAccessAllowedAceEx, RtlAddAce, RtlAddAtomToAtomTable, RtlAddRange, RtlAllocateHeap, RtlAnsiCharToUnicodeChar, RtlAnsiStringToUnicodeSize, RtlAnsiStringToUnicodeString, RtlAppendAsciizToString, RtlAppendStringToString, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, RtlAreAllAccessesGranted, RtlAreAnyAccessesGranted, RtlAreBitsClear, RtlAreBitsSet, RtlAssert, RtlCaptureContext, RtlCaptureStackBackTrace, RtlCharToInteger, RtlCheckRegistryKey, RtlClearAllBits, RtlClearBit, RtlClearBits, RtlCompareMemory, RtlCompareMemoryUlong, RtlCompareString, RtlCompareUnicodeString, RtlCompressBuffer, RtlCompressChunks, RtlConvertLongToLargeInteger, RtlConvertSidToUnicodeString, RtlConvertUlongToLargeInteger, RtlCopyLuid, RtlCopyRangeList, RtlCopySid, RtlCopyString, RtlCopyUnicodeString, RtlCreateAcl, RtlCreateAtomTable, RtlCreateHeap, RtlCreateRegistryKey, RtlCreateSecurityDescriptor, RtlCreateSystemVolumeInformationFolder, RtlCreateUnicodeString, RtlCustomCPToUnicodeN, RtlDecompressBuffer, RtlDecompressChunks, RtlDecompressFragment, RtlDelete, RtlDeleteAce, RtlDeleteAtomFromAtomTable, RtlDeleteElementGenericTable, RtlDeleteElementGenericTableAvl, RtlDeleteNoSplay, RtlDeleteOwnersRanges, RtlDeleteRange, RtlDeleteRegistryValue, RtlDescribeChunk, RtlDestroyAtomTable, RtlDestroyHeap, RtlDowncaseUnicodeString, RtlEmptyAtomTable, RtlEnlargedIntegerMultiply, RtlEnlargedUnsignedDivide, RtlEnlargedUnsignedMultiply, RtlEnumerateGenericTable, RtlEnumerateGenericTableAvl, RtlEnumerateGenericTableLikeADirectory, RtlEnumerateGenericTableWithoutSplaying, RtlEnumerateGenericTableWithoutSplayingAvl, RtlEqualLuid, RtlEqualSid, RtlEqualString, RtlEqualUnicodeString, RtlExtendedIntegerMultiply, RtlExtendedLargeIntegerDivide, RtlExtendedMagicDivide, RtlFillMemory, RtlFillMemoryUlong, RtlFindClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, RtlFindFirstRunClear, RtlFindLastBackwardRunClear, RtlFindLeastSignificantBit, RtlFindLongestRunClear, RtlFindMessage, RtlFindMostSignificantBit, RtlFindNextForwardRunClear, RtlFindRange, RtlFindSetBits, RtlFindSetBitsAndClear, RtlFindUnicodePrefix, RtlFormatCurrentUserKeyPath, RtlFreeAnsiString, RtlFreeHeap, RtlFreeOemString, RtlFreeRangeList, RtlFreeUnicodeString, RtlGUIDFromString, RtlGenerate8dot3Name, RtlGetAce, RtlGetCallersAddress, RtlGetCompressionWorkSpaceSize, RtlGetDaclSecurityDescriptor, RtlGetDefaultCodePage, RtlGetElementGenericTable, RtlGetElementGenericTableAvl, RtlGetFirstRange, RtlGetGroupSecurityDescriptor, RtlGetNextRange, RtlGetNtGlobalFlags, RtlGetOwnerSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlGetSetBootStatusData, RtlGetVersion, RtlHashUnicodeString, RtlImageDirectoryEntryToData, RtlImageNtHeader, RtlInitAnsiString, RtlInitCodePageTable, RtlInitString, RtlInitUnicodeString, RtlInitializeBitMap, RtlInitializeGenericTable, RtlInitializeGenericTableAvl, RtlInitializeRangeList, RtlInitializeSid, RtlInitializeUnicodePrefix, RtlInsertElementGenericTable, RtlInsertElementGenericTableAvl, RtlInsertElementGenericTableFull, RtlInsertElementGenericTableFullAvl, RtlInsertUnicodePrefix, RtlInt64ToUnicodeString, RtlIntegerToChar, RtlIntegerToUnicode, RtlIntegerToUnicodeString, RtlInvertRangeList, RtlIpv4AddressToStringA, RtlIpv4AddressToStringExA, RtlIpv4AddressToStringExW, RtlIpv4AddressToStringW, RtlIpv4StringToAddressA, RtlIpv4StringToAddressExA, RtlIpv4StringToAddressExW, RtlIpv4StringToAddressW, RtlIpv6AddressToStringA, RtlIpv6AddressToStringExA, RtlIpv6AddressToStringExW, RtlIpv6AddressToStringW, RtlIpv6StringToAddressA, RtlIpv6StringToAddressExA, RtlIpv6StringToAddressExW, RtlIpv6StringToAddressW, RtlIsGenericTableEmpty, RtlIsGenericTableEmptyAvl, RtlIsNameLegalDOS8Dot3, RtlIsRangeAvailable, RtlIsValidOemCharacter, RtlLargeIntegerAdd, RtlLargeIntegerArithmeticShift, RtlLargeIntegerDivide, RtlLargeIntegerNegate, RtlLargeIntegerShiftLeft, RtlLargeIntegerShiftRight, RtlLargeIntegerSubtract, RtlLengthRequiredSid, RtlLengthSecurityDescriptor, RtlLengthSid, RtlLockBootStatusData, RtlLookupAtomInAtomTable, RtlLookupElementGenericTable, RtlLookupElementGenericTableAvl, RtlLookupElementGenericTableFull, RtlLookupElementGenericTableFullAvl, RtlMapGenericMask, RtlMapSecurityErrorToNtStatus, RtlMergeRangeLists, RtlMoveMemory, RtlMultiByteToUnicodeN, RtlMultiByteToUnicodeSize, RtlNextUnicodePrefix, RtlNtStatusToDosError, RtlNtStatusToDosErrorNoTeb, RtlNumberGenericTableElements, RtlNumberGenericTableElementsAvl, RtlNumberOfClearBits, RtlNumberOfSetBits, RtlOemStringToCountedUnicodeString, RtlOemStringToUnicodeSize, RtlOemStringToUnicodeString, RtlOemToUnicodeN, RtlPinAtomInAtomTable, RtlPrefetchMemoryNonTemporal, RtlPrefixString, RtlPrefixUnicodeString, RtlQueryAtomInAtomTable, RtlQueryRegistryValues, RtlQueryTimeZoneInformation, RtlRaiseException, RtlRandom, RtlRandomEx, RtlRealPredecessor, RtlRealSuccessor, RtlRemoveUnicodePrefix, RtlReserveChunk, RtlSecondsSince1970ToTime, RtlSecondsSince1980ToTime, RtlSelfRelativeToAbsoluteSD, RtlSelfRelativeToAbsoluteSD2, RtlSetAllBits, RtlSetBit, RtlSetBits, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetTimeZoneInformation, RtlSizeHeap, RtlSplay, RtlStringFromGUID, RtlSubAuthorityCountSid, RtlSubAuthoritySid, RtlSubtreePredecessor, RtlSubtreeSuccessor, RtlTestBit, RtlTimeFieldsToTime, RtlTimeToElapsedTimeFields, RtlTimeToSecondsSince1970, RtlTimeToSecondsSince1980, RtlTimeToTimeFields, RtlTraceDatabaseAdd, RtlTraceDatabaseCreate, RtlTraceDatabaseDestroy, RtlTraceDatabaseEnumerate, RtlTraceDatabaseFind, RtlTraceDatabaseLock, RtlTraceDatabaseUnlock, RtlTraceDatabaseValidate, RtlUlongByteSwap, RtlUlonglongByteSwap, RtlUnicodeStringToAnsiSize, RtlUnicodeStringToAnsiString, RtlUnicodeStringToCountedOemString, RtlUnicodeStringToInteger, RtlUnicodeStringToOemSize, RtlUnicodeStringToOemString, RtlUnicodeToCustomCPN, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnicodeToOemN, RtlUnlockBootStatusData, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, RtlUpcaseUnicodeStringToAnsiString, RtlUpcaseUnicodeStringToCountedOemString, RtlUpcaseUnicodeStringToOemString, RtlUpcaseUnicodeToCustomCPN, RtlUpcaseUnicodeToMultiByteN, RtlUpcaseUnicodeToOemN, RtlUpperChar, RtlUpperString, RtlUshortByteSwap, RtlValidRelativeSecurityDescriptor, RtlValidSecurityDescriptor, RtlValidSid, RtlVerifyVersionInfo, RtlVolumeDeviceToDosName, RtlWalkFrameChain, RtlWriteRegistryValue, RtlZeroHeap, RtlZeroMemory, RtlxAnsiStringToUnicodeSize, RtlxOemStringToUnicodeSize, RtlxUnicodeStringToAnsiSize, RtlxUnicodeStringToOemSize, SeAccessCheck, SeAppendPrivileges, SeAssignSecurity, SeAssignSecurityEx, SeAuditHardLinkCreation, SeAuditingFileEvents, SeAuditingFileEventsWithContext, SeAuditingFileOrGlobalEvents, SeAuditingHardLinkEvents, SeAuditingHardLinkEventsWithContext, SeCaptureSecurityDescriptor, SeCaptureSubjectContext, SeCloseObjectAuditAlarm, SeCreateAccessState, SeCreateClientSecurity, SeCreateClientSecurityFromSubjectContext, SeDeassignSecurity, SeDeleteAccessState, SeDeleteObjectAuditAlarm, SeExports, SeFilterToken, SeFreePrivileges, SeImpersonateClient, SeImpersonateClientEx, SeLockSubjectContext, SeMarkLogonSessionForTerminationNotification, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SePrivilegeCheck, SePrivilegeObjectAuditAlarm, SePublicDefaultDacl, SeQueryAuthenticationIdToken, SeQueryInformationToken, SeQuerySecurityDescriptorInfo, SeQuerySessionIdToken, SeRegisterLogonSessionTerminatedRoutine, SeReleaseSecurityDescriptor, SeReleaseSubjectContext, SeSetAccessStateGenericMapping, SeSetSecurityDescriptorInfo, SeSetSecurityDescriptorInfoEx, SeSinglePrivilegeCheck, SeSystemDefaultDacl, SeTokenImpersonationLevel, SeTokenIsAdmin, SeTokenIsRestricted, SeTokenIsWriteRestricted, SeTokenObjectType, SeTokenType, SeUnlockSubjectContext, SeUnregisterLogonSessionTerminatedRoutine, SeValidSecurityDescriptor, VerSetConditionMask, VfFailDeviceNode, VfFailDriver, VfFailSystemBIOS, VfIsVerificationEnabled, WRITE_REGISTER_BUFFER_UCHAR, WRITE_REGISTER_BUFFER_ULONG, WRITE_REGISTER_BUFFER_USHORT, WRITE_REGISTER_UCHAR, WRITE_REGISTER_ULONG, WRITE_REGISTER_USHORT, WmiFlushTrace, WmiGetClock, WmiQueryTrace, WmiQueryTraceInformation, WmiStartTrace, WmiStopTrace, WmiTraceMessage, WmiTraceMessageVa, WmiUpdateTrace, XIPDispatch, ZwAccessCheckAndAuditAlarm, ZwAddBootEntry, ZwAdjustPrivilegesToken, ZwAlertThread, ZwAllocateVirtualMemory, ZwAssignProcessToJobObject, ZwCancelIoFile, ZwCancelTimer, ZwClearEvent, ZwClose, ZwCloseObjectAuditAlarm, ZwConnectPort, ZwCreateDirectoryObject, ZwCreateEvent, ZwCreateFile, ZwCreateJobObject, ZwCreateKey, ZwCreateSection, ZwCreateSymbolicLinkObject, ZwCreateTimer, ZwDeleteBootEntry, ZwDeleteFile, ZwDeleteKey, ZwDeleteValueKey, ZwDeviceIoControlFile, ZwDisplayString, ZwDuplicateObject, ZwDuplicateToken, ZwEnumerateBootEntries, ZwEnumerateKey, ZwEnumerateValueKey, ZwFlushInstructionCache, ZwFlushKey, ZwFlushVirtualMemory, ZwFreeVirtualMemory, ZwFsControlFile, ZwInitiatePowerAction, ZwIsProcessInJob, ZwLoadDriver, ZwLoadKey, ZwMakeTemporaryObject, ZwMapViewOfSection, ZwNotifyChangeKey, ZwOpenDirectoryObject, ZwOpenEvent, ZwOpenFile, ZwOpenJobObject, ZwOpenKey, ZwOpenProcess, ZwOpenProcessToken, ZwOpenProcessTokenEx, ZwOpenSection, ZwOpenSymbolicLinkObject, ZwOpenThread, ZwOpenThreadToken, ZwOpenThreadTokenEx, ZwOpenTimer, ZwPowerInformation, ZwPulseEvent, ZwQueryBootEntryOrder, ZwQueryBootOptions, ZwQueryDefaultLocale, ZwQueryDefaultUILanguage, ZwQueryDirectoryFile, ZwQueryDirectoryObject, ZwQueryEaFile, ZwQueryFullAttributesFile, ZwQueryInformationFile, ZwQueryInformationJobObject, ZwQueryInformationProcess, ZwQueryInformationThread, ZwQueryInformationToken, ZwQueryInstallUILanguage, ZwQueryKey, ZwQueryObject, ZwQuerySection, ZwQuerySecurityObject, ZwQuerySymbolicLinkObject, ZwQuerySystemInformation, ZwQueryValueKey, ZwQueryVolumeInformationFile, ZwReadFile, ZwReplaceKey, ZwRequestWaitReplyPort, ZwResetEvent, ZwRestoreKey, ZwSaveKey, ZwSaveKeyEx, ZwSetBootEntryOrder, ZwSetBootOptions, ZwSetDefaultLocale, ZwSetDefaultUILanguage, ZwSetEaFile, ZwSetEvent, ZwSetInformationFile, ZwSetInformationJobObject, ZwSetInformationObject, ZwSetInformationProcess, ZwSetInformationThread, ZwSetSecurityObject, ZwSetSystemInformation, ZwSetSystemTime, ZwSetTimer, ZwSetValueKey, ZwSetVolumeInformationFile, ZwTerminateJobObject, ZwTerminateProcess, ZwTranslateFilePath, ZwUnloadDriver, ZwUnloadKey, ZwUnmapViewOfSection, ZwWaitForMultipleObjects, ZwWaitForSingleObject, ZwWriteFile, ZwYieldExecution, _CIcos, _CIsin, _CIsqrt, _abnormal_termination, _alldiv, _alldvrm, _allmul, _alloca_probe, _allrem, _allshl, _allshr, _aulldiv, _aulldvrm, _aullrem, _aullshr, _except_handler2, _except_handler3, _global_unwind2, _itoa, _itow, _local_unwind2, _purecall, _snprintf, _snwprintf, _stricmp, _strlwr, _strnicmp, _strnset, _strrev, _strset, _strupr, _vsnprintf, _vsnwprintf, _wcsicmp, _wcslwr, _wcsnicmp, _wcsnset, _wcsrev, _wcsupr, atoi, atol, isdigit, islower, isprint, isspace, isupper, isxdigit, mbstowcs, mbtowc, memchr, memcpy, memmove, memset, qsort, rand, sprintf, srand, strcat, strchr, strcmp, strcpy, strlen, strncat, strncmp, strncpy, strrchr, strspn, strstr, swprintf, tolower, toupper, towlower, towupper, vDbgPrintEx, vDbgPrintExWithPrefix, vsprintf, wcscat, wcschr, wcscmp, wcscpy, wcscspn, wcslen, wcsncat, wcsncmp, wcsncpy, wcsrchr, wcsspn, wcsstr, wcstombs, wctomb
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: OS/2 Executable (generic) (52.8%)
    Win32 Executable Generic (32.0%)
    Generic Win/DOS Executable (7.5%)
    DOS Executable Generic (7.5%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
    product......: Syst_me d_exploitation Microsoft_ Windows_
    description..: Noyau et syst_me NT
    original name: ntoskrnl.exe
    internal name: ntoskrnl.exe
    file version.: 5.1.2600.5913 (xpsp_sp3_gdr.091208-2036)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    24 Mars 2010 12:00:02

    hello,




    dis moi , le PC a bien redémarré après OTM ?


    tu as autorisé OTM à s'executer au reboot du PC ?


    Sinon redémarre le PC de toi même et avant d'arriver au bureau , lorsque le PC te demandera d'autoriser le prb OTM à s'executer , tu acceptes .




    Refait après cela un nouveau ZHPDiag et poste moi le rapport obtenu ...
    24 Mars 2010 12:07:10

    Salut, oui le pc a bien redémarrer après OTM et j'ai autoriser OTM a reboot au redémarrage
    24 Mars 2010 12:12:54

    Ah bon ...


    reboot encore un fois pour voir stp , et si le PC te demande d'executer OTM , acceptes ...


    refait un scan ZHPdiag après ce reboot et poste le nouveau rapport obtenu stp ...

    24 Mars 2010 12:29:26

    Ok ca marche je fait ca de suite
    24 Mars 2010 12:38:18

    voila j'ai reboot le pc au démarrage le pc m'a bien demander d'exécuter ce que j'ai fait

    mais je suis revenu sur la page ou vous m'aviez demander de faire un copier/ coller

    la ou c'est marquer (paste instructions for items to be moved)
    24 Mars 2010 12:39:07

    je refait le scan OTM ou je vous envoie le rapport ZHPDaig directement ?
    24 Mars 2010 20:21:17

    re,


    refait un scan ZHPDiag directe pour voir ... poste le nouveau rapport obtenu ...

    25 Mars 2010 12:08:00

    Salut,



    plusieurs choses de bizard ...


    des driver de F-secure sont ré-apparus ... :heink: 




    Refait ceci stp :



    1- Créer un doc texte sur ton bureau :
  • Pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

  • Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :


    File::
    C:\WINDOWS\system32\drivers\dspzgyun.sys

    Folder::
    C:\Program Files\Orange\AntivirusFirewall

    Driver::
    dspzgyun
    aswFsBlk
    aswMon2
    aswRdr
    aswSP
    aswTdi
    avast! Antivirus
    avast! Mail Scanner
    Aavmker4
    F-Secure Filter
    F-Secure Gatekeeper
    FSGKHS
    F-Secure Gatekeeper Handler Starter
    F-Secure HIPS
    F-Secure Recognizer
    FSAUA
    FSDFWD
    FSFW
    FSMA




  • Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : CFScript puis valide ...



    2- Nettoyage :

    !! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

    --> Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

    Regarde ici :


    Cette manipulation va relancer Combofix !

    Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

    ! Ne touches à rien tant que le scan n'est pas terminé !

    Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    -> Une fois le scan achevé, un rapport va s'afficher : poste le pour analyse ...


    ( Attention : cette manipe a été faite spécialement pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )


    ===========================

    3- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...

    25 Mars 2010 14:14:40

    re , voici le rapport combofix : ComboFix 10-03-24.03 - KIWANIS ARRAS 25/03/2010 13:53:44.4.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.360 [GMT 1:00]
    Lancé depuis: c:\documents and settings\KIWANIS ARRAS\Mes documents\Téléchargements\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\KIWANIS ARRAS\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\windows\system32\drivers\dspzgyun.sys"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Orange\AntivirusFirewall
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\02@av.mf
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\02@av.ref
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\02@avpe.ref
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\02@bleng.mf
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\02@bleng.ref
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\02@libra.ref
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\02@orion.ref
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\av-custom-eng.rtf
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\av-high-eng.rtf
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\av-medium-eng.rtf
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\av-off-eng.rtf
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avdb_mf.ref
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avp.klb
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avp.set
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avp.vnd
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avp_ext.klb
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avp_ext.set
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avp_iont.dll
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avperf.dll
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avperf.h
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avperf.ini
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avpfpi0.dll
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avpproxy.dll
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\avsld_ENG.ini
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base001.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base001c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base002.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base002c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base003.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base003c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base004.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base004c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base005.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base005c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base006.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base006c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base007.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base007c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base008.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base008c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base009.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base009c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base010.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base010c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base011.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base011c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base012.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base012c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base013.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base013c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base014.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base014c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base015.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base015c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base016.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base016c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base017.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base017c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base018.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base018c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base019.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base019c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base020.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base020c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base021.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base021c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base022.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base022c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base023.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base023c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base024.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base024c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base025.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base025c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base026.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base026c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base027.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base027c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base028.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base028c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base029.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base029c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base030.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base030c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base031.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base031c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base032.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base032c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base033.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base033c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base034.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base034c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base035.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base035c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base036.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base036c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base037.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base037c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base038.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base038c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base039.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base039c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base040.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base040c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base041.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base041c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base042.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base042c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base043.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base043c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base044.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base044c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base045.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base045c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base046.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base046c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base047.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base047c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base048.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base048c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base049.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base049c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base050.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base050c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base051.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base051c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base052.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base052c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base053.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base053c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base054.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base054c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base055.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base055c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base056.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base056c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base057.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base057c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base058.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base058c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base059.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base059c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base060.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base060c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base061.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base061c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base062.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base062c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base063.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base063c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base064.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base064c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base065.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base065c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base066.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base066c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base067.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base067c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base068.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base068c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base069.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base069c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base070.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base070c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base071.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base071c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base072.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base072c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base073.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base073c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base074.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base074c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base075.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base075c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base076.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base076c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base077.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base077c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base078.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base078c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base079.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base079c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base080.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base080c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base081.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base081c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base082.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base082c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base083.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base083c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base084.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base084c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base085.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base085c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base086.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base086c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base087.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base087c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base088.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base088c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base089.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base089c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base090.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base090c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base091.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base091c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base092.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base092c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base093.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base093c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base094.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base094c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base095.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base095c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base096.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base096c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base097.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base097c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base098.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base098c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base099.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base099c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base100.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base100c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base101.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base101c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base102.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base102c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base103.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base103c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base104.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base104c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base105.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base105c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base106.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base106c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base107.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base107c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base108.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base108c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base109.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base109c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base110.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base110c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base111.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base111c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base112.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base112c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base113.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base113c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base114.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base114c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base115.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base115c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base116.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base116c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base117.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base117c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base118.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base118c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base119.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base119c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base120.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base120c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base121.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base121c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base122.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base122c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base123.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base123c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base124.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base124c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base125.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base125c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base126.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base126c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base127.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base127c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base128.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base128c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base129.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base129c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base130.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base130c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base131.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base131c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base132.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base132c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base133.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base133c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base134.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base134c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base135.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base135c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base136.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base136c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base137.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base137c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base138.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base138c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base139.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base139c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base140.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base140c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base141.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base141c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base142.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base142c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base143.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base143c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base144.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base144c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base145.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base145c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base146.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base146c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base147.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base147c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base148.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base148c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base149.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base149c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base150.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base150c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base151.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base151c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base152.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base152c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base153.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base153c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base154.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base154c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base155.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base155c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base156.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base156c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base157.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base157c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base158.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base158c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base159.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base159c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base160.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base160c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base161.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base161c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base162.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base162c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base163.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base163c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base164.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base164c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base165.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base165c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base166.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base166c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base167.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base167c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base168.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base168c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base169.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base169c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base170.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base170c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base171.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base171c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base172.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base172c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base173c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base174c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base175c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base176c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base177c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base178c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base179c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base180c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base181c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base182c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base183c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base184c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base185c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base186c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base187c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base188c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base189c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base190c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base191c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base192c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base193c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base194c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base195c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base196c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base197c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base198c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base199c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base200c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base201c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base202c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base203c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base204c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base205c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base206c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base207c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base208c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base209c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base210c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base211c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base212c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base213c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base214c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base215c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base216c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base217c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base218c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base219c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base220c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base221c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base222c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base223c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base224c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base225c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base226c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base227c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base228c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base229c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base230c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base231c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base232c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base233c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base234c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base235c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base236c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base237c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base238c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base239c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base240c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base241c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base242c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base243c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base244c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base245c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base246c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base247c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base248c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base249c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base250c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base251c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base252c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base253c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base254c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base255c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base256c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base257c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base258c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base259c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base260c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base261c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base262c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base263c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base264c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base265c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base266c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base267c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base268c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base269c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base270c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base271c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base272c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base273c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base274c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base275c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base276c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base277c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base278c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base279c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base280c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base281c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base282c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base283c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base284c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base285c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base286c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base287c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base288c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base289c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base290c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base291c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base292c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base293c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base294c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base295c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base296c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base297c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base298c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base299c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base300c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base301c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base302c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base303c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base304c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base305c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base306c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base307c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base308c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base309c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base310c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base311c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base312c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base313c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base314c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base315c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base316c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base317c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base318c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base319c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base320c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base321c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base322c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base323c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base324c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base325c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base326c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base327c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base328c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base329c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base330c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base331c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base332c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base333c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base334c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base335c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base336c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base337c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base338c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base339c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base340c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base341c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base342c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base343c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base344c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base345c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base346c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base347c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base348c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base349c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base350c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base351c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base352c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base353c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base354c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base355c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base356c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base357c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base358c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base359c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base360c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base361c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base362c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base363c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base364c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base365c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base366c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base367c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base368c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base369c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base370c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base371c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base372c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base373c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base374c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base375c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base376c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base377c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base378c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base379c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base380c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base381c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base382c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base383c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base384c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base385c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base386c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base387c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base388c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base389c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base390c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base391c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base392c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base393c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base394c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base395c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base396c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base397c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base398c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base399c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base400c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base401c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base402c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base403c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base404c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base405c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base406c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base407c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base408c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base409c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base410c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base411c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base412c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base413c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base414c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base415c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base416c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base417c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base418c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base419c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base420c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base421c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base422c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base423c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base424c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base425c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base426c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base427c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base428c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base429c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base430c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base431c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base432c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base433c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base434c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base435c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base436c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base437c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base438c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base439c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base440c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base441c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base442c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base443c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base444c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base445c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base446c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base447c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base448c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base449c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base450c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base451c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base452c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base453c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base454c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base455c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base456c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base457c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base458c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base459c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base460c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base461c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base462c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base463c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base464c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base465c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base466c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base467c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base468c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base469c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base470c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base471c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base472c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base473c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base474c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base475c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base476c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base477c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base478c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base479c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base480c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base481c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base482c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base483c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base484c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base485c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base486c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base487c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base488c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base489c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base490c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base491c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base492c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base493c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base494c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base495c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base496c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base497c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base498c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base499c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base500c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base501c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base502c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base503c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base504c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base505c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base506c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base507c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base508c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base509c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base510c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base511c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base512c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base513c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base514c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base515c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base516c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base517c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base518c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base519c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base520c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base521c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base522c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base523c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base524c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base525c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base526c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base527c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base528c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base529c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base530c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base531c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base532c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base533c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base534c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base535c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base536c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base537c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base538c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base539c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base540c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base541c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base542c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base543c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base544c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base545c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base546c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base547c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base548c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base549c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base550c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base551c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base552c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base553c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base554c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base555c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base556c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base557c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base558c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base559c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base560c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base561c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base562c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base563c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base564c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base565c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base566c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base567c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base568c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base569c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base570c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base571c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base572c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base573c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base574c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base575c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base576c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base577c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base578c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base579c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base580c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base581c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base582c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base583c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base584c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base585c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base586c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base587c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base588c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base589c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base590c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base591c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base592c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base593c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base594c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base595c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base596c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base597c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base598c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base599c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base600c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base601c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base602c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base603c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base604c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base605c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base606c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base607c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base608c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base609c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base610c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base611c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base612c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base613c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base614c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base615c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base616c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base617c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base618c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base619c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base620c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base621c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base622c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base623c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base624c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base625c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base626c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base627c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base628c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base629c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base630c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base631c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base632c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base633c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base634c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base635c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base636c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base637c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base638c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base639c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base640c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base641c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base642c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base643c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base644c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base645c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base646c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base647c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base648c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base649c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base650c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base651c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base652c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base653c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base654c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base655c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base656c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base657c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base658c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base659c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base660c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base661c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base662c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base663c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base664c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base665c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base666c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base667c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base668c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base669c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base670c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base671c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base672c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base673c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base674c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base675c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base676c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base677c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base678c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base679c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base680c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base681c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base682c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base683c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base684c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base685c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base686c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base687c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base688c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base689c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base690c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base691c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base692c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base693c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base694c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base695c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base696c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base697c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base698c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base699c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base700c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base701c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base702c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base703c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base704c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base705c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base706c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base707c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base708c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base709c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base710c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base711c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base712c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base713c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base714c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base715c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base716c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base717c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base718c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base719c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base720c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base721c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base722c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base723c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base724c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base725c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base726c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base727c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base728c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base729c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base730c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base731c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base732c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base733c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base734c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base735c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base736c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base737c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base738c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base739c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base740c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base741c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base742c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base743c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base744c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base745c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base746c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base747c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base748c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base749c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base750c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base751c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base752c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base753c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base754c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base755c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base756c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base757c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base758c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base759c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base760c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base761c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base762c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base763c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base764c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base765c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base766c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base767c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base768c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base769c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base770c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base771c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base772c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base773c.avc
    c:\program files\Orange\AntivirusFirewall\Anti-Virus\base774c.avc
    c:\program files\Orange\AntivirusFirewal
        • 1 / 3
        • 2
        • 3
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS