Comment enlever la pub CIDFermé

Question

Bonjour,

A chaque fois une fenêtre de publicité qui vient à chaque fois qui est CID

Voici le scan !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:41, on 09/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\Program Files\Tele2\Common\FCH32.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Tele2\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Tele2\FSAUA\program\fsaua.exe
C:\Program Files\Tele2\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {8F67E146-FB6C-418F-9FE5-37AA2206D92E} - C:\WINDOWS\system32\ljJBSklK.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {909041f4-f57c-4a9a-63c4-7ab5adffe8ca} - {ac8effda-5ba7-4c36-a9a4-c75f4f140909} - C:\WINDOWS\system32\hdjymr.dll
O2 - BHO: (no name) - {B5F6EB28-3B2C-47F0-B4EA-21FF267EF890} - C:\WINDOWS\system32\ddcAtsrq.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [delcourt] C:\delcourt\Pc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [e4e65373] rundll32.exe "C:\WINDOWS\system32\pozofohu.dll",b
O4 - HKLM\..\Run: [CPMe7d560ef] Rundll32.exe "c:\windows\system32\wayowemu.dll",a
O4 - HKLM\..\Run: [Flag Owns Live Grim] D:\Documents and Settings\All Users\Application Data\Software rule flag owns\lite curb.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [messengerskinner] D:\Documents and Settings\Mireille\Bureau\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [16Show] D:\DOCUME~1\Mireille\APPLIC~1\AXISOO~1\flag grey.exe
O4 - HKCU\..\Run: [qewmgai] "d:\documents and settings\mireille\local settings\application data\qewmgai.exe" qewmgai
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: hdjymr.dll c:\windows\system32\wayowemu.dll c:\windows\system32\jihizeda.dll c:\windows\system32\pihenedo.dll
O20 - Winlogon Notify: ljJBSklK - ljJBSklK.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wayowemu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wayowemu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Tele2\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

sof26110 · Answer

Il faut désinstaller MSN+

romain35 · Answer

Bonjour,

j'ai désinstallé msn+ mes j'ai toujours une fenêtre de publicité qui vient !

Cordialement,
romain

Utilisateur anonyme · Answer

Pour avancer ;)



Télécharger et enregistrer lopSD sur ton bureau 


Double-clic Lop S&D

Faire l'installation

Fermer toutes les applications

Le lancer par un double-clic sur le raccourci qui est sur le bureau 


Taper F pour français , puis presser entrée

Taper 1

Presser Entrée

Le PC va redémarrer 

* Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

Attendre l'apparition du rapport

Copier le rapport et le coller dans la réponse


* le rapport se trouve aussi à C:\lopR

jlpjlp · Answer

slt effectivement tu dois en avoir des pub car tu n'as pas que CID !!!!!



sur ton ordi un seul antivirus! F SECURE ou AVAST sinon l'ordi plante!

vire avast:
https://www.avast.com/fr-fr/uninstall-utility


puis pour virer une partie des pubs:

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Utilisateur anonyme · Answer

slt jlp ;)

romain du coup t'as le choix, les 2 procdures sont necessaires et avant que tu poses la question ,
c'est dans l'ordre que tu veux ;)

romain35 · Answer

Je suis en train de faire le rapport et des qui les près je mes en ligne !

jlpjlp · Answer

slt neophyte*** je te laisse finir!

effectivement il faut le rapport lop sd et navilog


il y a aussi du vundo 

pour ceci

O4 - HKLM\..\Run: [e4e65373] rundll32.exe "C:\WINDOWS\system32\pozofohu.dll",b
O4 - HKLM\..\Run: [CPMe7d560ef] Rundll32.exe "c:\windows\system32\wayowemu.dll",a 


je me demande si il faudra pas  un script 

si besoin je repasserai


a plus

romain35 · Answer

re, voici le rapport complet : --------------------\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ ) BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12 USER : Mireille ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1296 [VPS 090228-0] 4.8.1296 (Not Activated) C:\ (Local Disk) - NTFS - Total:29 Go (Free:14 Go) D:\ (Local Disk) - NTFS - Total:148 Go (Free:139 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 09/04/2009|12:27 ) --------------------\ Listing des dossiers dans APPLIC~1 [10/06/2008|18:23] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Adobe [01/11/2006|15:58] D:\DOCUME~1\ALEXAN~1\APPLIC~1\AdobeUM [06/08/2006|12:27] D:\DOCUME~1\ALEXAN~1\APPLIC~1\CyberLink [25/12/2007|15:47] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Google [05/04/2006|18:03] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Help [14/08/2008|13:02] D:\DOCUME~1\ALEXAN~1\APPLIC~1\HP [29/11/2005|19:04] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Identities [22/02/2006|22:28] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Image Zone Express [02/05/2006|16:33] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Leadertech [26/07/2006|11:51] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Macromedia [01/03/2009|14:43] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Microsoft [15/07/2008|21:39] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Mozilla [07/04/2009|19:06] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Nokia [19/02/2006|18:14] D:\DOCUME~1\ALEXAN~1\APPLIC~1\OD2 [22/02/2006|22:08] D:\DOCUME~1\ALEXAN~1\APPLIC~1\OFFICE One v6 [07/04/2009|19:06] D:\DOCUME~1\ALEXAN~1\APPLIC~1\PC Suite [02/04/2007|12:22] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Real [02/05/2006|16:33] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Sonic [22/12/2007|00:03] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Sun [19/04/2006|14:02] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Symantec [16/07/2007|16:26] D:\DOCUME~1\ALEXAN~1\APPLIC~1\VadeRetro [03/02/2008|20:40] D:\DOCUME~1\ALEXAN~1\APPLIC~1\WildTangent [29/11/2005|19:04] D:\DOCUME~1\ALEXAN~1\APPLIC~1\You've Got Pictures Screensaver [05/03/2008|15:29] D:\DOCUME~1\Alicia\APPLIC~1\Adobe [17/08/2006|17:45] D:\DOCUME~1\Alicia\APPLIC~1\AdobeUM [09/03/2007|20:36] D:\DOCUME~1\Alicia\APPLIC~1\CyberLink [26/01/2008|14:53] D:\DOCUME~1\Alicia\APPLIC~1\Google [27/02/2006|18:11] D:\DOCUME~1\Alicia\APPLIC~1\Help [03/02/2007|21:46] D:\DOCUME~1\Alicia\APPLIC~1\HP [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Identities [24/02/2006|21:15] D:\DOCUME~1\Alicia\APPLIC~1\Image Zone Express [24/02/2006|18:51] D:\DOCUME~1\Alicia\APPLIC~1\Leadertech [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Macromedia [26/04/2008|14:48] D:\DOCUME~1\Alicia\APPLIC~1\Magic Academy [19/12/2008|19:18] D:\DOCUME~1\Alicia\APPLIC~1\Microsoft [18/07/2008|17:01] D:\DOCUME~1\Alicia\APPLIC~1\Mozilla [16/02/2006|15:13] D:\DOCUME~1\Alicia\APPLIC~1\OD2 [22/02/2006|21:50] D:\DOCUME~1\Alicia\APPLIC~1\OFFICE One v6 [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Real [24/02/2006|18:51] D:\DOCUME~1\Alicia\APPLIC~1\Sonic [21/12/2007|22:59] D:\DOCUME~1\Alicia\APPLIC~1\Sun [20/04/2006|18:24] D:\DOCUME~1\Alicia\APPLIC~1\Symantec [18/03/2006|20:25] D:\DOCUME~1\Alicia\APPLIC~1\Ulead Systems [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\You've Got Pictures Screensaver [22/03/2009|17:17] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [20/01/2008|20:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Alawar Stargaze [29/01/2008|15:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AlawarGameBox [27/02/2008|18:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [08/08/2008|22:18] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games [27/04/2008|16:55] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache [25/02/2008|01:43] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [19/03/2008|10:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville [15/02/2008|23:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [30/07/2008|16:22] D:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames [17/01/2008|10:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Enkord [18/01/2008|10:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise [04/08/2008|21:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum [23/06/2008|11:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games [12/02/2008|17:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames [30/01/2008|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games [01/03/2008|15:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure [01/03/2008|15:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg [15/08/2008|22:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse [07/07/2008|22:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar [25/06/2008|22:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo [16/09/2008|10:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii [24/07/2008|21:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games [22/12/2007|19:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [01/08/2008|23:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare [11/02/2006|23:09] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HP [02/07/2008|16:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium [16/06/2008|15:02] D:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear [21/02/2009|13:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [08/04/2008|00:08] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo [12/06/2008|16:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo [18/06/2008|16:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games [14/11/2008|12:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople [24/01/2009|19:52] D:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve [22/03/2009|17:19] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia [23/06/2008|16:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2 [09/04/2009|11:02] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [05/08/2008|15:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [10/06/2008|21:48] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [22/05/2008|17:09] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [29/07/2008|22:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\ScreenSeven [02/09/2007|18:42] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [14/02/2009|19:12] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns [27/08/2008|12:10] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games [08/08/2008|23:33] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames [03/02/2008|02:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [17/08/2008|15:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [10/02/2008|01:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation [14/03/2008|10:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia [29/11/2005|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems [29/11/2005|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro [29/11/2005|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint [16/02/2008|00:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent [22/12/2007|19:51] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [02/01/2009|18:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [04/03/2008|10:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Real [28/11/2005|03:44] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver [17/03/2008|22:10] D:\DOCUME~1\DOMINI~1\APPLIC~1\Adobe [14/02/2009|19:12] D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoozesect [29/07/2008|21:49] D:\DOCUME~1\DOMINI~1\APPLIC~1\Big Fish Games [22/02/2006|19:06] D:\DOCUME~1\DOMINI~1\APPLIC~1\CyberLink [31/07/2008|17:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\eGames [02/03/2008|12:13] D:\DOCUME~1\DOMINI~1\APPLIC~1\F-Secure [28/02/2006|20:23] D:\DOCUME~1\DOMINI~1\APPLIC~1\Help [22/02/2006|19:33] D:\DOCUME~1\DOMINI~1\APPLIC~1\HP [19/12/2008|14:21] D:\DOCUME~1\DOMINI~1\APPLIC~1\Identities [22/02/2006|22:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\Image Zone Express [20/02/2006|01:14] D:\DOCUME~1\DOMINI~1\APPLIC~1\Leadertech [05/01/2008|23:30] D:\DOCUME~1\DOMINI~1\APPLIC~1\LimeWire [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\Macromedia [01/03/2009|21:40] D:\DOCUME~1\DOMINI~1\APPLIC~1\Microsoft [07/07/2008|14:33] D:\DOCUME~1\DOMINI~1\APPLIC~1\Mozilla [29/03/2009|10:24] D:\DOCUME~1\DOMINI~1\APPLIC~1\Nokia [12/02/2006|13:19] D:\DOCUME~1\DOMINI~1\APPLIC~1\OD2 [22/02/2006|20:45] D:\DOCUME~1\DOMINI~1\APPLIC~1\OFFICE One v6 [29/03/2009|10:24] D:\DOCUME~1\DOMINI~1\APPLIC~1\PC Suite [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\Real [31/07/2008|17:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\SecuROM [22/02/2006|19:10] D:\DOCUME~1\DOMINI~1\APPLIC~1\Sonic [22/02/2006|19:37] D:\DOCUME~1\DOMINI~1\APPLIC~1\Sun [12/02/2006|13:15] D:\DOCUME~1\DOMINI~1\APPLIC~1\Symantec [14/05/2006|17:19] D:\DOCUME~1\DOMINI~1\APPLIC~1\VadeRetro [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\You've Got Pictures Screensaver [19/12/2008|14:21] D:\DOCUME~1\DOMINI~1\APPLIC~1\Zylom [23/12/2007|21:20] D:\DOCUME~1\Floriane\APPLIC~1\Adobe [28/02/2006|17:28] D:\DOCUME~1\Floriane\APPLIC~1\AdobeUM [16/03/2006|22:06] D:\DOCUME~1\Floriane\APPLIC~1\CyberLink [28/02/2006|17:00] D:\DOCUME~1\Floriane\APPLIC~1\Help [22/05/2006|18:11] D:\DOCUME~1\Floriane\APPLIC~1\HP [29/11/2005|19:04] D:\DOCUME~1\Floriane\APPLIC~1\Identities [27/12/2006|18:56] D:\DOCUME~1\Floriane\APPLIC~1\Macromedia [26/02/2008|20:24] D:\DOCUME~1\Floriane\APPLIC~1\Microsoft [05/12/2008|23:30] D:\DOCUME~1\Floriane\APPLIC~1\Mozilla [12/02/2006|20:34] D:\DOCUME~1\Floriane\APPLIC~1\OD2 [05/05/2007|16:13] D:\DOCUME~1\Floriane\APPLIC~1\Real [16/02/2006|10:46] D:\DOCUME~1\Floriane\APPLIC~1\Sun [21/04/2006|16:21] D:\DOCUME~1\Floriane\APPLIC~1\Symantec [25/05/2006|22:37] D:\DOCUME~1\Floriane\APPLIC~1\Ulead Systems [16/03/2006|23:05] D:\DOCUME~1\Floriane\APPLIC~1\VadeRetro [29/11/2005|19:04] D:\DOCUME~1\Floriane\APPLIC~1\You've Got Pictures Screensaver [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Identities [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Real [28/11/2005|03:44] D:\DOCUME~1\INVIT~1\APPLIC~1\Symantec [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver [29/11/2005|19:04] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [11/02/2008|00:45] D:\DOCUME~1\Mireille\APPLIC~1\Abra Academy2 [22/03/2009|17:17] D:\DOCUME~1\Mireille\APPLIC~1\Adobe [27/02/2006|15:53] D:\DOCUME~1\Mireille\APPLIC~1\AdobeUM [03/06/2008|16:13] D:\DOCUME~1\Mireille\APPLIC~1\AlwaysNeat [19/08/2008|12:38] D:\DOCUME~1\Mireille\APPLIC~1\Ancient Quest of Saqqarah__reflexive [02/01/2009|17:39] D:\DOCUME~1\Mireille\APPLIC~1\axisoozesect [02/07/2008|16:24] D:\DOCUME~1\Mireille\APPLIC~1\Big Fish Games [02/11/2008|17:15] D:\DOCUME~1\Mireille\APPLIC~1\BloodTies [05/02/2008|17:17] D:\DOCUME~1\Mireille\APPLIC~1\Boomzap [25/11/2008|00:35] D:\DOCUME~1\Mireille\APPLIC~1\Canvas Multi-Media [07/02/2008|17:49] D:\DOCUME~1\Mireille\APPLIC~1\CaribbeanHideaway [26/07/2008|18:45] D:\DOCUME~1\Mireille\APPLIC~1\cerasus.media [21/04/2006|14:43] D:\DOCUME~1\Mireille\APPLIC~1\CyberLink [09/02/2008|23:44] D:\DOCUME~1\Mireille\APPLIC~1\DiVision Studios - Escaping Atlantis [08/05/2008|14:42] D:\DOCUME~1\Mireille\APPLIC~1\DivX [30/07/2008|16:21] D:\DOCUME~1\Mireille\APPLIC~1\eGames [23/06/2008|11:26] D:\DOCUME~1\Mireille\APPLIC~1\Flood Light Games [12/02/2008|17:32] D:\DOCUME~1\Mireille\APPLIC~1\FloodLightGames [01/03/2008|15:21] D:\DOCUME~1\Mireille\APPLIC~1\F-Secure [07/06/2008|12:21] D:\DOCUME~1\Mireille\APPLIC~1\funkitron [02/07/2008|15:06] D:\DOCUME~1\Mireille\APPLIC~1\Gaijin Ent [19/06/2008|14:33] D:\DOCUME~1\Mireille\APPLIC~1\gemsweeperextractedgfx [25/06/2008|22:28] D:\DOCUME~1\Mireille\APPLIC~1\Genimo [24/07/2008|21:25] D:\DOCUME~1\Mireille\APPLIC~1\Gogii Games [23/12/2007|22:27] D:\DOCUME~1\Mireille\APPLIC~1\Google [28/02/2006|14:48] D:\DOCUME~1\Mireille\APPLIC~1\Help [29/05/2006|13:37] D:\DOCUME~1\Mireille\APPLIC~1\HP [26/02/2009|11:21] D:\DOCUME~1\Mireille\APPLIC~1\Identities [11/06/2008|11:29] D:\DOCUME~1\Mireille\APPLIC~1\Image Zone Express [16/10/2008|21:31] D:\DOCUME~1\Mireille\APPLIC~1\iWin [15/02/2006|11:43] D:\DOCUME~1\Mireille\APPLIC~1\Leadertech [01/03/2008|00:05] D:\DOCUME~1\Mireille\APPLIC~1\LimeWire [07/05/2008|15:57] D:\DOCUME~1\Mireille\APPLIC~1\Macromedia [15/05/2008|23:37] D:\DOCUME~1\Mireille\APPLIC~1\Magic Academy [22/02/2009|13:51] D:\DOCUME~1\Mireille\APPLIC~1\Microsoft [06/07/2008|15:06] D:\DOCUME~1\Mireille\APPLIC~1\Mozilla [02/01/2009|18:40] D:\DOCUME~1\Mireille\APPLIC~1\MSNInstaller [03/06/2008|14:56] D:\DOCUME~1\Mireille\APPLIC~1\MythicPearls [22/03/2009|17:47] D:\DOCUME~1\Mireille\APPLIC~1\Nokia [25/02/2008|18:11] D:\DOCUME~1\Mireille\APPLIC~1\Notepad++ [12/02/2006|21:02] D:\DOCUME~1\Mireille\APPLIC~1\OD2 [22/01/2007|14:18] D:\DOCUME~1\Mireille\APPLIC~1\OFFICE One v6 [22/03/2009|17:16] D:\DOCUME~1\Mireille\APPLIC~1\PC Suite [28/06/2008|19:52] D:\DOCUME~1\Mireille\APPLIC~1\Pirateville [09/07/2008|21:48] D:\DOCUME~1\Mireille\APPLIC~1\PlayFirst [22/03/2008|23:44] D:\DOCUME~1\Mireille\APPLIC~1\Pogo Games [19/03/2009|16:00] D:\DOCUME~1\Mireille\APPLIC~1\PowerChallenge [15/03/2008|20:04] D:\DOCUME~1\Mireille\APPLIC~1\Printer Info Cache [01/10/2006|13:48] D:\DOCUME~1\Mireille\APPLIC~1\Real [16/11/2008|17:00] D:\DOCUME~1\Mireille\APPLIC~1\RealArcade [28/06/2008|12:09] D:\DOCUME~1\Mireille\APPLIC~1\SecuROM [12/01/2009|11:28] D:\DOCUME~1\Mireille\APPLIC~1\Skip-Bo [21/04/2006|14:36] D:\DOCUME~1\Mireille\APPLIC~1\Sonic [19/09/2008|14:20] D:\DOCUME~1\Mireille\APPLIC~1\SpinTop Games [22/09/2008|15:43] D:\DOCUME~1\Mireille\APPLIC~1\SprillBermudeEng [27/06/2008|10:55] D:\DOCUME~1\Mireille\APPLIC~1\SprillBermudeFr [19/12/2007|01:19] D:\DOCUME~1\Mireille\APPLIC~1\Sun [18/04/2006|09:26] D:\DOCUME~1\Mireille\APPLIC~1\Symantec [01/08/2008|16:36] D:\DOCUME~1\Mireille\APPLIC~1\TheScruffs [27/12/2006|18:05] D:\DOCUME~1\Mireille\APPLIC~1\Ulead Systems [01/02/2008|08:54] D:\DOCUME~1\Mireille\APPLIC~1\URSE Games [13/04/2006|13:52] D:\DOCUME~1\Mireille\APPLIC~1\VadeRetro [18/06/2008|14:17] D:\DOCUME~1\Mireille\APPLIC~1\Viewpoint [29/11/2005|19:04] D:\DOCUME~1\Mireille\APPLIC~1\You've Got Pictures Screensaver [26/02/2009|11:21] D:\DOCUME~1\Mireille\APPLIC~1\Zylom [19/12/2007|22:28] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [18/12/2007|13:17] D:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec --------------------\ Tâches planifiées dans C:\WINDOWS asks [09/04/2009 12:00][--ah-----] C:\WINDOWS asks\B10610FD916D81AD.job [09/04/2009 12:00][--ah-----] C:\WINDOWS asks\B70E5AB1918DC48D.job [09/04/2009 11:00][--ah-----] C:\WINDOWS asks\SA.DAT [05/08/2004 15:00][-rah-c---] C:\WINDOWS asks\desktop.ini ( B10610FD916D81AD.job )=( d:\docume~1\domini~1\applic~1\axisoo~1\AmokNounIdol.exe ) ( B70E5AB1918DC48D.job )=( d:\docume~1\mireille\applic~1\axisoo~1\AmokNounIdol.exe ) --------------------\ Listing des dossiers dans C:\Program Files [17/08/2008|15:28] C:\Program Files\10 Jours Sous Les Mers [24/07/2007|14:51] C:\Program Files\3DRTBrickBlaster [27/04/2008|15:41] C:\Program Files\absolutist.com [27/04/2008|15:44] C:\Program Files\Absolutist_Games [22/03/2009|17:17] C:\Program Files\Adobe [15/02/2008|23:56] C:\Program Files\Alawar [22/12/2007|19:00] C:\Program Files\Alwil Software [29/11/2005|18:56] C:\Program Files\AMD [16/05/2006|17:49] C:\Program Files\Another Day [01/05/2008|14:57] C:\Program Files\AOL Games [14/02/2009|19:12] C:\Program Files\axisoozesect [27/04/2008|16:54] C:\Program Files\bfgclient [29/01/2008|17:18] C:\Program Files\Boonty [29/03/2009|16:58] C:\Program Files\BoontyGames [29/11/2005|18:56] C:\Program Files\ComPlus Applications [25/05/2008|18:11] C:\Program Files\Cossacks [29/11/2005|18:56] C:\Program Files\CyberLink [22/03/2009|17:14] C:\Program Files\DIFX [14/03/2006|11:48] C:\Program Files\directx [03/01/2009|16:00] C:\Program Files\DivX [23/10/2007|20:08] C:\Program Files\DK [23/03/2008|01:44] C:\Program Files\DXBall2 [05/02/2009|21:57] C:\Program Files\EA SPORTS [15/02/2008|23:55] C:\Program Files\Escape From Paradise [22/03/2009|17:19] C:\Program Files\Fichiers communs [05/11/2006|15:47] C:\Program Files\Firaxis Games [08/08/2008|23:32] C:\Program Files\GamesBar [29/11/2005|18:56] C:\Program Files\GMixon [29/11/2005|18:56] C:\Program Files\Goto Software [11/02/2006|23:08] C:\Program Files\Hewlett-Packard [01/01/2008|16:11] C:\Program Files\HP [02/01/2009|20:52] C:\Program Files\InstallShield Installation Information [15/10/2008|23:28] C:\Program Files\Internet Explorer [22/02/2006|20:22] C:\Program Files\ISSENDIS [09/04/2009|11:09] C:\Program Files\Java [22/04/2006|14:08] C:\Program Files\Kristanix [28/11/2006|19:13] C:\Program Files\Lasermedia [29/11/2005|18:56] C:\Program Files\Learn2.com [01/03/2008|00:06] C:\Program Files\LimeWire [10/02/2009|19:12] C:\Program Files\Maxis [25/02/2008|01:30] C:\Program Files\Messenger [09/04/2009|11:51] C:\Program Files\Messenger Plus! Live [16/08/2008|19:57] C:\Program Files\MessengerSkinner [30/01/2009|23:49] C:\Program Files\Micro Application [02/01/2009|19:07] C:\Program Files\Microsoft [22/12/2007|21:47] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [29/11/2005|18:56] C:\Program Files\microsoft frontpage [21/02/2009|13:19] C:\Program Files\Microsoft Silverlight [21/02/2009|13:15] C:\Program Files\Microsoft SQL Server Compact Edition [21/02/2009|13:16] C:\Program Files\Microsoft Sync Framework [14/08/2008|20:00] C:\Program Files\Mindscape [08/08/2006|11:57] C:\Program Files\Montparnasse multimedia - GEO [29/11/2005|18:59] C:\Program Files\Movie Maker [09/04/2009|12:17] C:\Program Files\Mozilla Firefox [02/01/2009|18:40] C:\Program Files\MSN [29/11/2005|18:56] C:\Program Files\MSN Gaming Zone [09/04/2009|11:51] C:\Program Files\MSN Messenger [19/12/2007|22:25] C:\Program Files\MSXML 4.0 [18/08/2008|00:58] C:\Program Files\Navilog1 [29/11/2005|18:59] C:\Program Files\NetMeeting [22/03/2009|17:19] C:\Program Files\Nokia [29/11/2005|18:56] C:\Program Files\Norman [25/02/2008|18:11] C:\Program Files\Notepad++ [16/02/2008|00:08] C:\Program Files\OFFICE One6.5 [20/03/2008|11:24] C:\Program Files\orange [19/12/2007|22:29] C:\Program Files\Outlook Express [18/11/2008|22:09] C:\Program Files\Oxygene V14a [22/03/2009|17:14] C:\Program Files\PC Connectivity Solution [26/02/2008|11:28] C:\Program Files\PopUp Destroy [09/12/2007|13:34] C:\Program Files\QuickTime [16/02/2008|00:13] C:\Program Files\Readiris Pro 8 [22/04/2006|14:18] C:\Program Files\Real [17/01/2008|10:44] C:\Program Files\ReflexiveArcade [27/02/2006|16:32] C:\Program Files\Rockstar Games [12/06/2007|21:58] C:\Program Files\Services en ligne [29/11/2005|19:00] C:\Program Files\ShowTime [22/03/2009|17:18] C:\Program Files\SimpleCenter [29/11/2005|18:56] C:\Program Files\Sonic [03/02/2008|02:44] C:\Program Files\Symantec [04/03/2009|15:01] C:\Program Files\TELE2 [25/02/2008|01:44] C:\Program Files\T‚l‚chargeur de FlatOut2 [24/05/2006|12:50] C:\Program Files\TFC [16/02/2008|00:11] C:\Program Files\The Wonderful Wizard Of Oz [09/04/2009|11:46] C:\Program Files\Trend Micro [29/11/2005|18:56] C:\Program Files\Ulead Systems [29/11/2005|18:56] C:\Program Files\Uninstall Information [29/11/2005|18:56] C:\Program Files\Viewpoint [20/02/2007|11:49] C:\Program Files\Wanadoo Edition [21/02/2009|13:19] C:\Program Files\Windows Live [02/01/2009|19:06] C:\Program Files\Windows Live SkyDrive [29/11/2005|18:56] C:\Program Files\Windows Media Components [27/02/2008|18:23] C:\Program Files\Windows Media Connect 2 [22/12/2007|19:53] C:\Program Files\Windows Media Player [03/01/2009|18:01] C:\Program Files\Windows NT [29/11/2005|18:56] C:\Program Files\WindowsUpdate [29/11/2005|18:56] C:\Program Files\xerox [18/08/2008|00:28] C:\Program Files\Yahoo! [26/02/2009|11:19] C:\Program Files\Zylom Games --------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs [13/04/2008|14:20] C:\Program Files\Fichiers communs\Adobe [27/02/2008|18:28] C:\Program Files\Fichiers communs\AOL [25/02/2008|01:43] C:\Program Files\Fichiers communs\BOONTY Shared [22/02/2006|20:21] C:\Program Files\Fichiers communs\Borland Shared [11/02/2006|23:07] C:\Program Files\Fichiers communs\Hewlett-Packard [01/01/2008|16:11] C:\Program Files\Fichiers communs\HP [22/03/2009|17:18] C:\Program Files\Fichiers communs\i4j_jres [16/10/2007|17:29] C:\Program Files\Fichiers communs\InstallShield [29/11/2005|18:56] C:\Program Files\Fichiers communs\Java [21/02/2009|13:14] C:\Program Files\Fichiers communs\Microsoft Shared [29/11/2005|18:56] C:\Program Files\Fichiers communs\MSSoap [22/03/2009|17:19] C:\Program Files\Fichiers communs\Nokia [29/11/2005|18:56] C:\Program Files\Fichiers communs\Nullsoft [10/06/2008|22:50] C:\Program Files\Fichiers communs\Oberon Media [29/11/2005|18:56] C:\Program Files\Fichiers communs\ODBC [22/03/2009|17:15] C:\Program Files\Fichiers communs\PCSuite [29/11/2005|18:56] C:\Program Files\Fichiers communs\Real [29/11/2005|18:58] C:\Program Files\Fichiers communs\Services [29/11/2005|18:58] C:\Program Files\Fichiers communs\Sonic Shared [29/11/2005|18:56] C:\Program Files\Fichiers communs\SpeechEngines [29/11/2005|18:58] C:\Program Files\Fichiers communs\SureThing Shared [03/02/2008|02:46] C:\Program Files\Fichiers communs\Symantec Shared [19/12/2007|22:29] C:\Program Files\Fichiers communs\System [29/11/2005|18:56] C:\Program Files\Fichiers communs\Ulead Systems [02/01/2009|18:59] C:\Program Files\Fichiers communs\Windows Live [22/12/2007|19:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller [29/11/2005|18:56] C:\Program Files\Fichiers communs\xing shared --------------------\ Process ( 74 Processes ) IEXPLORE.EXE ~ [PID:2212] IEXPLORE.EXE ~ [PID:2240] --------------------\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\ Recherche de Fichiers / Dossiers Lop D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\lite curb.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\lite curb.exe D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Log Stop.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Log Stop.exe D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1 D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\Amok Noun Idol.exe D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\eobhqzwt.exe D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\flag grey.exe D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\lwnuldgo.exe D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\Phone Peak Start Love.exe D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1 lsppkcv.exe D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1 D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\Amok Noun Idol.exe D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\aqgcmbld.exe D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\cmesmxtj.exe D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\culdhbps.exe D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\flag grey.exe D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\oriwzibo.exe D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\Phone Peak Start Love.exe C:\Program Files\axisoo~1 D:\DOCUME~1\Mireille\LOCALS~1\Temp\msgpl_73d6.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp\msgpl_75fe.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sc1C.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sc479.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sdE.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sg51.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp si13.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp si42.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp si493.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sj17A.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sj23.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sj4C.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sk433.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sk49.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sl491.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sq11.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sq3B.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sq476.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sr17D.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sr38.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sr47C.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp ss47F.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp st1DA.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp st482.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp su49C.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sy10.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sy4C.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sz45.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp sz46.tmp D:\DOCUME~1\Mireille\LOCALS~1\Temp\sta4DE.exe D:\DOCUME~1\Mireille\LOCALS~1\Temp\sta547.exe D:\DOCUME~1\Mireille\LOCALS~1\Temp\sta56D.exe D:\DOCUME~1\Mireille\Cookies\mireille@advertstream[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@adultfriendfinder[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@advertising[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@adin.bigpoint[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@bigpoint[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr.seafight.bigpoint[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr.thepimps.bigpoint[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr.xblaster.bigpoint[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr1.darkorbit.bigpoint[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr1.seafight.bigpoint[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@casinoking-net[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@casinoking[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@banner.cotedazurpalace[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@cotedazurpalace[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@serve.cotedazurpalace[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@www.cotedazurpalace[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@adopt.euroclick[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@sr2.livemediasrv[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@sr2.livemediasrv[3].txt D:\DOCUME~1\Mireille\Cookies\mireille@pacificpoker[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@partygaming.122.2o7[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@partypoker[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr.seafight.bigpoint[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr1.seafight.bigpoint[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@fr1.seafight[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@seafight[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@32vegas[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@banner.32vegas[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@lasvegascasino-web[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@serve.32vegas[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@vegasred[1].txt D:\DOCUME~1\Mireille\Cookies\mireille@www.32vegas[2].txt D:\DOCUME~1\Mireille\Cookies\mireille@888[2].txt C:\WINDOWS\Tasks\B10610FD916D81AD.job C:\WINDOWS\Tasks\B70E5AB1918DC48D.job --------------------\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "16Show"="D:\DOCUME~1\Mireille\APPLIC~1\AXISOO~1\flag grey.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Flag Owns Live Grim"="D:\Documents and Settings\All Users\Application Data\Software rule flag owns\lite curb.exe" --------------------\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-09 12:36:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... folder error: D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1 --------------------\ Recherche d'autres infections C:\Program Files\MessengerSkinner C:\Program Files\MessengerSkinner\Conditions g‚n‚rales.url C:\Program Files\MessengerSkinner\Confidentialit‚.url C:\Program Files\MessengerSkinner\download C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll C:\Program Files\MessengerSkinner esources C:\Program Files\MessengerSkinner\updates C:\Program Files\MessengerSkinner\Website.url C:\WINDOWS\System32 vs2.inf D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe.dat D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe.exe D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe_nav.dat D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe_navps.dat [b]==> EGDACCESS <==/b C:\WINDOWS\system32\afirutir.ini C:\WINDOWS\system32\afirutir.ini2 C:\WINDOWS\system32\afirutir.tmp C:\WINDOWS\system32\ajewitab.ini C:\WINDOWS\system32\ajewitab.ini2 C:\WINDOWS\system32\ajewitab.tmp C:\WINDOWS\system32\gsbsuvdg.ini C:\WINDOWS\system32\gsbsuvdg.ini2 C:\WINDOWS\system32\gsbsuvdg.tmp C:\WINDOWS\system32\isusurad.ini C:\WINDOWS\system32\isusurad.ini2 C:\WINDOWS\system32\isusurad.tmp C:\WINDOWS\system32\isusurad.tmp2 C:\WINDOWS\system32\qrstAcdd.ini C:\WINDOWS\system32\qrstAcdd.ini2 C:\WINDOWS\system32\uhofozop.ini C:\WINDOWS\system32\uhofozop.ini2 C:\WINDOWS\system32\uhofozop.tmp C:\WINDOWS\system32\urugovuj.ini C:\WINDOWS\system32\urugovuj.ini2 C:\WINDOWS\system32\urugovuj.tmp C:\WINDOWS\system32\wwruqfqt.ini C:\WINDOWS\system32\wwruqfqt.ini2 C:\WINDOWS\system32\wwruqfqt.tmp C:\WINDOWS\system32 iturifa.dll C:\WINDOWS\system32\darususi.dll C:\WINDOWS\system32\pozofohu.dll C:\WINDOWS\system32\juvoguru.dll [b]==> VUNDO <==/b --------------------\ Cracks & Keygens .. D:\DOCUME~1\Mireille\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-5c7ad222-5e09288c.au D:\DOCUME~1\Mireille\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-5c7ad222-5e09288c.idx [F:12073][D:844]-> D:\DOCUME~1\Mireille\LOCALS~1\Temp [F:903][D:0]-> D:\DOCUME~1\Mireille\Cookies [F:1042][D:15]-> D:\DOCUME~1\Mireille\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 09/04/2009|12:40 - Option : [1] --------------------\ Fin du rapport a 12:40:22 Cordialement, romain

romain35 · Answer

Que puis-je faire après avoir mis le rapport en ligne !

Cordialement,
romain

Utilisateur anonyme · Answer

;)  jlp tu peux rester avec plaisir :)

Romain on va etre ensemble pour un sacre moment si tu veux remettre ton pc en etat, 
tu as encore d'autres infections sans parler de celles deja citees au dessus, Bounty...

bon c'est parti :

    *  Relance Lop S&D

    * Choisis cette fois-ci l'option 2 (Suppression)

    * Ne ferme pas la fenêtre lors de la suppression !

    * Poste le rapport généré (C:\lopR.txt)


* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

ENSUITE 

 il y a une infection MagicControl/navipromo, qui s'installe via des programmes dits "gratuits", dont ceux-ci : 
 Funky Emoticons 
 Games Attack 
 go-astro 
 GoRecord 
 HotTVPlayer / HotTVPlayer & Paris Hilton 
 Live-Player 
 MailSkinner 
 Messenger Skinner 
 Original-solitaire 
 Instant Access 
 InternetGameBox 
 Officiale Emule (Version d'Emule modifiée) 
 Sudoplanet 
 Webmediaplayer 


Pour la supprimer, merci de suivre exactement cette procédure : 


Télécharge maintenant Navilog1 (de IL-MAFIOSO) depuis-ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

 Enregistrer la cible (du lien) sous... et enregistre-le sur ton Bureau. 
 Ensuite double clique sur navilog1.exe pour lancer l'installation. 
 Une fois l'installation terminée, lance Navilog depuis le raccourci présent sur le Bureau 



 Au menu principal, Fais le choix 1 
 Laisse toi guider et patiente. 
 Patiente jusqu'au message : "Analyse Termine le..." 
 Appuie sur une touche, le bloc note va s'ouvrir. 
 Copie-colle l'intégralité du rapport ici.

ENSUITE 

A savoir Les cracks sont un vecteur de malwares et d'infections très important
En téléchargeant et en exécutant un crack, on expose l'ordinateur à une infection, surtout qu'en règle général, les antivirus ne détectent aucune infection, car les cracks sont packagés.
Parfois une simple visite d'un site de crack peut suffire à infecter l'ordinateur, en effet un grand nombre de sites de cracks contiennent des exploits, les personnes n'ayant pas leurs systèmes et logiciels à jour sont vulnérables

--------------------\ Cracks & Keygens ..

D:\DOCUME~1\Mireille\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-5c7ad222-5e09288c.au
D:\DOCUME~1\Mireille\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-5c7ad222-5e09288c.idx

romain35 · Answer

Voici le 2ème rapport --------------------\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ ) BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12 USER : Mireille ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1296 [VPS 090228-0] 4.8.1296 (Not Activated) C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go) D:\ (Local Disk) - NTFS - Total:148 Go (Free:139 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 09/04/2009|13:39 ) \\\\\\\\\\\\\\\ SUPPRESSION Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\lite curb.dat Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\lite curb.exe Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Log Stop.dat Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns\Log Stop.exe Supprime! - D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\Amok Noun Idol.exe Supprime! - D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\eobhqzwt.exe Supprime! - D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\flag grey.exe Supprime! - D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\lwnuldgo.exe Supprime! - D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1\Phone Peak Start Love.exe Supprime! - D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1 lsppkcv.exe Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\Amok Noun Idol.exe Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\aqgcmbld.exe Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\cmesmxtj.exe Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\culdhbps.exe Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\flag grey.exe Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\oriwzibo.exe Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1\Phone Peak Start Love.exe Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp\msgpl_73d6.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp\msgpl_75fe.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sc1C.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sc479.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sdE.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sg51.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp si13.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp si42.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp si493.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sj17A.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sj23.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sj4C.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sk433.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sk49.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sl491.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sq11.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sq3B.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sq476.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sr17D.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sr38.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sr47C.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp ss47F.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp st1DA.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp st482.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp su49C.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sy10.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sy4C.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sz45.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp sz46.tmp Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp\sta4DE.exe Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp\sta547.exe Supprime! - D:\DOCUME~1\Mireille\LOCALS~1\Temp\sta56D.exe Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@advertstream[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@adultfriendfinder[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@advertising[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@adin.bigpoint[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@bigpoint[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@fr.seafight.bigpoint[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@fr.thepimps.bigpoint[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@fr.xblaster.bigpoint[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@fr1.darkorbit.bigpoint[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@fr1.seafight.bigpoint[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@casinoking-net[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@casinoking[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@banner.cotedazurpalace[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@cotedazurpalace[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@serve.cotedazurpalace[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@www.cotedazurpalace[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@adopt.euroclick[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@sr2.livemediasrv[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@sr2.livemediasrv[3].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@pacificpoker[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@partygaming.122.2o7[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@partypoker[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@fr1.seafight[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@seafight[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@32vegas[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@banner.32vegas[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@lasvegascasino-web[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@serve.32vegas[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@vegasred[1].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@www.32vegas[2].txt Supprime! - D:\DOCUME~1\Mireille\Cookies\mireille@888[2].txt Supprime! - C:\WINDOWS\Tasks\B10610FD916D81AD.job Supprime! - C:\WINDOWS\Tasks\B70E5AB1918DC48D.job Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns Supprime! - D:\DOCUME~1\DOMINI~1\APPLIC~1\axisoo~1 Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\axisoo~1 Supprime! - C:\Program Files\axisoo~1 \\\\\\\\\\\\\\\ Supprime! - C:\Program Files\Viewpoint Supprime! - D:\DOCUME~1\Mireille\APPLIC~1\Viewpoint Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint \\\\\\\\\\\\\\\ --------------------\ Listing des dossiers dans APPLIC~1 [10/06/2008|18:23] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Adobe [01/11/2006|15:58] D:\DOCUME~1\ALEXAN~1\APPLIC~1\AdobeUM [06/08/2006|12:27] D:\DOCUME~1\ALEXAN~1\APPLIC~1\CyberLink [25/12/2007|15:47] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Google [05/04/2006|18:03] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Help [14/08/2008|13:02] D:\DOCUME~1\ALEXAN~1\APPLIC~1\HP [29/11/2005|19:04] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Identities [22/02/2006|22:28] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Image Zone Express [02/05/2006|16:33] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Leadertech [26/07/2006|11:51] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Macromedia [01/03/2009|14:43] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Microsoft [15/07/2008|21:39] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Mozilla [07/04/2009|19:06] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Nokia [19/02/2006|18:14] D:\DOCUME~1\ALEXAN~1\APPLIC~1\OD2 [22/02/2006|22:08] D:\DOCUME~1\ALEXAN~1\APPLIC~1\OFFICE One v6 [07/04/2009|19:06] D:\DOCUME~1\ALEXAN~1\APPLIC~1\PC Suite [02/04/2007|12:22] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Real [02/05/2006|16:33] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Sonic [22/12/2007|00:03] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Sun [19/04/2006|14:02] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Symantec [16/07/2007|16:26] D:\DOCUME~1\ALEXAN~1\APPLIC~1\VadeRetro [03/02/2008|20:40] D:\DOCUME~1\ALEXAN~1\APPLIC~1\WildTangent [29/11/2005|19:04] D:\DOCUME~1\ALEXAN~1\APPLIC~1\You've Got Pictures Screensaver [05/03/2008|15:29] D:\DOCUME~1\Alicia\APPLIC~1\Adobe [17/08/2006|17:45] D:\DOCUME~1\Alicia\APPLIC~1\AdobeUM [09/03/2007|20:36] D:\DOCUME~1\Alicia\APPLIC~1\CyberLink [26/01/2008|14:53] D:\DOCUME~1\Alicia\APPLIC~1\Google [27/02/2006|18:11] D:\DOCUME~1\Alicia\APPLIC~1\Help [03/02/2007|21:46] D:\DOCUME~1\Alicia\APPLIC~1\HP [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Identities [24/02/2006|21:15] D:\DOCUME~1\Alicia\APPLIC~1\Image Zone Express [24/02/2006|18:51] D:\DOCUME~1\Alicia\APPLIC~1\Leadertech [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Macromedia [26/04/2008|14:48] D:\DOCUME~1\Alicia\APPLIC~1\Magic Academy [19/12/2008|19:18] D:\DOCUME~1\Alicia\APPLIC~1\Microsoft [18/07/2008|17:01] D:\DOCUME~1\Alicia\APPLIC~1\Mozilla [16/02/2006|15:13] D:\DOCUME~1\Alicia\APPLIC~1\OD2 [22/02/2006|21:50] D:\DOCUME~1\Alicia\APPLIC~1\OFFICE One v6 [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Real [24/02/2006|18:51] D:\DOCUME~1\Alicia\APPLIC~1\Sonic [21/12/2007|22:59] D:\DOCUME~1\Alicia\APPLIC~1\Sun [20/04/2006|18:24] D:\DOCUME~1\Alicia\APPLIC~1\Symantec [18/03/2006|20:25] D:\DOCUME~1\Alicia\APPLIC~1\Ulead Systems [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\You've Got Pictures Screensaver [22/03/2009|17:17] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [20/01/2008|20:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Alawar Stargaze [29/01/2008|15:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AlawarGameBox [27/02/2008|18:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [08/08/2008|22:18] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games [27/04/2008|16:55] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache [25/02/2008|01:43] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [19/03/2008|10:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville [15/02/2008|23:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [30/07/2008|16:22] D:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames [17/01/2008|10:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Enkord [18/01/2008|10:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise [04/08/2008|21:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum [23/06/2008|11:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games [12/02/2008|17:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames [30/01/2008|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games [01/03/2008|15:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure [01/03/2008|15:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg [15/08/2008|22:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse [07/07/2008|22:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar [25/06/2008|22:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo [16/09/2008|10:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii [24/07/2008|21:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games [22/12/2007|19:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [01/08/2008|23:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare [11/02/2006|23:09] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HP [02/07/2008|16:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium [16/06/2008|15:02] D:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear [21/02/2009|13:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [08/04/2008|00:08] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo [12/06/2008|16:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo [18/06/2008|16:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games [14/11/2008|12:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople [24/01/2009|19:52] D:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve [22/03/2009|17:19] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia [23/06/2008|16:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2 [09/04/2009|11:02] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [05/08/2008|15:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [10/06/2008|21:48] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [22/05/2008|17:09] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [29/07/2008|22:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\ScreenSeven [02/09/2007|18:42] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [27/08/2008|12:10] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games [08/08/2008|23:33] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames [03/02/2008|02:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [17/08/2008|15:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [10/02/2008|01:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation [14/03/2008|10:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia [29/11/2005|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems [29/11/2005|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro [16/02/2008|00:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent [22/12/2007|19:51] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [02/01/2009|18:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [04/03/2008|10:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Real [28/11/2005|03:44] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver [17/03/2008|22:10] D:\DOCUME~1\DOMINI~1\APPLIC~1\Adobe [29/07/2008|21:49] D:\DOCUME~1\DOMINI~1\APPLIC~1\Big Fish Games [22/02/2006|19:06] D:\DOCUME~1\DOMINI~1\APPLIC~1\CyberLink [31/07/2008|17:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\eGames [02/03/2008|12:13] D:\DOCUME~1\DOMINI~1\APPLIC~1\F-Secure [28/02/2006|20:23] D:\DOCUME~1\DOMINI~1\APPLIC~1\Help [22/02/2006|19:33] D:\DOCUME~1\DOMINI~1\APPLIC~1\HP [19/12/2008|14:21] D:\DOCUME~1\DOMINI~1\APPLIC~1\Identities [22/02/2006|22:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\Image Zone Express [20/02/2006|01:14] D:\DOCUME~1\DOMINI~1\APPLIC~1\Leadertech [05/01/2008|23:30] D:\DOCUME~1\DOMINI~1\APPLIC~1\LimeWire [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\Macromedia [01/03/2009|21:40] D:\DOCUME~1\DOMINI~1\APPLIC~1\Microsoft [07/07/2008|14:33] D:\DOCUME~1\DOMINI~1\APPLIC~1\Mozilla [29/03/2009|10:24] D:\DOCUME~1\DOMINI~1\APPLIC~1\Nokia [12/02/2006|13:19] D:\DOCUME~1\DOMINI~1\APPLIC~1\OD2 [22/02/2006|20:45] D:\DOCUME~1\DOMINI~1\APPLIC~1\OFFICE One v6 [29/03/2009|10:24] D:\DOCUME~1\DOMINI~1\APPLIC~1\PC Suite [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\Real [31/07/2008|17:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\SecuROM [22/02/2006|19:10] D:\DOCUME~1\DOMINI~1\APPLIC~1\Sonic [22/02/2006|19:37] D:\DOCUME~1\DOMINI~1\APPLIC~1\Sun [12/02/2006|13:15] D:\DOCUME~1\DOMINI~1\APPLIC~1\Symantec [14/05/2006|17:19] D:\DOCUME~1\DOMINI~1\APPLIC~1\VadeRetro [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\You've Got Pictures Screensaver [19/12/2008|14:21] D:\DOCUME~1\DOMINI~1\APPLIC~1\Zylom [23/12/2007|21:20] D:\DOCUME~1\Floriane\APPLIC~1\Adobe [28/02/2006|17:28] D:\DOCUME~1\Floriane\APPLIC~1\AdobeUM [16/03/2006|22:06] D:\DOCUME~1\Floriane\APPLIC~1\CyberLink [28/02/2006|17:00] D:\DOCUME~1\Floriane\APPLIC~1\Help [22/05/2006|18:11] D:\DOCUME~1\Floriane\APPLIC~1\HP [29/11/2005|19:04] D:\DOCUME~1\Floriane\APPLIC~1\Identities [27/12/2006|18:56] D:\DOCUME~1\Floriane\APPLIC~1\Macromedia [26/02/2008|20:24] D:\DOCUME~1\Floriane\APPLIC~1\Microsoft [05/12/2008|23:30] D:\DOCUME~1\Floriane\APPLIC~1\Mozilla [12/02/2006|20:34] D:\DOCUME~1\Floriane\APPLIC~1\OD2 [05/05/2007|16:13] D:\DOCUME~1\Floriane\APPLIC~1\Real [16/02/2006|10:46] D:\DOCUME~1\Floriane\APPLIC~1\Sun [21/04/2006|16:21] D:\DOCUME~1\Floriane\APPLIC~1\Symantec [25/05/2006|22:37] D:\DOCUME~1\Floriane\APPLIC~1\Ulead Systems [16/03/2006|23:05] D:\DOCUME~1\Floriane\APPLIC~1\VadeRetro [29/11/2005|19:04] D:\DOCUME~1\Floriane\APPLIC~1\You've Got Pictures Screensaver [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Identities [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Real [28/11/2005|03:44] D:\DOCUME~1\INVIT~1\APPLIC~1\Symantec [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver [29/11/2005|19:04] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [11/02/2008|00:45] D:\DOCUME~1\Mireille\APPLIC~1\Abra Academy2 [22/03/2009|17:17] D:\DOCUME~1\Mireille\APPLIC~1\Adobe [27/02/2006|15:53] D:\DOCUME~1\Mireille\APPLIC~1\AdobeUM [03/06/2008|16:13] D:\DOCUME~1\Mireille\APPLIC~1\AlwaysNeat [19/08/2008|12:38] D:\DOCUME~1\Mireille\APPLIC~1\Ancient Quest of Saqqarah__reflexive [02/07/2008|16:24] D:\DOCUME~1\Mireille\APPLIC~1\Big Fish Games [02/11/2008|17:15] D:\DOCUME~1\Mireille\APPLIC~1\BloodTies [05/02/2008|17:17] D:\DOCUME~1\Mireille\APPLIC~1\Boomzap [25/11/2008|00:35] D:\DOCUME~1\Mireille\APPLIC~1\Canvas Multi-Media [07/02/2008|17:49] D:\DOCUME~1\Mireille\APPLIC~1\CaribbeanHideaway [26/07/2008|18:45] D:\DOCUME~1\Mireille\APPLIC~1\cerasus.media [21/04/2006|14:43] D:\DOCUME~1\Mireille\APPLIC~1\CyberLink [09/02/2008|23:44] D:\DOCUME~1\Mireille\APPLIC~1\DiVision Studios - Escaping Atlantis [08/05/2008|14:42] D:\DOCUME~1\Mireille\APPLIC~1\DivX [30/07/2008|16:21] D:\DOCUME~1\Mireille\APPLIC~1\eGames [23/06/2008|11:26] D:\DOCUME~1\Mireille\APPLIC~1\Flood Light Games [12/02/2008|17:32] D:\DOCUME~1\Mireille\APPLIC~1\FloodLightGames [01/03/2008|15:21] D:\DOCUME~1\Mireille\APPLIC~1\F-Secure [07/06/2008|12:21] D:\DOCUME~1\Mireille\APPLIC~1\funkitron [02/07/2008|15:06] D:\DOCUME~1\Mireille\APPLIC~1\Gaijin Ent [19/06/2008|14:33] D:\DOCUME~1\Mireille\APPLIC~1\gemsweeperextractedgfx [25/06/2008|22:28] D:\DOCUME~1\Mireille\APPLIC~1\Genimo [24/07/2008|21:25] D:\DOCUME~1\Mireille\APPLIC~1\Gogii Games [23/12/2007|22:27] D:\DOCUME~1\Mireille\APPLIC~1\Google [28/02/2006|14:48] D:\DOCUME~1\Mireille\APPLIC~1\Help [29/05/2006|13:37] D:\DOCUME~1\Mireille\APPLIC~1\HP [26/02/2009|11:21] D:\DOCUME~1\Mireille\APPLIC~1\Identities [11/06/2008|11:29] D:\DOCUME~1\Mireille\APPLIC~1\Image Zone Express [16/10/2008|21:31] D:\DOCUME~1\Mireille\APPLIC~1\iWin [15/02/2006|11:43] D:\DOCUME~1\Mireille\APPLIC~1\Leadertech [01/03/2008|00:05] D:\DOCUME~1\Mireille\APPLIC~1\LimeWire [07/05/2008|15:57] D:\DOCUME~1\Mireille\APPLIC~1\Macromedia [15/05/2008|23:37] D:\DOCUME~1\Mireille\APPLIC~1\Magic Academy [22/02/2009|13:51] D:\DOCUME~1\Mireille\APPLIC~1\Microsoft [09/04/2009|13:37] D:\DOCUME~1\Mireille\APPLIC~1\Mozilla [02/01/2009|18:40] D:\DOCUME~1\Mireille\APPLIC~1\MSNInstaller [03/06/2008|14:56] D:\DOCUME~1\Mireille\APPLIC~1\MythicPearls [22/03/2009|17:47] D:\DOCUME~1\Mireille\APPLIC~1\Nokia [25/02/2008|18:11] D:\DOCUME~1\Mireille\APPLIC~1\Notepad++ [12/02/2006|21:02] D:\DOCUME~1\Mireille\APPLIC~1\OD2 [22/01/2007|14:18] D:\DOCUME~1\Mireille\APPLIC~1\OFFICE One v6 [22/03/2009|17:16] D:\DOCUME~1\Mireille\APPLIC~1\PC Suite [28/06/2008|19:52] D:\DOCUME~1\Mireille\APPLIC~1\Pirateville [09/07/2008|21:48] D:\DOCUME~1\Mireille\APPLIC~1\PlayFirst [22/03/2008|23:44] D:\DOCUME~1\Mireille\APPLIC~1\Pogo Games [19/03/2009|16:00] D:\DOCUME~1\Mireille\APPLIC~1\PowerChallenge [15/03/2008|20:04] D:\DOCUME~1\Mireille\APPLIC~1\Printer Info Cache [01/10/2006|13:48] D:\DOCUME~1\Mireille\APPLIC~1\Real [16/11/2008|17:00] D:\DOCUME~1\Mireille\APPLIC~1\RealArcade [28/06/2008|12:09] D:\DOCUME~1\Mireille\APPLIC~1\SecuROM [12/01/2009|11:28] D:\DOCUME~1\Mireille\APPLIC~1\Skip-Bo [21/04/2006|14:36] D:\DOCUME~1\Mireille\APPLIC~1\Sonic [19/09/2008|14:20] D:\DOCUME~1\Mireille\APPLIC~1\SpinTop Games [22/09/2008|15:43] D:\DOCUME~1\Mireille\APPLIC~1\SprillBermudeEng [27/06/2008|10:55] D:\DOCUME~1\Mireille\APPLIC~1\SprillBermudeFr [19/12/2007|01:19] D:\DOCUME~1\Mireille\APPLIC~1\Sun [18/04/2006|09:26] D:\DOCUME~1\Mireille\APPLIC~1\Symantec [01/08/2008|16:36] D:\DOCUME~1\Mireille\APPLIC~1\TheScruffs [27/12/2006|18:05] D:\DOCUME~1\Mireille\APPLIC~1\Ulead Systems [01/02/2008|08:54] D:\DOCUME~1\Mireille\APPLIC~1\URSE Games [13/04/2006|13:52] D:\DOCUME~1\Mireille\APPLIC~1\VadeRetro [29/11/2005|19:04] D:\DOCUME~1\Mireille\APPLIC~1\You've Got Pictures Screensaver [26/02/2009|11:21] D:\DOCUME~1\Mireille\APPLIC~1\Zylom [19/12/2007|22:28] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [18/12/2007|13:17] D:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec --------------------\ Tâches planifiées dans C:\WINDOWS asks [09/04/2009 13:21][--ah-----] C:\WINDOWS asks\SA.DAT [05/08/2004 15:00][-rah-c---] C:\WINDOWS asks\desktop.ini --------------------\ Listing des dossiers dans C:\Program Files [17/08/2008|15:28] C:\Program Files\10 Jours Sous Les Mers [24/07/2007|14:51] C:\Program Files\3DRTBrickBlaster [27/04/2008|15:41] C:\Program Files\absolutist.com [27/04/2008|15:44] C:\Program Files\Absolutist_Games [22/03/2009|17:17] C:\Program Files\Adobe [15/02/2008|23:56] C:\Program Files\Alawar [22/12/2007|19:00] C:\Program Files\Alwil Software [29/11/2005|18:56] C:\Program Files\AMD [16/05/2006|17:49] C:\Program Files\Another Day [01/05/2008|14:57] C:\Program Files\AOL Games [27/04/2008|16:54] C:\Program Files\bfgclient [29/01/2008|17:18] C:\Program Files\Boonty [29/03/2009|16:58] C:\Program Files\BoontyGames [29/11/2005|18:56] C:\Program Files\ComPlus Applications [25/05/2008|18:11] C:\Program Files\Cossacks [29/11/2005|18:56] C:\Program Files\CyberLink [22/03/2009|17:14] C:\Program Files\DIFX [14/03/2006|11:48] C:\Program Files\directx [03/01/2009|16:00] C:\Program Files\DivX [23/10/2007|20:08] C:\Program Files\DK [23/03/2008|01:44] C:\Program Files\DXBall2 [05/02/2009|21:57] C:\Program Files\EA SPORTS [15/02/2008|23:55] C:\Program Files\Escape From Paradise [22/03/2009|17:19] C:\Program Files\Fichiers communs [05/11/2006|15:47] C:\Program Files\Firaxis Games [08/08/2008|23:32] C:\Program Files\GamesBar [29/11/2005|18:56] C:\Program Files\GMixon [29/11/2005|18:56] C:\Program Files\Goto Software [11/02/2006|23:08] C:\Program Files\Hewlett-Packard [01/01/2008|16:11] C:\Program Files\HP [02/01/2009|20:52] C:\Program Files\InstallShield Installation Information [15/10/2008|23:28] C:\Program Files\Internet Explorer [22/02/2006|20:22] C:\Program Files\ISSENDIS [09/04/2009|11:09] C:\Program Files\Java [22/04/2006|14:08] C:\Program Files\Kristanix [28/11/2006|19:13] C:\Program Files\Lasermedia [29/11/2005|18:56] C:\Program Files\Learn2.com [01/03/2008|00:06] C:\Program Files\LimeWire [10/02/2009|19:12] C:\Program Files\Maxis [25/02/2008|01:30] C:\Program Files\Messenger [16/08/2008|19:57] C:\Program Files\MessengerSkinner [30/01/2009|23:49] C:\Program Files\Micro Application [02/01/2009|19:07] C:\Program Files\Microsoft [22/12/2007|21:47] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [29/11/2005|18:56] C:\Program Files\microsoft frontpage [21/02/2009|13:19] C:\Program Files\Microsoft Silverlight [21/02/2009|13:15] C:\Program Files\Microsoft SQL Server Compact Edition [21/02/2009|13:16] C:\Program Files\Microsoft Sync Framework [14/08/2008|20:00] C:\Program Files\Mindscape [08/08/2006|11:57] C:\Program Files\Montparnasse multimedia - GEO [29/11/2005|18:59] C:\Program Files\Movie Maker [09/04/2009|13:37] C:\Program Files\Mozilla Firefox [02/01/2009|18:40] C:\Program Files\MSN [29/11/2005|18:56] C:\Program Files\MSN Gaming Zone [09/04/2009|11:51] C:\Program Files\MSN Messenger [19/12/2007|22:25] C:\Program Files\MSXML 4.0 [18/08/2008|00:58] C:\Program Files\Navilog1 [29/11/2005|18:59] C:\Program Files\NetMeeting [22/03/2009|17:19] C:\Program Files\Nokia [29/11/2005|18:56] C:\Program Files\Norman [25/02/2008|18:11] C:\Program Files\Notepad++ [16/02/2008|00:08] C:\Program Files\OFFICE One6.5 [20/03/2008|11:24] C:\Program Files\orange [19/12/2007|22:29] C:\Program Files\Outlook Express [18/11/2008|22:09] C:\Program Files\Oxygene V14a [22/03/2009|17:14] C:\Program Files\PC Connectivity Solution [26/02/2008|11:28] C:\Program Files\PopUp Destroy [09/12/2007|13:34] C:\Program Files\QuickTime [16/02/2008|00:13] C:\Program Files\Readiris Pro 8 [22/04/2006|14:18] C:\Program Files\Real [17/01/2008|10:44] C:\Program Files\ReflexiveArcade [27/02/2006|16:32] C:\Program Files\Rockstar Games [12/06/2007|21:58] C:\Program Files\Services en ligne [29/11/2005|19:00] C:\Program Files\ShowTime [22/03/2009|17:18] C:\Program Files\SimpleCenter [29/11/2005|18:56] C:\Program Files\Sonic [03/02/2008|02:44] C:\Program Files\Symantec [09/04/2009|13:21] C:\Program Files\TELE2 [25/02/2008|01:44] C:\Program Files\T‚l‚chargeur de FlatOut2 [24/05/2006|12:50] C:\Program Files\TFC [16/02/2008|00:11] C:\Program Files\The Wonderful Wizard Of Oz [09/04/2009|11:46] C:\Program Files\Trend Micro [29/11/2005|18:56] C:\Program Files\Ulead Systems [29/11/2005|18:56] C:\Program Files\Uninstall Information [20/02/2007|11:49] C:\Program Files\Wanadoo Edition [09/04/2009|13:36] C:\Program Files\Windows Live [02/01/2009|19:06] C:\Program Files\Windows Live SkyDrive [29/11/2005|18:56] C:\Program Files\Windows Media Components [27/02/2008|18:23] C:\Program Files\Windows Media Connect 2 [22/12/2007|19:53] C:\Program Files\Windows Media Player [03/01/2009|18:01] C:\Program Files\Windows NT [29/11/2005|18:56] C:\Program Files\WindowsUpdate [29/11/2005|18:56] C:\Program Files\xerox [18/08/2008|00:28] C:\Program Files\Yahoo! [26/02/2009|11:19] C:\Program Files\Zylom Games --------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs [13/04/2008|14:20] C:\Program Files\Fichiers communs\Adobe [27/02/2008|18:28] C:\Program Files\Fichiers communs\AOL [25/02/2008|01:43] C:\Program Files\Fichiers communs\BOONTY Shared [22/02/2006|20:21] C:\Program Files\Fichiers communs\Borland Shared [11/02/2006|23:07] C:\Program Files\Fichiers communs\Hewlett-Packard [01/01/2008|16:11] C:\Program Files\Fichiers communs\HP [22/03/2009|17:18] C:\Program Files\Fichiers communs\i4j_jres [16/10/2007|17:29] C:\Program Files\Fichiers communs\InstallShield [29/11/2005|18:56] C:\Program Files\Fichiers communs\Java [21/02/2009|13:14] C:\Program Files\Fichiers communs\Microsoft Shared [29/11/2005|18:56] C:\Program Files\Fichiers communs\MSSoap [22/03/2009|17:19] C:\Program Files\Fichiers communs\Nokia [29/11/2005|18:56] C:\Program Files\Fichiers communs\Nullsoft [10/06/2008|22:50] C:\Program Files\Fichiers communs\Oberon Media [29/11/2005|18:56] C:\Program Files\Fichiers communs\ODBC [22/03/2009|17:15] C:\Program Files\Fichiers communs\PCSuite [29/11/2005|18:56] C:\Program Files\Fichiers communs\Real [29/11/2005|18:58] C:\Program Files\Fichiers communs\Services [29/11/2005|18:58] C:\Program Files\Fichiers communs\Sonic Shared [29/11/2005|18:56] C:\Program Files\Fichiers communs\SpeechEngines [29/11/2005|18:58] C:\Program Files\Fichiers communs\SureThing Shared [03/02/2008|02:46] C:\Program Files\Fichiers communs\Symantec Shared [19/12/2007|22:29] C:\Program Files\Fichiers communs\System [29/11/2005|18:56] C:\Program Files\Fichiers communs\Ulead Systems [02/01/2009|18:59] C:\Program Files\Fichiers communs\Windows Live [22/12/2007|19:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller [29/11/2005|18:56] C:\Program Files\Fichiers communs\xing shared --------------------\ Process ( 59 Processes ) ... OK ! --------------------\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\ Verification du Registre ..... OK ! --------------------\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-09 13:49:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... folder error: D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1 --------------------\ Recherche d'autres infections C:\Program Files\MessengerSkinner C:\Program Files\MessengerSkinner\Conditions g‚n‚rales.url C:\Program Files\MessengerSkinner\Confidentialit‚.url C:\Program Files\MessengerSkinner\download C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll C:\Program Files\MessengerSkinner esources C:\Program Files\MessengerSkinner\updates C:\Program Files\MessengerSkinner\Website.url C:\WINDOWS\System32 vs2.inf D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe.dat D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe.exe D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe_nav.dat D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1\oecwe_navps.dat [b]==> EGDACCESS <==/b C:\WINDOWS\system32\afirutir.ini C:\WINDOWS\system32\afirutir.ini2 C:\WINDOWS\system32\afirutir.tmp C:\WINDOWS\system32\ajewitab.ini C:\WINDOWS\system32\ajewitab.ini2 C:\WINDOWS\system32\ajewitab.tmp C:\WINDOWS\system32\gsbsuvdg.ini C:\WINDOWS\system32\gsbsuvdg.ini2 C:\WINDOWS\system32\gsbsuvdg.tmp C:\WINDOWS\system32\isusurad.ini C:\WINDOWS\system32\isusurad.ini2 C:\WINDOWS\system32\isusurad.tmp C:\WINDOWS\system32\isusurad.tmp2 C:\WINDOWS\system32\qrstAcdd.ini C:\WINDOWS\system32\qrstAcdd.ini2 C:\WINDOWS\system32\uhofozop.ini C:\WINDOWS\system32\uhofozop.ini2 C:\WINDOWS\system32\uhofozop.tmp C:\WINDOWS\system32\urugovuj.ini C:\WINDOWS\system32\urugovuj.ini2 C:\WINDOWS\system32\urugovuj.tmp C:\WINDOWS\system32\wwruqfqt.ini C:\WINDOWS\system32\wwruqfqt.ini2 C:\WINDOWS\system32\wwruqfqt.tmp C:\WINDOWS\system32 iturifa.dll C:\WINDOWS\system32\darususi.dll C:\WINDOWS\system32\pozofohu.dll C:\WINDOWS\system32\juvoguru.dll [b]==> VUNDO <==/b --------------------\ Cracks & Keygens .. D:\DOCUME~1\Mireille\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-5c7ad222-5e09288c.au D:\DOCUME~1\Mireille\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-5c7ad222-5e09288c.idx [F:12011][D:835]-> D:\DOCUME~1\Mireille\LOCALS~1\Temp [F:872][D:0]-> D:\DOCUME~1\Mireille\Cookies [F:1291][D:15]-> D:\DOCUME~1\Mireille\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 09/04/2009|12:40 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 09/04/2009|13:53 - Option : [2] --------------------\ Fin du rapport a 13:53:01

romain35 · Answer

Analyse de navilog1 terminer voici sont rapport !

Search Navipromo version 3.7.6 commencé le 09/04/2009 à 14:08:28,67

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12
USER : Mireille ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090228-0] 4.8.1296 (Not Activated)


C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:148 Go (Free:139 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "D:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\Mireille\applic~1" *** 


*** Recherche dossiers dans "D:\Documents and Settings\Mireille\locals~1\applic~1" *** 


*** Recherche dossiers dans "D:\Documents and Settings\Mireille\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "D:\Documents and Settings\Mireille\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qewmgai"="\"d:\documents and settings\mireille\local settings\application data\qewmgai.exe\" qewmgai"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "D:\Documents and Settings\Mireille\locals~1\applic~1" : 

oecwe.exe trouvé !
oecwe.dat trouvé !
oecwe_nav.dat trouvé !
oecwe_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

C:\WINDOWS\system32\afirutir.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ajewitab.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\gsbsuvdg.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\isusurad.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\qrstAcdd.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uhofozop.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\urugovuj.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\wwruqfqt.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 09/04/2009 à 14:12:07,93 ***

Cordialement,
romain

Utilisateur anonyme · Answer

NETTOYAGE

Relances navilog , cette fois choisis l’option 2, Le programme va travailler
Postes le rapport

Apres l’option 2 :

Cliques sur menu Démarrer puis Panneau de configuration 
Double-clicques sur Options Internet 
Cliques sur l'onglet Contenu puis sur Certificats, dans la colonne Editeurs approuvés, supprimes si présent : 
electronic-group 
egroup 
Montorgueil 
VIP 
"Sunny Day Design Ltd" 
OOO-Favorit 

ENSUITE


# Il y a  une infection EoRezo (enfin boonty)...
 L'installation d'un des logiciels issu de leur site affiche des pub, modifie la page 

d'accueil etc... 

XTélécharge Ad-Remover (de C_X) sur ton Bureau. 



/!\ Déconnecte toi et ferme toutes les applications en cours /!\ 

&#9679; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files ) 
&#9679; Double clique sur l'icône Ad-remover située sur ton Bureau 
&#9679; Au menu principal choisis l'option "A" 
&#9679; Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

et penses a faire la procedure de jlpjlp pour virer avast :
POUR T EVITER DE CHERCHER CLIQUES ICI

A+

romain35 · Answer

voici le rapport de la 2ème option de navilog 

Clean Navipromo version 3.7.6 commencé le 09/04/2009 à 15:29:10,71

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12
USER : Mireille ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090228-0] 4.8.1296 (Not Activated)


C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:148 Go (Free:139 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "D:\Documents and Settings\Mireille\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\MessengerSkinner ...suppression... 
...\MessengerSkinner supprimé ! 


*** Suppression dossiers dans "D:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "D:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "d:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "D:\Documents and Settings\Mireille\applic~1" *** 


*** Suppression dossiers dans "D:\Documents and Settings\Mireille\locals~1\applic~1" *** 


*** Suppression dossiers dans "D:\Documents and Settings\Mireille\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu D:\Documents and Settings\Mireille\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *



* Dans "D:\Documents and Settings\Mireille\locals~1\applic~1" * 


oecwe.exe trouvé ! 
Copie oecwe.exe réalisée avec succès !
oecwe.exe supprimé !

oecwe.dat trouvé ! 
Copie oecwe.dat réalisée avec succès !
oecwe.dat supprimé !

oecwe_nav.dat trouvé ! 
Copie oecwe_nav.dat réalisée avec succès !
oecwe_nav.dat supprimé !

oecwe_navps.dat trouvé ! 
Copie oecwe_navps.dat réalisée avec succès !
oecwe_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

C:\WINDOWS\system32\afirutir.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ajewitab.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\gsbsuvdg.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\isusurad.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\qrstAcdd.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uhofozop.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\urugovuj.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\wwruqfqt.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !


*** Nettoyage terminé le 09/04/2009 à 15:33:31,65 ***

P.S: si j'enlève l'antivirus avast je n'ait plus d'antivirus comme j'ai supprimée F secure  !

romain35 · Answer

maintenant au démarrage du pc voici le message d'erreur 

RUNDLL

Erreur de chargement de c:\windows\system32\wayowemu.dll
le module spécifier est introuvable !

Cordialement,
romain

Utilisateur anonyme · Answer

Il faut aussi le rapport ADREMOVER option A stp, peut etre es tu entrain de le faire ;)

romain35 · Answer

Voici le rapport ADREMOVER


------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------

Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

Start at: 15:57:57, Jeu 09/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 2 (version 5.1.2600)
Computer Name: 111320100315
Current User: Mireille - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 53

+-----------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ploutounette et le livre magique_is1
.
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
D:\Documents and Settings\All Users\Application Data\BOONTY
D:\Documents and Settings\Mireille\Bureau\ Jeux … t‚l‚charger.lnk
D:\Documents and Settings\Mireille\Bureau\Ploutounette et le livre magique.lnk
C:\WINDOWS\Prefetch\BOONTY.EXE-1C9DCFB8.pf
C:\WINDOWS\Prefetch\BOONTYGAMES.0001-1AC62646.pf
D:\Documents and Settings\Mireille\Cookies\mireille@ads.boonty[2].txt
D:\Documents and Settings\Mireille\Cookies\mireille@payment.boonty[2].txt
D:\Documents and Settings\Mireille\Cookies\mireille@shell.boonty[2].txt

+-----------------| Eorezo Elements Found:

.
D:\Documents and Settings\Mireille\Cookies\mireille@scache2.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Europa Casino
HKLM\Software\Europa Casino
.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

============ Other Adwares Found ============

.
HKLM\Software\Trymedia Systems
.
D:\Documents and Settings\Mireille\Cookies\mireille@ads.addynamix[1].txt
D:\Documents and Settings\Mireille\Cookies\mireille@atdmt[2].txt
D:\Documents and Settings\Mireille\Cookies\mireille@bs.serving-sys[1].txt
D:\Documents and Settings\Mireille\Cookies\mireille@bs.serving-sys[3].txt
D:\Documents and Settings\Mireille\Cookies\mireille@eurobarre[2].txt

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.8 ----

ProfilePath: rssxuudy.default (Mireille)
.
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

+-[HKEY_USERS\S-1-5-21-108753967-1153242955-2885337112-1006\..\Internet Explorer\Main]

Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

3904 Byte(s) - C:\Ad-Report-Scan-09.04.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 16:06:41 | 09/04/2009
.
+-----------------| E.O.F - 89 Lines
.


Cordialement,
romain

Utilisateur anonyme · Answer

NETTOYAGE

Déconnectes toi et fermes toutes applications en cours ! 

* Relance "Ad-remover" : au menu principal choisi l'option "B" . Nettoyage 
puis option 2 

Saisies les chiffres correspondant a tes infections en faisant "entrée" a chaque fois pour les valider,
 dans ton cas :

EOREZO
BOONTY
LOGICIELS POKER
AUTRES ADWARES...

puis tapes S

--> le programme va travailler ... 

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse a la suite

( le rapport est sauvegardé aussi sous C:\Ad-report.log ) 

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide) /!\

romain35 · Answer

voici le rapport :


------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------

Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

**** LIMITED TO ****

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim
Other Adwares

********************

Start at: 16:22:03, Jeu 09/04/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 2 (version 5.1.2600)
Computer Name: 111320100315
Current User: Mireille - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 51

(!) ---- IE start pages/Tabs reset

+-----------------| Boonty/Boonty Games Elements Deleted :

Service: "Boonty Games"
.
HKCR\boontybox
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ploutounette et le livre magique_is1
.
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
D:\Documents and Settings\All Users\Application Data\BOONTY
D:\Documents and Settings\Mireille\Bureau\ Jeux … t‚l‚charger.lnk
D:\Documents and Settings\Mireille\Bureau\Ploutounette et le livre magique.lnk
C:\WINDOWS\Prefetch\BOONTY.EXE-1C9DCFB8.pf
C:\WINDOWS\Prefetch\BOONTYGAMES.0001-1AC62646.pf
D:\Documents and Settings\Mireille\Cookies\mireille@ads.boonty[2].txt
D:\Documents and Settings\Mireille\Cookies\mireille@payment.boonty[2].txt
D:\Documents and Settings\Mireille\Cookies\mireille@shell.boonty[2].txt

+-----------------| Eorezo Elements Deleted :

.
D:\Documents and Settings\Mireille\Cookies\mireille@scache2.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Deleted :

HKCU\Software\Europa Casino
HKLM\Software\Europa Casino
.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Deleted :

.
.

+-----------------| It's TV Elements Deleted :

.

+-----------------| Sweetim Elements Deleted :

.

============ Other Adwares Deleted ============

.
HKLM\Software\Trymedia Systems
.
D:\Documents and Settings\Mireille\Cookies\mireille@ads.addynamix[1].txt
D:\Documents and Settings\Mireille\Cookies\mireille@atdmt[2].txt
D:\Documents and Settings\Mireille\Cookies\mireille@bs.serving-sys[1].txt
D:\Documents and Settings\Mireille\Cookies\mireille@bs.serving-sys[3].txt
D:\Documents and Settings\Mireille\Cookies\mireille@eurobarre[2].txt

---- Complementary Cleaning + Heuristic ----


... Done !


(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.8 ----

ProfilePath: rssxuudy.default (Mireille)
.
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-108753967-1153242955-2885337112-1006\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

4562 Byte(s) - C:\Ad-Report-Clean-09.04.2009.log
4144 Byte(s) - C:\Ad-Report-Scan-09.04.2009.log

1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
13 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 16:34:00 | 09/04/2009
.
+-----------------| E.O.F - 105 Lines
.


Cordialement,
romain

Utilisateur anonyme · Answer

Tres bien , penses a poster un nouveau rapport hijackthis stp

romain35 · Answer

voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:49, on 09/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {8F67E146-FB6C-418F-9FE5-37AA2206D92E} - C:\WINDOWS\system32\ljJBSklK.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5F6EB28-3B2C-47F0-B4EA-21FF267EF890} - C:\WINDOWS\system32\ddcAtsrq.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [delcourt] C:\delcourt\Pc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CPMe7d560ef] Rundll32.exe "c:\windows\system32\wayowemu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\jihizeda.dll c:\windows\system32\pihenedo.dll c:\windows\system32\wayowemu.dll
O20 - Winlogon Notify: ljJBSklK - ljJBSklK.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wayowemu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wayowemu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Utilisateur anonyme · Answer

Tres bien maintenant VUNDO :

Imprime ces instructions ou sauvegarde les sur ton Bureau car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharge Malwarebytes’ Anti-Malware 

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX)

 

- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware 
- Enregistres le sur le bureau 
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation 
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware 
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes 
- Une fois la mise à jour terminée, ferme Malwarebytes 
- Double-cliques sur l’icône de malwarebytes pour le relancer 
- Dans l’onglet, Recherche, probablement ouvert par défaut, 
- Sélectionne Exécuter un examen complet 
- Clique sur Rechercher (ca peut durer un bon moment ;))
- Le scan démarre 
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés. 
- Cliques sur Ok pour poursuivre. 
- Si des malwares ont été détectés, cliques sur Afficher les résultats 
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse. 
- Rends toi dans l’onglet rapport/log 
- Tu cliques dessus pour l’afficher une fois affiché 
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout 
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse 
- Tu cliques droit dans le cadre de la réponse et coller 

Si tu as besoin d’aide regarde ce tutorial 

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
ps: s'il te demande de redemarrer : fais le !

romain35 · Answer

re,

voici le rapport

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1958
Windows 5.1.2600 Service Pack 2

09/04/2009 17:43:57
mbam-log-2009-04-09 (17-43-57).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 251969
Temps écoulé: 36 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 128

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f67e146-fb6c-418f-9fe5-37aa2206d92e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbsklk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f67e146-fb6c-418f-9fe5-37aa2206d92e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f67e146-fb6c-418f-9fe5-37aa2206d92e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\office one 450 fonts_is1 (Worm.Archive) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme7d560ef (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8f67e146-fb6c-418f-9fe5-37aa2206d92e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJBSklK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Alicia\Local Settings\Application Data\mcmig_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Alicia\Local Settings\Application Data\mcmig_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Alicia\Local Settings\Application Data\mcmig.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Alicia\Local Settings\Application Data\mcmig.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250109.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250112.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250259.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250170.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250228.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250229.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250246.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250258.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250261.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP789\A0250265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zehuruwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lozawaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32efemope.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mevozeha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pegatijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yejedufi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\defupabo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hajigira.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pipibuju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\devoresi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	uneyevi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

jlpjlp · Answer

parfait beau boulot!!

tu nous remets un rapport neuf RSIT pour verifier!

romain35 · Answer

j'ai pas très bien compris jlpjlp (RSIT)!

jlpjlp · Answer

effectivement on n'avais pas fais :)

neophyte*** poursuivra !


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Utilisateur anonyme · Answer

il voulait dire tu fais ca :pour verifier lol

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau. 

- Double-clique sur RSIT.exe afin de lancer le programme. 

- Clique sur Continue à l'écran Disclaimer. 

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. 

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches). 

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Utilisateur anonyme · Answer

Parfait beau boulot!!

^^mr est trop bon ;)

romain35 · Answer

Voici les 2 rapports

info.txt

info.txt logfile of random's system information tool 1.06 2009-04-09 17:56:44

======Uninstall list======

-->"c:\apps\skype\phone\unins000.exe"
-->C:\PROGRA~1\GOTOSO~1\VADERE~1\UNWISE.EXE C:\PROGRA~1\GOTOSO~1\VADERE~1\INSTALL.LOG
-->C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
-->MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE"  -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A32C786-85DE-48F8-9E54-848B3E34A90C}\setup.exe" -l0x40c  -removeonly
-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0 ME-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 4.05 ME\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 4.05 ME\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ad-remover-->C:\Program Files\Ad-remover\Uninstall ADR.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Ciel Devis Factures-->MsiExec.exe /I{86399190-A8D6-4158-86C8-24080024A1F3}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Correctif Windows XP - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
EA SPORTS online 2004-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Media Server 4.2.0.32-->C:\Program Files\SimpleCenter\uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
ISSENDIS WebUpdate v6-->"C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\unins000.exe"
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe"  -l040c
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxi Puzzles-->"C:\Program Files\Micro Application\Maxi Puzzles\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery P.I. The Lottery Ticket Deluxe-->"C:\Program Files\Zylom Games\Mystery P.I. The Lottery Ticket Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Navilog1 3.7.6-->"C:\Program Files\Navilog1\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia NSeries Application Installer-->MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries Music Manager-->MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255}
Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414}
Nokia NSeries System Utilities-->MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Software Launcher-->MsiExec.exe /I{8287D31D-78FF-4EDA-BB26-A29459E8DA97}
Nokia Software Updater-->MsiExec.exe /X{20BCD471-7897-481D-ACF2-CB9BABF6A6CF}
OFFICE One 150 Modèles de documents-->"C:\Program Files\OFFICE ONE6.5\Modeles\unins000.exe"
OFFICE One 6.5 Bureautique désinstallation complète 6.5-->"C:\Program Files\OFFICE One6.5\Uninstall All\SETUP\setup.exe" /u
OFFICE One 6.5-->c:\Program Files\OFFICE ONE6.5\program\setup.exe -deinstall
OFFICE One Clock 6.5-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\SETUP\setup.exe" /u
OFFICE One Color Picker 6.5-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Color Picker\SETUP\setup.exe" /u
OFFICE One Comptes Bancaires v6-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Comptes Bancaires v6\unins000.exe"
OFFICE One Guide 6.5-->"C:\Program Files\OFFICE ONE6.5\Guide\SETUP\setup.exe" /u
OFFICE One Notes 6.5-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\SETUP\setup.exe" /u
OFFICE One Zip v6-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Zip v6\unins000.exe"
ours-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{2a6b0969-89d0-43ff-ae42-32a7551f9aa9}.sdb"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x40c REMOVE -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090409-0] (disabled)

======System event log======

Computer Name: 111320100315
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 669237
Source Name: Service Control Manager
Time Written: 20090406180111.000000+120
Event Type: Informations
User: 111320100315\Mireille

Computer Name: 111320100315
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 669236
Source Name: Service Control Manager
Time Written: 20090406175910.000000+120
Event Type: Informations
User: 

Computer Name: 111320100315
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

Record Number: 669235
Source Name: Service Control Manager
Time Written: 20090406175910.000000+120
Event Type: Informations
User: 

Computer Name: 111320100315
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 669234
Source Name: Service Control Manager
Time Written: 20090406175910.000000+120
Event Type: Informations
User: 111320100315\Mireille

Computer Name: 111320100315
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 669233
Source Name: Service Control Manager
Time Written: 20090406175713.000000+120
Event Type: Informations
User: 

=====Application event log=====

Computer Name: 111320100315
Event Code: 0
Message: 
Record Number: 5239
Source Name: CLCapSvc
Time Written: 20081209151818.000000+060
Event Type: Informations
User: 

Computer Name: 111320100315
Event Code: 1001
Message: Détecteur d'erreurs 1023027163.

Record Number: 5238
Source Name: Application Error
Time Written: 20081208222322.000000+060
Event Type: erreur
User: 

Computer Name: 111320100315
Event Code: 1000
Message: Application défaillante oemkwqw.exe, version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00d4e87a.

Record Number: 5237
Source Name: Application Error
Time Written: 20081208222312.000000+060
Event Type: erreur
User: 

Computer Name: 111320100315
Event Code: 302
Message: msnmsgr (5864) \.\D:\Documents and Settings\Mireille\Local Settings\Application Data\Microsoft\Messenger\floriane.35@live.fr\SharingMetadata\Working\database_545C_E198_5CE1_7560\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

Record Number: 5236
Source Name: ESENT
Time Written: 20081208183916.000000+060
Event Type: Informations
User: 

Computer Name: 111320100315
Event Code: 301
Message: msnmsgr (5864) \.\D:\Documents and Settings\Mireille\Local Settings\Application Data\Microsoft\Messenger\floriane.35@live.fr\SharingMetadata\Working\database_545C_E198_5CE1_7560\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \.\D:\Documents and Settings\Mireille\Local Settings\Application Data\Microsoft\Messenger\floriane.35@live.fr\SharingMetadata\Working\database_545C_E198_5CE1_7560\fsr.log.

Record Number: 5235
Source Name: ESENT
Time Written: 20081208183913.000000+060
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\PROGRA~1\FICHIE~1\SONICS~1\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mireille at 2009-04-09 17:56:39
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 17 GB (55%) free of 31 GB
Total RAM: 895 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:42, on 09/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Mireille\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mireille.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5F6EB28-3B2C-47F0-B4EA-21FF267EF890} - C:\WINDOWS\system32\ddcAtsrq.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [delcourt] C:\delcourt\Pc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\jihizeda.dll c:\windows\system32\pihenedo.dll c:\windows\system32\wayowemu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

jlpjlp · Answer

il manque la fin du deuxieme

romain35 · Answer

Voici le rapport log.txt complet

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mireille at 2009-04-09 17:56:39
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 17 GB (55%) free of 31 GB
Total RAM: 895 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:42, on 09/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Mireille\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mireille.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5F6EB28-3B2C-47F0-B4EA-21FF267EF890} - C:\WINDOWS\system32\ddcAtsrq.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [delcourt] C:\delcourt\Pc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\jihizeda.dll c:\windows\system32\pihenedo.dll c:\windows\system32\wayowemu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Utilisateur anonyme · Answer

Relances HIJACKTHIS mais cette fois clic sur 
DO A SYSTEM ONLY
puis coches toutes ces lignes (et seulement ces lignes : tu pourrais altérer le fonctionnement de ton pc!)
puis clic sur 
FIX CHEKEED

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C 1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
O2 - BHO: (no name) - {B5F6EB28-3B2C-47F0-B4EA-21FF267EF890} - C:\WINDOWS\system32\ddcAtsrq.dll (file missing) 
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE     
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe     
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')     
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')     
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')     
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')     
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe 
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC     
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName     
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"     
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe     
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot     
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime     
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"  
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
PUIS 

Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).

dis nous quand c'est fait :)

sof26110 · Answer

Et o ou vous allé ???
c'est juste le Sponsor de MSN+
Il suffit de desinstallé MSN+ et tout est réglé.

romain35 · Answer

Je vous remercie beaucoup pour votre aide je n'ait plus aucune pub qui s'affiche à l'écrant

Utilisateur anonyme · Answer

Lyonnais92, j'aurais pas dit mieux !

Mieux vaut s'abstenir quelquefois^^


Romain on ne t'a jamais dit que c'etait fini !!!

Attends qu'on te dise que c'est fini stp , tu as encore des infections, et ds 1 semaine tu reviens nous voir.



/!\ A l'attention de ceux qui passent sur ce sujet /!\ 
Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé. 


telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes qui se trovent ds ce fichier (a telecharger)
http://sd-1.archive-host.com/membres/up/157165553231658156/SCRIPTROMAIN35.txt


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

romain35 · Answer

voici le compte-rendu : ComboFix 09-04-04.01 - Mireille 2009-04-09 19:39:10.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.895.389 [GMT 2:00] Lancé depuis: d:\documents and settings\Mireille\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090409-0] *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\GamesBar\oberontb.dll c:\windows\system32\abofubuz.ini c:\windows\system32\abutimek.ini c:\windows\system32\afigipay.ini c:\windows\system32\afirutir.ini c:\windows\system32\afirutir.ini2 c:\windows\system32\afirutir.tmp c:\windows\system32\afivapaf.ini c:\windows\system32\ajewitab.ini c:\windows\system32\ajewitab.ini2 c:\windows\system32\ajewitab.tmp c:\windows\system32\amkvurut.ini c:\windows\system32\arxkcnxe.ini c:\windows\system32\aviralet.ini c:\windows\system32\cfrkhoys.ini c:\windows\system32\clvqhnrj.ini c:\windows\system32\covrdfhv.ini c:\windows\system32\eabduiud.ini c:\windows\system32\ebaweraw.ini c:\windows\system32\eeepubje.ini c:\windows\system32\efahiweb.ini c:\windows\system32\ejususig.ini c:\windows\system32\erokolez.ini c:\windows\system32\esudupip.ini c:\windows\system32\ezopotaf.ini c:\windows\system32\fnjjivhe.ini c:\windows\system32\gjxdhxux.ini c:\windows\system32\gnvqxyjn.ini c:\windows\system32\gsbsuvdg.ini c:\windows\system32\gsbsuvdg.ini2 c:\windows\system32\gsbsuvdg.tmp c:\windows\system32\gvosxnpw.ini c:\windows\system32\hdkhxwag.ini c:\windows\system32\hrthvdmj.ini c:\windows\system32\ibewofuh.ini c:\windows\system32\ibewofuh.tmp c:\windows\system32\ibewofuh.tmp2 c:\windows\system32\igiwojek.ini c:\windows\system32\iheguhol.ini c:\windows\system32\ijufasos.ini c:\windows\system32\ikolokin.ini c:\windows\system32\ikudowil.ini c:\windows\system32\ikudowil.tmp c:\windows\system32\ikudowil.tmp2 c:\windows\system32\insuttoi.ini c:\windows\system32\isoguzib.ini c:\windows\system32\isusurad.ini c:\windows\system32\isusurad.ini2 c:\windows\system32\isusurad.tmp c:\windows\system32\isusurad.tmp2 c:\windows\system32\itizehel.ini c:\windows\system32\iwoyodiz.ini c:\windows\system32\iyuzoper.ini c:\windows\system32\jhltqfml.ini c:\windows\system32\ksuveqnd.ini c:\windows\system32\kuvnqjqa.ini c:\windows\system32\lnwgjbgt.ini c:\windows\system32\lwoedtwk.ini c:\windows\system32\lwutftsy.ini c:\windows\system32\mcdrnauj.ini c:\windows\system32\mfxunxfo.ini c:\windows\system32\mfxunxfo.tmp c:\windows\system32\mfxunxfo.tmp2 c:\windows\system32\oduveres.ini c:\windows\system32\ofijejan.ini c:\windows\system32\ofobohar.ini c:\windows\system32\okuwotun.ini c:\windows\system32\qrstAcdd.ini c:\windows\system32\qrstAcdd.ini2 c:\windows\system32\qtjgjbvp.ini c:\windows\system32\qygfiubw.ini c:\windows\system32 jfupjgk.ini c:\windows\system32 kptosfx.ini c:\windows\system32\snrxleun.ini c:\windows\system32\sqkiyscg.ini c:\windows\system32 adqtuiy.ini c:\windows\system32 hyopbuj.ini c:\windows\system32 sswgveq.ini c:\windows\system32\ubazerak.ini c:\windows\system32\ubifapid.ini c:\windows\system32\uhofozop.ini c:\windows\system32\uhofozop.ini2 c:\windows\system32\uhofozop.tmp c:\windows\system32\urugovuj.ini c:\windows\system32\urugovuj.ini2 c:\windows\system32\urugovuj.tmp c:\windows\system32\usagasas.ini c:\windows\system32\usofehet.ini c:\windows\system32\usudujam.ini c:\windows\system32\uwaburuw.ini c:\windows\system32\uyarevul.ini c:\windows\system32\wikmjqyp.ini c:\windows\system32\wvyfgofw.ini c:\windows\system32\wwruqfqt.ini c:\windows\system32\wwruqfqt.ini2 c:\windows\system32\wwruqfqt.tmp c:\windows\system32\xocrdyfg.ini d:\documents and settings\Alicia\Menu Démarrer\Programmes\InternetGameBox d:\documents and settings\Alicia\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk d:\documents and settings\Alicia\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk d:\documents and settings\Alicia\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk d:\documents and settings\Alicia\Menu Démarrer\Programmes\InternetGameBox\Website.lnk . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-09 au 2009-04-09 )))))))))))))))))))))))))))))))))))) . 2009-04-09 19:03 . 2009-04-09 19:03 d-------- d:\documents and settings\All Users\Application Data\Messenger Plus! 2009-04-09 18:47 . 2009-04-09 18:47 d-------- c:\program files\Messenger Plus! Live 2009-04-09 18:24 . 2009-04-09 18:24 d-------- c:\program files\CCleaner 2009-04-09 17:05 . 2009-04-09 17:05 d-------- d:\documents and settings\Mireille\Application Data\Malwarebytes 2009-04-09 17:05 . 2009-04-09 17:05 d-------- d:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-09 15:57 . 2009-04-09 18:36 d-------- c:\program files\Ad-remover 2009-04-09 11:46 . 2009-04-09 11:46 d-------- c:\program files\Trend Micro 2009-04-07 19:06 . 2009-04-07 19:06 d----c--- d:\documents and settings\Alexandre\Application Data\PC Suite 2009-04-07 19:06 . 2009-04-07 19:06 d----c--- d:\documents and settings\Alexandre\Application Data\Nokia 2009-03-29 10:24 . 2009-03-29 10:24 d-------- d:\documents and settings\Dominique\Application Data\PC Suite 2009-03-29 10:24 . 2009-03-29 10:24 d-------- d:\documents and settings\Dominique\Application Data\Nokia 2009-03-22 17:19 . 2009-03-22 17:19 d-------- d:\documents and settings\All Users\Application Data\Nokia 2009-03-22 17:19 . 2009-03-22 17:19 d-------- c:\program files\Fichiers communs\Nokia 2009-03-22 17:18 . 2009-03-22 17:18 d-------- c:\program files\SimpleCenter 2009-03-22 17:18 . 2009-03-22 17:18 d-------- c:\program files\Fichiers communs\i4j_jres 2009-03-22 17:16 . 2009-04-09 11:02 d-------- d:\documents and settings\All Users\Application Data\PC Suite 2009-03-22 17:15 . 2009-03-22 17:47 d-------- d:\documents and settings\Mireille\Application Data\Nokia 2009-03-22 17:15 . 2009-03-22 17:15 d-------- c:\program files\Fichiers communs\PCSuite 2009-03-22 17:14 . 2009-03-22 17:16 d-------- d:\documents and settings\Mireille\Application Data\PC Suite 2009-03-22 17:14 . 2009-03-22 17:14 d-------- c:\program files\PC Connectivity Solution 2009-03-22 17:14 . 2009-03-22 17:19 d-------- c:\program files\Nokia 2009-03-22 17:14 . 2009-03-22 17:14 d-------- c:\program files\DIFX 2009-03-22 17:14 . 2007-02-22 11:15 90,624 --a------ c:\windows\system32 mwcdcls.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-09 17:39 --------- d-----w c:\program files\GamesBar 2009-04-09 16:37 --------- d-----w c:\program files\Zylom Games 2009-04-09 13:33 --------- d-----w c:\program files\Navilog1 2009-04-09 11:36 --------- d-----w c:\program files\Windows Live 2009-04-09 11:21 --------- d-----w c:\program files\TELE2 2009-04-09 09:51 --------- d-----w c:\program files\MSN Messenger 2009-04-09 09:09 --------- d-----w c:\program files\Java 2009-03-19 14:00 --------- d-----w d:\documents and settings\Mireille\Application Data\PowerChallenge 2009-02-26 09:21 --------- d-----w d:\documents and settings\Mireille\Application Data\Zylom 2009-02-21 11:19 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-21 11:16 --------- d-----w c:\program files\Microsoft Sync Framework 2009-02-21 11:15 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-02-12 18:24 63,488 -c--a-w c:\windows\xobglu16.dll 2009-02-12 18:24 32,794 -c--a-w c:\windows\xobglu32.dll 2009-02-10 17:12 --------- d-----w c:\program files\Maxis 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2008-03-13 12:52 0 -c--a-w c:\program files emp01 2009-01-07 11:30 2,724 -csh--w c:\windows\system32\godidusa.dll 2009-01-03 15:39 2,724 -csh--w c:\windows\system32\gotafahu.dll 2009-01-08 16:44 2,724 -csh--w c:\windows\system32\lejivaya.dll 2009-01-06 12:42 2,724 -csh--w c:\windows\system32 ahilifo.dll 2009-01-03 03:39 2,724 -csh--w c:\windows\system32 onowoda.dll 2008-09-29 22:05 3,072 -csha-w c:\windows\system32 efadojo.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] d:\documents and settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] d:\documents and settings\Alicia\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] d:\documents and settings\Dominique\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-02-22 257536] OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-02-22 559104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "VIDC.JDCT"= jl_jdct.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\aol.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"= "%windir%\system32\sessmgr.exe"= "c:\APPS\Inventime\my.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "c:\APPS\skype\phone\Skype.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\WINDOWS\system32\mmc.exe"= "c:\Program Files\LimeWire\LimeWire.exe"= "c:\WINDOWS\system32\wbem\wmiprvse.exe"= "c:\Program Files\Alwil Software\Avast4\ashServ.exe"= "c:\Program Files\Alwil Software\Avast4\Setup\avast.setup"= "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"= "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"= "c:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe"= "c:\WINDOWS\system32\wbem\wmiapsrv.exe"= "c:\APPS\HIDSERVICE\HidService.exe"= "c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"= "c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"= "c:\ATI Technologies\ATI Control Panel\atiptaxx.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "d:\Documents and Settings\Mireille\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 DIBLOAD2;Digital TV firmware loader(Type 2);c:\windows\system32\drivers\dgtvload2.sys [2006-04-21 17123] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 MODUSB;Digital TV DVB-T USB adapter driver;c:\windows\system32\drivers\dgtvcap.sys [2006-04-21 16312] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-delcourt - c:\delcourt\Pc.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - d:\documents and settings\Mireille\Application Data\Mozilla\Firefox\Profiles ssxuudy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - plugin: c:\program files\Mozilla Firefox\plugins pzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: d:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer pzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-09 19:44:34 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-108753967-1153242955-2885337112-1006\Software\SecuROM\License information*] "datasecu"=hex:d9,a0,fa,46,e9,b8,c3,c2,de,ae,fa,47,35,9c,c5,6b,9b,4b,a1,f1,dd, b3,bc,65,e3,3d,ea,f7,51,33,d0,e1,23,2d,68,00,5b,19,a3,5e,91,c8,6a,4f,47,1f,\ "rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(548) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\apps\HIDSERVICE\HidService.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\apps\ABOARD\AOSD.EXE c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-04-09 19:46:28 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-09 17:46:26 Avant-CF: 17 717 981 184 octets libres Après-CF: 17,523,949,568 octets libres 304 --- E O F --- 2009-04-09 15:56:08

romain35 · Answer

qu'en je veut fusioner le script il me dit que le script à mal été écris

romain35 · Answer

j'ai réussi avec le script voici le 2ème rapport ComboFix 09-04-04.01 - Mireille 2009-04-09 19:59:43.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.895.413 [GMT 2:00] Lancé depuis: d:\documents and settings\Mireille\Bureau\ComboFix.exe Commutateurs utilisés :: d:\documents and settings\Mireille\Bureau\CFScript.txt AV: avast! antivirus 4.8.1296 [VPS 090409-0] *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\afirutir.ini c:\windows\system32\afirutir.ini2 c:\windows\system32\afirutir.tmp c:\windows\system32\ajewitab.ini c:\windows\system32\ajewitab.ini2 c:\windows\system32\ajewitab.tmp c:\windows\system32\darususi.dll c:\windows\system32\ddcAtsrq.dll c:\windows\system32\gsbsuvdg.ini c:\windows\system32\gsbsuvdg.ini2 c:\windows\system32\gsbsuvdg.tmp c:\windows\system32\isusurad.ini c:\windows\system32\isusurad.ini2 c:\windows\system32\isusurad.tmp c:\windows\system32\isusurad.tmp2 c:\windows\system32\jihizeda.dll c:\windows\system32\juvoguru.dll c:\windows\system32\pihenedo.dll c:\windows\system32\pozofohu.dll c:\windows\system32\qrstAcdd.ini c:\windows\system32\qrstAcdd.ini2 c:\windows\system32 iturifa.dll c:\windows\system32\uhofozop.ini c:\windows\system32\uhofozop.ini2 c:\windows\system32\uhofozop.tmp c:\windows\system32\urugovuj.ini c:\windows\system32\urugovuj.ini2 c:\windows\system32\urugovuj.tmp c:\windows\system32\wayowemu.dll c:\windows\system32\wwruqfqt.ini c:\windows\system32\wwruqfqt.ini2 c:\windows\system32\wwruqfqt.tmp . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-09 au 2009-04-09 )))))))))))))))))))))))))))))))))))) . 2009-04-09 19:50 . 2009-04-09 19:50 d-------- c:\program files\Fichiers communs\MainConcept 2009-04-09 19:49 . 2009-04-09 19:50 d-------- d:\documents and settings\Mireille\.SimpleCenter 2009-04-09 19:03 . 2009-04-09 19:03 d-------- d:\documents and settings\All Users\Application Data\Messenger Plus! 2009-04-09 18:47 . 2009-04-09 18:47 d-------- c:\program files\Messenger Plus! Live 2009-04-09 18:24 . 2009-04-09 18:24 d-------- c:\program files\CCleaner 2009-04-09 17:05 . 2009-04-09 17:05 d-------- d:\documents and settings\Mireille\Application Data\Malwarebytes 2009-04-09 17:05 . 2009-04-09 17:05 d-------- d:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-09 15:57 . 2009-04-09 18:36 d-------- c:\program files\Ad-remover 2009-04-09 11:46 . 2009-04-09 11:46 d-------- c:\program files\Trend Micro 2009-04-07 19:06 . 2009-04-07 19:06 d----c--- d:\documents and settings\Alexandre\Application Data\PC Suite 2009-04-07 19:06 . 2009-04-07 19:06 d----c--- d:\documents and settings\Alexandre\Application Data\Nokia 2009-03-29 10:24 . 2009-03-29 10:24 d-------- d:\documents and settings\Dominique\Application Data\PC Suite 2009-03-29 10:24 . 2009-03-29 10:24 d-------- d:\documents and settings\Dominique\Application Data\Nokia 2009-03-22 17:19 . 2009-03-22 17:19 d-------- d:\documents and settings\All Users\Application Data\Nokia 2009-03-22 17:19 . 2009-03-22 17:19 d-------- c:\program files\Fichiers communs\Nokia 2009-03-22 17:18 . 2009-03-22 17:18 d-------- c:\program files\SimpleCenter 2009-03-22 17:18 . 2009-03-22 17:18 d-------- c:\program files\Fichiers communs\i4j_jres 2009-03-22 17:16 . 2009-04-09 11:02 d-------- d:\documents and settings\All Users\Application Data\PC Suite 2009-03-22 17:15 . 2009-03-22 17:47 d-------- d:\documents and settings\Mireille\Application Data\Nokia 2009-03-22 17:15 . 2009-03-22 17:15 d-------- c:\program files\Fichiers communs\PCSuite 2009-03-22 17:14 . 2009-03-22 17:16 d-------- d:\documents and settings\Mireille\Application Data\PC Suite 2009-03-22 17:14 . 2009-03-22 17:14 d-------- c:\program files\PC Connectivity Solution 2009-03-22 17:14 . 2009-03-22 17:19 d-------- c:\program files\Nokia 2009-03-22 17:14 . 2009-03-22 17:14 d-------- c:\program files\DIFX 2009-03-22 17:14 . 2007-02-22 11:15 90,624 --a------ c:\windows\system32 mwcdcls.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-09 17:39 --------- d-----w c:\program files\GamesBar 2009-04-09 16:37 --------- d-----w c:\program files\Zylom Games 2009-04-09 13:33 --------- d-----w c:\program files\Navilog1 2009-04-09 11:36 --------- d-----w c:\program files\Windows Live 2009-04-09 11:21 --------- d-----w c:\program files\TELE2 2009-04-09 09:51 --------- d-----w c:\program files\MSN Messenger 2009-04-09 09:09 --------- d-----w c:\program files\Java 2009-03-19 14:00 --------- d-----w d:\documents and settings\Mireille\Application Data\PowerChallenge 2009-03-09 03:19 410,984 -c--a-w c:\windows\system32\deploytk.dll 2009-02-26 09:21 --------- d-----w d:\documents and settings\Mireille\Application Data\Zylom 2009-02-21 11:19 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-21 11:16 --------- d-----w c:\program files\Microsoft Sync Framework 2009-02-21 11:15 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-02-12 18:24 63,488 -c--a-w c:\windows\xobglu16.dll 2009-02-12 18:24 32,794 -c--a-w c:\windows\xobglu32.dll 2009-02-10 17:12 --------- d-----w c:\program files\Maxis 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-01-28 10:02 2,724 -csh--w c:\windows\system32\fokitape.dll 2009-01-27 20:24 2,724 -csh--w c:\windows\system32\litikusi.dll 2009-01-27 08:24 2,724 -csh--w c:\windows\system32 eyesiti.dll 2009-01-26 14:08 2,724 -csh--w c:\windows\system32\wayebomi.dll 2009-01-25 10:31 2,724 -csh--w c:\windows\system32\fibikavi.dll 2009-01-24 21:01 2,724 -csh--w c:\windows\system32\sidehole.dll 2009-01-23 19:52 2,724 -csh--w c:\windows\system32\birokone.dll 2009-01-20 14:24 2,724 -csh--w c:\windows\system32\hedafatu.dll 2009-01-14 13:20 2,724 -csh--w c:\windows\system32\dulosilo.dll 2009-01-12 13:20 2,724 -csh--w c:\windows\system32\yupabuse.dll 2009-01-09 16:17 2,724 -csh--w c:\windows\system32 ubiwewa.dll 2008-03-13 12:52 0 -c--a-w c:\program files emp01 2009-01-07 11:30 2,724 -csh--w c:\windows\system32\godidusa.dll 2009-01-03 15:39 2,724 -csh--w c:\windows\system32\gotafahu.dll 2009-01-08 16:44 2,724 -csh--w c:\windows\system32\lejivaya.dll 2009-01-06 12:42 2,724 -csh--w c:\windows\system32 ahilifo.dll 2009-01-03 03:39 2,724 -csh--w c:\windows\system32 onowoda.dll 2008-09-29 22:05 3,072 -csha-w c:\windows\system32 efadojo.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-09-07 94208] d:\documents and settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] d:\documents and settings\Alicia\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] d:\documents and settings\Dominique\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-02-22 257536] OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-02-22 559104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "VIDC.JDCT"= jl_jdct.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\aol.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"= "%windir%\system32\sessmgr.exe"= "c:\APPS\Inventime\my.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "c:\APPS\skype\phone\Skype.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\WINDOWS\system32\mmc.exe"= "c:\Program Files\LimeWire\LimeWire.exe"= "c:\WINDOWS\system32\wbem\wmiprvse.exe"= "c:\Program Files\Alwil Software\Avast4\ashServ.exe"= "c:\Program Files\Alwil Software\Avast4\Setup\avast.setup"= "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"= "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"= "c:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe"= "c:\WINDOWS\system32\wbem\wmiapsrv.exe"= "c:\APPS\HIDSERVICE\HidService.exe"= "c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"= "c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"= "c:\ATI Technologies\ATI Control Panel\atiptaxx.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "d:\Documents and Settings\Mireille\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"= "c:\Program Files\SimpleCenter\Home Media Server.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 DIBLOAD2;Digital TV firmware loader(Type 2);c:\windows\system32\drivers\dgtvload2.sys [2006-04-21 17123] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 MODUSB;Digital TV DVB-T USB adapter driver;c:\windows\system32\drivers\dgtvcap.sys [2006-04-21 16312] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - d:\documents and settings\Mireille\Application Data\Mozilla\Firefox\Profiles ssxuudy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - plugin: c:\program files\Mozilla Firefox\plugins pzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: d:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer pzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-09 20:01:01 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-108753967-1153242955-2885337112-1006\Software\SecuROM\License information*] "datasecu"=hex:d9,a0,fa,46,e9,b8,c3,c2,de,ae,fa,47,35,9c,c5,6b,9b,4b,a1,f1,dd, b3,bc,65,e3,3d,ea,f7,51,33,d0,e1,23,2d,68,00,5b,19,a3,5e,91,c8,6a,4f,47,1f,\ "rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(548) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-04-09 20:02:04 ComboFix-quarantined-files.txt 2009-04-09 18:01:55 ComboFix2.txt 2009-04-09 17:46:29 Avant-CF: 17 467 645 952 octets libres Après-CF: 17,452,781,568 octets libres 227 --- E O F --- 2009-04-09 15:56:08

Utilisateur anonyme · Answer

ok 
rends sur https://www.virustotal.com/gui/
et analyses tous ces fichiers :
(clic sur parcourir...si on te dit deja analysés...clic sur analyser a nouveau)

c:\windows\system32
mwcdcls.dll
c:\windows\xobglu16.dll
c:\windows\xobglu32.dll
c:\windows\system32\sirenacm.dll
c:\windows\system32\fokitape.dll
c:\windows\system32\litikusi.dll
c:\windows\system32	eyesiti.dll
c:\windows\system32\wayebomi.dll
c:\windows\system32\fibikavi.dll
c:\windows\system32\sidehole.dll
c:\windows\system32\birokone.dll
c:\windows\system32\hedafatu.dll
c:\windows\system32\dulosilo.dll
c:\windows\system32\yupabuse.dll
c:\windows\system32	ubiwewa.dll
c:\windows\system32\godidusa.dll
c:\windows\system32\gotafahu.dll
c:\windows\system32\lejivaya.dll
c:\windows\system32
ahilifo.dll
c:\windows\system32
onowoda.dll
c:\windows\system32efadojo.dll

et postes les rapports stp
.

romain35 · Answer

voici le rapport

http://www.virustotal.com/fr/analisis/4a6f9c7326d3c2a299c38badde6cfd88

jlpjlp · Answer

ne colle que ceux qui sont infectés ou un résumé (nombre le considerant infecté)

bonne suite

romain35 · Answer

j'ai mis le lien de l'analyse comme je n'ait pas très bien compris !

jlpjlp · Answer

mets le nom du fichier analysé le juste le nombre d'antivirus qui considère le fichier comme infecté dans un seul message cela sera plus pratique pour néophyte***

romain35 · Answer

Bonjour,

la réponse ce trouve sur ce poste pour l'analyse 

http://www.commentcamarche.net/forum/affich 11916285 comment enlever la pub cid?page=3#42 !

Cordialement,
romain

Utilisateur anonyme · Answer

slt
non il faut mettre les fichiers 1 par 1 pour l'analyse :

tu devrait avoir d'afficher en titre lorsque le rapport s'ouvre:

Fichier TON NOM DE FICHIER (exemple:xobglu16.dll) reçu le 2009.02.16 13:03:29 (CET) 

je te redonne la manip :

• Rends toi sur le site https://www.virustotal.com/gui/ 
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : C:\NAV_Update.exe 
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse. 
• Fais un copier/coller du rapport sur le forum. 

Si tu ne trouves pas le fichier, fais ceci : 
• Menu Démarrer --> Panneau de configuration --> Options des dossiers --> Affichage 
• Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide. 
• Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.

romain35 · Answer

Bonjour,

si j'ai bien compris j'analyse tout c'est fichier via le site virusTotal

c:\windows\system32
mwcdcls.dll
c:\windows\xobglu16.dll
c:\windows\xobglu32.dll
c:\windows\system32\sirenacm.dll
c:\windows\system32\fokitape.dll
c:\windows\system32\litikusi.dll
c:\windows\system32	eyesiti.dll
c:\windows\system32\wayebomi.dll
c:\windows\system32\fibikavi.dll
c:\windows\system32\sidehole.dll
c:\windows\system32\birokone.dll
c:\windows\system32\hedafatu.dll
c:\windows\system32\dulosilo.dll
c:\windows\system32\yupabuse.dll
c:\windows\system32	ubiwewa.dll
c:\windows\system32\godidusa.dll
c:\windows\system32\gotafahu.dll
c:\windows\system32\lejivaya.dll
c:\windows\system32
ahilifo.dll
c:\windows\system32
onowoda.dll
c:\windows\system32efadojo.dll 

Cordialement,
romain

Utilisateur anonyme · Answer

si j'ai bien compris

lol, t'as bien compris, mais tu vas voir c'est rapide ;)

romain35 · Answer

qu'en j'ai choisie le dossier cela me mes ça à la fin de l'analyse 

Exception

Please report failure as: ErrorTime= "Apr 10 14:21:39"

Utilisateur anonyme · Answer

j'ai essayé et ca me met la meme chose reessaies un peu plus tard , je suppose que ca vient du site

romain35 · Answer

j'ai toujours ce message 

Exception

Please report failure as: ErrorTime= "Apr 10 14:21:39"

cordialement,
romain

Utilisateur anonyme · Answer

t'en a essayé plusieurs

sinon on va faire autrement :

Fais un scan en ligne Kaspersky : 

• Désactive ton antivirus 

• Rends toi sur ce site : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (avec Internet Explorer uniquement) 

• En bas à droite, clique sur Démarrer Online-scanner 

• Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte 

• Accepte les Contrôle ActiveX 

• Choisis Poste de travail pour le scan. 

• Celui-ci terminé, sauvegarde le rapport (choisis fichier texte) et poste le dans ta prochaine réponse. 

Pour t'aider à utiliser le scan en ligne, consulte ce tutoriel 

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

romain35 · Answer

re, 

analyse termiser

Total de fichiers analysés : 126602 
Nombre de virus trouvés : 2 
Nombre d'objets infectés : 13 
Nombre d'objets suspects : 0 
Durée de l'analyse : 01:21:40

Utilisateur anonyme · Answer

ca c'est pas un rapport ^^
le lien du tutoriel n'estait pas valide dans ce que je t'ai donné
vas faire un tour ici :
CLIQUES LA

Il faut aller chercher le rapport que t'as du enregistrer a la fin, dedans il y a les noms des infections presentes ;)

romain35 · Answer

a la fin de l'analyse je n'avais rien pour enregistrer faut que je recommance

Utilisateur anonyme · Answer

C'est que tu as du zapper :

Si c'est pas trop long recommences, il faut absolument les noms qu'on puisse envisager autrechose !

Lorsque le scan est terminé, vous obtenez un tableau avec les virus détectés. 
Vous avez alors la possibilité d'enregistrer le rapport en cliquant sur le bouton "Enregistrer rapport sous". Une fenêtre s'ouvre alors, pour choisir le dossier dans lequel le rapport sera enregistré. 
Saisissez un nom de rapport en bas de la fenêtre, dans le champs nom de fichier 
En double-cliquant sur le fichier, vous obtenez le rapport. Vous avez alors la possibilité de copier/coller ce rapport en cliquant sur le menu Edition/Sélectionner tout puis Edition/copier 

si t'es pas rassuré avec kapersky essaies bitdefender (le rapport s'ouvre tout seul en cliquant sur la fenetre!)
CLIQUES ICI POUR LIRE LE TUTO

romain35 · Answer

je suis en train de faire le scan de kaspersky online en ce moment je suis rendu à 60% !

Cordialement,
romain

romain35 · Answer

re,

l'analyse est termine mes j'ai toujours le bouton Stopper l'anal, rien d'autre pour avoir le rapport !

Cordialement,
romain

Utilisateur anonyme · Answer

la c'est bitdefender donc qd le scan est terminé :
Lorsque le scan est terminé, cliquez sur le bouton Fermerc'est dans le tuto que je t'ai donné !

ensuite 
Un rapport est alors généré pour visualiser le rapport cliquez sur le lien Cliquez ici pour voir le rapport
Le rapport s'ouvre sur le navigateur. Vous pouvez alors copier/coller le contenu ...

romain35 · Answer

Je scan avec Bitdefender, je mes le rapport en ligne des que ceci est terminer !

Ciordialement,
romain

Lyonnais92 · Answer

Salut,

je m'immisce car 15 mn de recherche sur le web résolvent la majorité des fichiers :

https://www.google.fr/search?q=refadojo.dll&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a&gws_rd=ssl

==> malware

http://www.prevx.com/filenames/X636125729942062238-X1/NONOWODA.DLL.html

http://www.prevx.com/filenames/X3026500511441618314-X1/NAHILIFO.DLL.html

http://www.prevx.com/filenames/X645267516307784468-X1/LEJIVAYA.DLL.html

http://www.prevx.com/filenames/X717146617019265970-X1/GOTAFAHU.DLL.html

http://www.prevx.com/filenames/X51994214909206469-X1/GODIDUSA.DLL.html

http://www.prevx.com/filenames/X1159817397907666004-X1/TUBIWEWA.DLL.html

http://www.prevx.com/filenames/3661388872929290155-X1/YUPABUSE.DLL.html

http://www.prevx.com/filenames/3932263979919005512-X1/DULOSILO.DLL.html

et

http://74.125.77.132/search?q=cache:oMgTsRIz-K0J:www.nucia.eu/forum/attachment.php%3Fattachmentid%3D4627%26d%3D1230026575+dulosilo.dll&cd=8&hl=fr&ct=clnk&gl=fr&client=firefox-a

http://www.prevx.com/filenames/X810111718353796146-X1/HEDAFATU.DLL.html

.....

http://www.prevx.com/filenames/477713784463673903-X1/LITIKUSI.DLL.html

http://www.prevx.com/filenames/62659792222708668-X1/FOKITAPE.DLL.html


par contre :

http://www.prevx.com/filenames/X2630193625627401239-X1/SIRENACM.DLL.html

==> VT

===https://www.broadcom.com/

https://www.broadcom.com/

==< légitimes



Et, pour le premier 

http://www.prevx.com/filenames/111645386673245476-X1/MYDOCS.DLL.html

probablement malware, mais doute donc VT.

seuls 2 ou 3 méritent un examen VirusTotal (à défaut sur Jotti

https://virusscan.jotti.org/  )

romain35 · Answer

Voici le rapport 

Info d'analyse
Fichiers scannés   	142850
Infectés Fichiers          22

Virus Détectés
Adware.SpywareSecure.C   2
Trojan.Swizzor.2  3
Trojan.Swizzor.3  10
Gen:Adware.Heur.0141BEAEAE  2
Trojan.Swizzor.4 5

Cordialement,
 romain

Utilisateur anonyme · Answer

D'ou l'interet du scan en ligne (jlp ;) )

 Il y a une infection Lop/Swizzor qui affiche des fenêtres de publicités "CiD". Elle s'installe via les logiciels suivants notamment, en contrepartie de leur dite « gratuité » : 

 Le sponsor de Messenger Plus! 
 Bittorent 
 BitDownload 
 BitGrabber 
 NetPumper 
 BitRoll 
 TorrentQ 
 Torrent101 

Pour la supprimer, fais ceci : 

 Désactive ton antivirus. 
 Télécharge Lop S&D (créé par eric 71) sur ton Bureau : LOP SD
 Double-clique dessus pour lancer l'installation 
 Double-clique sur le raccourci Lop S&D présent sur ton Bureau 
 Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) 
 Patiente jusqu'à la fin du scan 
 Poste le rapport généré 
 Réactive ton antivirus 

Tutoriel pour t’aider

romain35 · Answer

re,

voici le rapport


   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
   BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12
   USER : Mireille ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1296 [VPS 090409-0] 4.8.1296 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:29 Go (Free:18 Go)
   D:\ (Local Disk) - NTFS - Total:148 Go (Free:144 Go)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 10/04/2009|19:39 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [10/06/2008|18:23] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Adobe
   [01/11/2006|15:58] D:\DOCUME~1\ALEXAN~1\APPLIC~1\AdobeUM
   [06/08/2006|12:27] D:\DOCUME~1\ALEXAN~1\APPLIC~1\CyberLink
   [25/12/2007|15:47] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Google
   [05/04/2006|18:03] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Help
   [14/08/2008|13:02] D:\DOCUME~1\ALEXAN~1\APPLIC~1\HP
   [29/11/2005|19:04] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Identities
   [22/02/2006|22:28] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Image Zone Express
   [02/05/2006|16:33] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Leadertech
   [26/07/2006|11:51] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Macromedia
   [01/03/2009|14:43] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Microsoft
   [15/07/2008|21:39] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Mozilla
   [07/04/2009|19:06] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Nokia
   [19/02/2006|18:14] D:\DOCUME~1\ALEXAN~1\APPLIC~1\OD2
   [22/02/2006|22:08] D:\DOCUME~1\ALEXAN~1\APPLIC~1\OFFICE One v6
   [07/04/2009|19:06] D:\DOCUME~1\ALEXAN~1\APPLIC~1\PC Suite
   [02/04/2007|12:22] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Real
   [02/05/2006|16:33] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Sonic
   [22/12/2007|00:03] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Sun
   [19/04/2006|14:02] D:\DOCUME~1\ALEXAN~1\APPLIC~1\Symantec
   [16/07/2007|16:26] D:\DOCUME~1\ALEXAN~1\APPLIC~1\VadeRetro
   [03/02/2008|20:40] D:\DOCUME~1\ALEXAN~1\APPLIC~1\WildTangent
   [29/11/2005|19:04] D:\DOCUME~1\ALEXAN~1\APPLIC~1\You've Got Pictures Screensaver

   [05/03/2008|15:29] D:\DOCUME~1\Alicia\APPLIC~1\Adobe
   [17/08/2006|17:45] D:\DOCUME~1\Alicia\APPLIC~1\AdobeUM
   [09/03/2007|20:36] D:\DOCUME~1\Alicia\APPLIC~1\CyberLink
   [26/01/2008|14:53] D:\DOCUME~1\Alicia\APPLIC~1\Google
   [27/02/2006|18:11] D:\DOCUME~1\Alicia\APPLIC~1\Help
   [03/02/2007|21:46] D:\DOCUME~1\Alicia\APPLIC~1\HP
   [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Identities
   [24/02/2006|21:15] D:\DOCUME~1\Alicia\APPLIC~1\Image Zone Express
   [24/02/2006|18:51] D:\DOCUME~1\Alicia\APPLIC~1\Leadertech
   [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Macromedia
   [26/04/2008|14:48] D:\DOCUME~1\Alicia\APPLIC~1\Magic Academy
   [19/12/2008|19:18] D:\DOCUME~1\Alicia\APPLIC~1\Microsoft
   [18/07/2008|17:01] D:\DOCUME~1\Alicia\APPLIC~1\Mozilla
   [16/02/2006|15:13] D:\DOCUME~1\Alicia\APPLIC~1\OD2
   [22/02/2006|21:50] D:\DOCUME~1\Alicia\APPLIC~1\OFFICE One v6
   [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\Real
   [24/02/2006|18:51] D:\DOCUME~1\Alicia\APPLIC~1\Sonic
   [21/12/2007|22:59] D:\DOCUME~1\Alicia\APPLIC~1\Sun
   [20/04/2006|18:24] D:\DOCUME~1\Alicia\APPLIC~1\Symantec
   [18/03/2006|20:25] D:\DOCUME~1\Alicia\APPLIC~1\Ulead Systems
   [29/11/2005|19:04] D:\DOCUME~1\Alicia\APPLIC~1\You've Got Pictures Screensaver

   [22/03/2009|17:17] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [20/01/2008|20:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Alawar Stargaze
   [29/01/2008|15:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AlawarGameBox
   [27/02/2008|18:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [08/08/2008|22:18] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
   [27/04/2008|16:55] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
   [19/03/2008|10:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
   [15/02/2008|23:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
   [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [30/07/2008|16:22] D:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
   [17/01/2008|10:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Enkord
   [18/01/2008|10:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
   [04/08/2008|21:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
   [23/06/2008|11:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games
   [12/02/2008|17:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
   [30/01/2008|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
   [01/03/2008|15:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
   [01/03/2008|15:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
   [15/08/2008|22:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
   [07/07/2008|22:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
   [25/06/2008|22:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
   [16/09/2008|10:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
   [24/07/2008|21:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games
   [22/12/2007|19:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [01/08/2008|23:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare
   [11/02/2006|23:09] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
   [02/07/2008|16:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
   [16/06/2008|15:02] D:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [09/04/2009|17:05] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [09/04/2009|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [21/02/2009|13:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [08/04/2008|00:08] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo
   [12/06/2008|16:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
   [18/06/2008|16:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
   [14/11/2008|12:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
   [24/01/2009|19:52] D:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
   [22/03/2009|17:19] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
   [23/06/2008|16:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
   [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
   [09/04/2009|11:02] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
   [05/08/2008|15:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [10/06/2008|21:48] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
   [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [22/05/2008|17:09] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [29/11/2005|19:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [29/07/2008|22:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\ScreenSeven
   [02/09/2007|18:42] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [27/08/2008|12:10] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [08/08/2008|23:33] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
   [03/02/2008|02:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [17/08/2008|15:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [10/02/2008|01:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation
   [14/03/2008|10:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [29/11/2005|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [29/11/2005|19:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
   [16/02/2008|00:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
   [22/12/2007|19:51] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [02/01/2009|18:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [04/03/2008|10:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
   [28/11/2005|03:44] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
   [29/11/2005|19:04] D:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

   [17/03/2008|22:10] D:\DOCUME~1\DOMINI~1\APPLIC~1\Adobe
   [29/07/2008|21:49] D:\DOCUME~1\DOMINI~1\APPLIC~1\Big Fish Games
   [22/02/2006|19:06] D:\DOCUME~1\DOMINI~1\APPLIC~1\CyberLink
   [31/07/2008|17:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\eGames
   [02/03/2008|12:13] D:\DOCUME~1\DOMINI~1\APPLIC~1\F-Secure
   [28/02/2006|20:23] D:\DOCUME~1\DOMINI~1\APPLIC~1\Help
   [22/02/2006|19:33] D:\DOCUME~1\DOMINI~1\APPLIC~1\HP
   [19/12/2008|14:21] D:\DOCUME~1\DOMINI~1\APPLIC~1\Identities
   [22/02/2006|22:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\Image Zone Express
   [20/02/2006|01:14] D:\DOCUME~1\DOMINI~1\APPLIC~1\Leadertech
   [05/01/2008|23:30] D:\DOCUME~1\DOMINI~1\APPLIC~1\LimeWire
   [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\Macromedia
   [01/03/2009|21:40] D:\DOCUME~1\DOMINI~1\APPLIC~1\Microsoft
   [07/07/2008|14:33] D:\DOCUME~1\DOMINI~1\APPLIC~1\Mozilla
   [29/03/2009|10:24] D:\DOCUME~1\DOMINI~1\APPLIC~1\Nokia
   [12/02/2006|13:19] D:\DOCUME~1\DOMINI~1\APPLIC~1\OD2
   [22/02/2006|20:45] D:\DOCUME~1\DOMINI~1\APPLIC~1\OFFICE One v6
   [29/03/2009|10:24] D:\DOCUME~1\DOMINI~1\APPLIC~1\PC Suite
   [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\Real
   [31/07/2008|17:46] D:\DOCUME~1\DOMINI~1\APPLIC~1\SecuROM
   [22/02/2006|19:10] D:\DOCUME~1\DOMINI~1\APPLIC~1\Sonic
   [22/02/2006|19:37] D:\DOCUME~1\DOMINI~1\APPLIC~1\Sun
   [12/02/2006|13:15] D:\DOCUME~1\DOMINI~1\APPLIC~1\Symantec
   [14/05/2006|17:19] D:\DOCUME~1\DOMINI~1\APPLIC~1\VadeRetro
   [29/11/2005|19:04] D:\DOCUME~1\DOMINI~1\APPLIC~1\You've Got Pictures Screensaver
   [19/12/2008|14:21] D:\DOCUME~1\DOMINI~1\APPLIC~1\Zylom

   [23/12/2007|21:20] D:\DOCUME~1\Floriane\APPLIC~1\Adobe
   [28/02/2006|17:28] D:\DOCUME~1\Floriane\APPLIC~1\AdobeUM
   [16/03/2006|22:06] D:\DOCUME~1\Floriane\APPLIC~1\CyberLink
   [28/02/2006|17:00] D:\DOCUME~1\Floriane\APPLIC~1\Help
   [22/05/2006|18:11] D:\DOCUME~1\Floriane\APPLIC~1\HP
   [29/11/2005|19:04] D:\DOCUME~1\Floriane\APPLIC~1\Identities
   [27/12/2006|18:56] D:\DOCUME~1\Floriane\APPLIC~1\Macromedia
   [26/02/2008|20:24] D:\DOCUME~1\Floriane\APPLIC~1\Microsoft
   [05/12/2008|23:30] D:\DOCUME~1\Floriane\APPLIC~1\Mozilla
   [12/02/2006|20:34] D:\DOCUME~1\Floriane\APPLIC~1\OD2
   [05/05/2007|16:13] D:\DOCUME~1\Floriane\APPLIC~1\Real
   [16/02/2006|10:46] D:\DOCUME~1\Floriane\APPLIC~1\Sun
   [21/04/2006|16:21] D:\DOCUME~1\Floriane\APPLIC~1\Symantec
   [25/05/2006|22:37] D:\DOCUME~1\Floriane\APPLIC~1\Ulead Systems
   [16/03/2006|23:05] D:\DOCUME~1\Floriane\APPLIC~1\VadeRetro
   [29/11/2005|19:04] D:\DOCUME~1\Floriane\APPLIC~1\You've Got Pictures Screensaver

   [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Identities
   [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
   [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
   [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\Real
   [28/11/2005|03:44] D:\DOCUME~1\INVIT~1\APPLIC~1\Symantec
   [29/11/2005|19:04] D:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver

   [29/11/2005|19:04] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [11/02/2008|00:45] D:\DOCUME~1\Mireille\APPLIC~1\Abra Academy2
   [22/03/2009|17:17] D:\DOCUME~1\Mireille\APPLIC~1\Adobe
   [27/02/2006|15:53] D:\DOCUME~1\Mireille\APPLIC~1\AdobeUM
   [03/06/2008|16:13] D:\DOCUME~1\Mireille\APPLIC~1\AlwaysNeat
   [19/08/2008|12:38] D:\DOCUME~1\Mireille\APPLIC~1\Ancient Quest of Saqqarah__reflexive
   [02/07/2008|16:24] D:\DOCUME~1\Mireille\APPLIC~1\Big Fish Games
   [02/11/2008|17:15] D:\DOCUME~1\Mireille\APPLIC~1\BloodTies
   [05/02/2008|17:17] D:\DOCUME~1\Mireille\APPLIC~1\Boomzap
   [25/11/2008|00:35] D:\DOCUME~1\Mireille\APPLIC~1\Canvas Multi-Media
   [07/02/2008|17:49] D:\DOCUME~1\Mireille\APPLIC~1\CaribbeanHideaway
   [26/07/2008|18:45] D:\DOCUME~1\Mireille\APPLIC~1\cerasus.media
   [21/04/2006|14:43] D:\DOCUME~1\Mireille\APPLIC~1\CyberLink
   [09/02/2008|23:44] D:\DOCUME~1\Mireille\APPLIC~1\DiVision Studios - Escaping Atlantis
   [08/05/2008|14:42] D:\DOCUME~1\Mireille\APPLIC~1\DivX
   [30/07/2008|16:21] D:\DOCUME~1\Mireille\APPLIC~1\eGames
   [23/06/2008|11:26] D:\DOCUME~1\Mireille\APPLIC~1\Flood Light Games
   [12/02/2008|17:32] D:\DOCUME~1\Mireille\APPLIC~1\FloodLightGames
   [01/03/2008|15:21] D:\DOCUME~1\Mireille\APPLIC~1\F-Secure
   [07/06/2008|12:21] D:\DOCUME~1\Mireille\APPLIC~1\funkitron
   [02/07/2008|15:06] D:\DOCUME~1\Mireille\APPLIC~1\Gaijin Ent
   [19/06/2008|14:33] D:\DOCUME~1\Mireille\APPLIC~1\gemsweeperextractedgfx
   [25/06/2008|22:28] D:\DOCUME~1\Mireille\APPLIC~1\Genimo
   [24/07/2008|21:25] D:\DOCUME~1\Mireille\APPLIC~1\Gogii Games
   [23/12/2007|22:27] D:\DOCUME~1\Mireille\APPLIC~1\Google
   [28/02/2006|14:48] D:\DOCUME~1\Mireille\APPLIC~1\Help
   [29/05/2006|13:37] D:\DOCUME~1\Mireille\APPLIC~1\HP
   [26/02/2009|11:21] D:\DOCUME~1\Mireille\APPLIC~1\Identities
   [11/06/2008|11:29] D:\DOCUME~1\Mireille\APPLIC~1\Image Zone Express
   [16/10/2008|21:31] D:\DOCUME~1\Mireille\APPLIC~1\iWin
   [15/02/2006|11:43] D:\DOCUME~1\Mireille\APPLIC~1\Leadertech
   [01/03/2008|00:05] D:\DOCUME~1\Mireille\APPLIC~1\LimeWire
   [07/05/2008|15:57] D:\DOCUME~1\Mireille\APPLIC~1\Macromedia
   [15/05/2008|23:37] D:\DOCUME~1\Mireille\APPLIC~1\Magic Academy
   [09/04/2009|17:05] D:\DOCUME~1\Mireille\APPLIC~1\Malwarebytes
   [22/02/2009|13:51] D:\DOCUME~1\Mireille\APPLIC~1\Microsoft
   [09/04/2009|13:37] D:\DOCUME~1\Mireille\APPLIC~1\Mozilla
   [02/01/2009|18:40] D:\DOCUME~1\Mireille\APPLIC~1\MSNInstaller
   [03/06/2008|14:56] D:\DOCUME~1\Mireille\APPLIC~1\MythicPearls
   [22/03/2009|17:47] D:\DOCUME~1\Mireille\APPLIC~1\Nokia
   [25/02/2008|18:11] D:\DOCUME~1\Mireille\APPLIC~1\Notepad++
   [12/02/2006|21:02] D:\DOCUME~1\Mireille\APPLIC~1\OD2
   [22/01/2007|14:18] D:\DOCUME~1\Mireille\APPLIC~1\OFFICE One v6
   [22/03/2009|17:16] D:\DOCUME~1\Mireille\APPLIC~1\PC Suite
   [28/06/2008|19:52] D:\DOCUME~1\Mireille\APPLIC~1\Pirateville
   [09/07/2008|21:48] D:\DOCUME~1\Mireille\APPLIC~1\PlayFirst
   [22/03/2008|23:44] D:\DOCUME~1\Mireille\APPLIC~1\Pogo Games
   [19/03/2009|16:00] D:\DOCUME~1\Mireille\APPLIC~1\PowerChallenge
   [15/03/2008|20:04] D:\DOCUME~1\Mireille\APPLIC~1\Printer Info Cache
   [01/10/2006|13:48] D:\DOCUME~1\Mireille\APPLIC~1\Real
   [16/11/2008|17:00] D:\DOCUME~1\Mireille\APPLIC~1\RealArcade
   [28/06/2008|12:09] D:\DOCUME~1\Mireille\APPLIC~1\SecuROM
   [12/01/2009|11:28] D:\DOCUME~1\Mireille\APPLIC~1\Skip-Bo
   [21/04/2006|14:36] D:\DOCUME~1\Mireille\APPLIC~1\Sonic
   [19/09/2008|14:20] D:\DOCUME~1\Mireille\APPLIC~1\SpinTop Games
   [22/09/2008|15:43] D:\DOCUME~1\Mireille\APPLIC~1\SprillBermudeEng
   [27/06/2008|10:55] D:\DOCUME~1\Mireille\APPLIC~1\SprillBermudeFr
   [19/12/2007|01:19] D:\DOCUME~1\Mireille\APPLIC~1\Sun
   [18/04/2006|09:26] D:\DOCUME~1\Mireille\APPLIC~1\Symantec
   [01/08/2008|16:36] D:\DOCUME~1\Mireille\APPLIC~1\TheScruffs
   [27/12/2006|18:05] D:\DOCUME~1\Mireille\APPLIC~1\Ulead Systems
   [01/02/2008|08:54] D:\DOCUME~1\Mireille\APPLIC~1\URSE Games
   [13/04/2006|13:52] D:\DOCUME~1\Mireille\APPLIC~1\VadeRetro
   [10/04/2009|11:50] D:\DOCUME~1\Mireille\APPLIC~1\vlc
   [29/11/2005|19:04] D:\DOCUME~1\Mireille\APPLIC~1\You've Got Pictures Screensaver
   [26/02/2009|11:21] D:\DOCUME~1\Mireille\APPLIC~1\Zylom

   [19/12/2007|22:28] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [18/12/2007|13:17] D:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [10/04/2009 11:19][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 15:00][-rah-c---] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [17/08/2008|15:28] C:\Program Files\10 Jours Sous Les Mers
   [24/07/2007|14:51] C:\Program Files\3DRTBrickBlaster
   [27/04/2008|15:41] C:\Program Files\absolutist.com
   [27/04/2008|15:44] C:\Program Files\Absolutist_Games
   [22/03/2009|17:17] C:\Program Files\Adobe
   [09/04/2009|18:36] C:\Program Files\Ad-remover
   [10/04/2009|11:50] C:\Program Files\adslTV
   [15/02/2008|23:56] C:\Program Files\Alawar
   [22/12/2007|19:00] C:\Program Files\Alwil Software
   [29/11/2005|18:56] C:\Program Files\AMD
   [16/05/2006|17:49] C:\Program Files\Another Day
   [01/05/2008|14:57] C:\Program Files\AOL Games
   [27/04/2008|16:54] C:\Program Files\bfgclient
   [09/04/2009|18:24] C:\Program Files\CCleaner
   [29/11/2005|18:56] C:\Program Files\ComPlus Applications
   [25/05/2008|18:11] C:\Program Files\Cossacks
   [29/11/2005|18:56] C:\Program Files\CyberLink
   [22/03/2009|17:14] C:\Program Files\DIFX
   [14/03/2006|11:48] C:\Program Files\directx
   [03/01/2009|16:00] C:\Program Files\DivX
   [23/10/2007|20:08] C:\Program Files\DK
   [23/03/2008|01:44] C:\Program Files\DXBall2
   [15/02/2008|23:55] C:\Program Files\Escape From Paradise
   [09/04/2009|20:00] C:\Program Files\Fichiers communs
   [05/11/2006|15:47] C:\Program Files\Firaxis Games
   [09/04/2009|19:39] C:\Program Files\GamesBar
   [29/11/2005|18:56] C:\Program Files\GMixon
   [29/11/2005|18:56] C:\Program Files\Goto Software
   [11/02/2006|23:08] C:\Program Files\Hewlett-Packard
   [01/01/2008|16:11] C:\Program Files\HP
   [02/01/2009|20:52] C:\Program Files\InstallShield Installation Information
   [10/04/2009|01:40] C:\Program Files\Internet Explorer
   [22/02/2006|20:22] C:\Program Files\ISSENDIS
   [09/04/2009|11:09] C:\Program Files\Java
   [22/04/2006|14:08] C:\Program Files\Kristanix
   [28/11/2006|19:13] C:\Program Files\Lasermedia
   [29/11/2005|18:56] C:\Program Files\Learn2.com
   [10/02/2009|19:12] C:\Program Files\Maxis
   [10/04/2009|01:26] C:\Program Files\Messenger
   [09/04/2009|18:47] C:\Program Files\Messenger Plus! Live
   [30/01/2009|23:49] C:\Program Files\Micro Application
   [02/01/2009|19:07] C:\Program Files\Microsoft
   [22/12/2007|21:47] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [29/11/2005|18:56] C:\Program Files\microsoft frontpage
   [10/04/2009|01:43] C:\Program Files\Microsoft Silverlight
   [21/02/2009|13:15] C:\Program Files\Microsoft SQL Server Compact Edition
   [21/02/2009|13:16] C:\Program Files\Microsoft Sync Framework
   [14/08/2008|20:00] C:\Program Files\Mindscape
   [08/08/2006|11:57] C:\Program Files\Montparnasse multimedia - GEO
   [10/04/2009|01:26] C:\Program Files\Movie Maker
   [10/04/2009|19:33] C:\Program Files\Mozilla Firefox
   [02/01/2009|18:40] C:\Program Files\MSN
   [29/11/2005|18:56] C:\Program Files\MSN Gaming Zone
   [09/04/2009|11:51] C:\Program Files\MSN Messenger
   [19/12/2007|22:25] C:\Program Files\MSXML 4.0
   [09/04/2009|15:33] C:\Program Files\Navilog1
   [10/04/2009|01:23] C:\Program Files\NetMeeting
   [22/03/2009|17:19] C:\Program Files\Nokia
   [29/11/2005|18:56] C:\Program Files\Norman
   [25/02/2008|18:11] C:\Program Files\Notepad++
   [16/02/2008|00:08] C:\Program Files\OFFICE One6.5
   [20/03/2008|11:24] C:\Program Files\orange
   [10/04/2009|01:23] C:\Program Files\Outlook Express
   [18/11/2008|22:09] C:\Program Files\Oxygene V14a
   [22/03/2009|17:14] C:\Program Files\PC Connectivity Solution
   [26/02/2008|11:28] C:\Program Files\PopUp Destroy
   [09/12/2007|13:34] C:\Program Files\QuickTime
   [16/02/2008|00:13] C:\Program Files\Readiris Pro 8
   [22/04/2006|14:18] C:\Program Files\Real
   [17/01/2008|10:44] C:\Program Files\ReflexiveArcade
   [27/02/2006|16:32] C:\Program Files\Rockstar Games
   [12/06/2007|21:58] C:\Program Files\Services en ligne
   [29/11/2005|19:00] C:\Program Files\ShowTime
   [22/03/2009|17:18] C:\Program Files\SimpleCenter
   [29/11/2005|18:56] C:\Program Files\Sonic
   [03/02/2008|02:44] C:\Program Files\Symantec
   [09/04/2009|13:21] C:\Program Files\TELE2
   [25/02/2008|01:44] C:\Program Files\Téléchargeur de FlatOut2
   [24/05/2006|12:50] C:\Program Files\TFC
   [16/02/2008|00:11] C:\Program Files\The Wonderful Wizard Of Oz
   [09/04/2009|11:46] C:\Program Files\Trend Micro
   [29/11/2005|18:56] C:\Program Files\Ulead Systems
   [29/11/2005|18:56] C:\Program Files\Uninstall Information
   [20/02/2007|11:49] C:\Program Files\Wanadoo Edition
   [09/04/2009|13:36] C:\Program Files\Windows Live
   [02/01/2009|19:06] C:\Program Files\Windows Live SkyDrive
   [29/11/2005|18:56] C:\Program Files\Windows Media Components
   [27/02/2008|18:23] C:\Program Files\Windows Media Connect 2
   [10/04/2009|01:23] C:\Program Files\Windows Media Player
   [03/01/2009|18:01] C:\Program Files\Windows NT
   [29/11/2005|18:56] C:\Program Files\WindowsUpdate
   [29/11/2005|18:56] C:\Program Files\xerox
   [09/04/2009|18:37] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [13/04/2008|14:20] C:\Program Files\Fichiers communs\Adobe
   [27/02/2008|18:28] C:\Program Files\Fichiers communs\AOL
   [22/02/2006|20:21] C:\Program Files\Fichiers communs\Borland Shared
   [11/02/2006|23:07] C:\Program Files\Fichiers communs\Hewlett-Packard
   [01/01/2008|16:11] C:\Program Files\Fichiers communs\HP
   [22/03/2009|17:18] C:\Program Files\Fichiers communs\i4j_jres
   [16/10/2007|17:29] C:\Program Files\Fichiers communs\InstallShield
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\Java
   [09/04/2009|19:50] C:\Program Files\Fichiers communs\MainConcept
   [21/02/2009|13:14] C:\Program Files\Fichiers communs\Microsoft Shared
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\MSSoap
   [22/03/2009|17:19] C:\Program Files\Fichiers communs\Nokia
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\Nullsoft
   [10/06/2008|22:50] C:\Program Files\Fichiers communs\Oberon Media
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\ODBC
   [22/03/2009|17:15] C:\Program Files\Fichiers communs\PCSuite
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\Real
   [29/11/2005|18:58] C:\Program Files\Fichiers communs\Services
   [29/11/2005|18:58] C:\Program Files\Fichiers communs\Sonic Shared
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\SpeechEngines
   [29/11/2005|18:58] C:\Program Files\Fichiers communs\SureThing Shared
   [03/02/2008|02:46] C:\Program Files\Fichiers communs\Symantec Shared
   [10/04/2009|01:23] C:\Program Files\Fichiers communs\System
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\Ulead Systems
   [02/01/2009|18:59] C:\Program Files\Fichiers communs\Windows Live
   [22/12/2007|19:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [29/11/2005|18:56] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 52 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-04-10 19:40:13
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   folder error: D:\DOCUME~1\Mireille\LOCALS~1\APPLIC~1
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:4][D:2]-> D:\DOCUME~1\Mireille\LOCALS~1\Temp
   [F:2][D:0]-> D:\DOCUME~1\Mireille\Cookies
   [F:2][D:1]-> D:\DOCUME~1\Mireille\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 10/04/2009|19:40 - Option : [1]

   --------------------\  Fin du rapport a 19:40:56


Cordialement,
romain

jlpjlp · Answer

je passe après le boulot chargé! et demain ne sera peut etre pas mieux :)

tout est dis par lyonnais92



si je n'oublie rien:
____________________

analyse ce fichier   

c:\windows\system32\sirenacm.dll

 sur virus total , si impossible sur un des deux liens suivant et colle le rapport

https://www.virustotal.com/gui/
https://virusscan.jotti.org/
http://scanner.virus.org/


et si infecté tu le rajoute dans la partie  :files de otmovit3
_______________________

télécharge OTMoveIt 
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved. 
(attention bien mettre :files)

:files
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar 
c:\windows\system32
mwcdcls.dll
c:\windows\system32\fokitape.dll
c:\windows\system32\litikusi.dll
c:\windows\system32	eyesiti.dll
c:\windows\system32\wayebomi.dll
c:\windows\system32\fibikavi.dll
c:\windows\system32\sidehole.dll
c:\windows\system32\birokone.dll
c:\windows\system32efadojo.dll 
C:\WINDOWS\system32\dulosilo.dll.tmp 
c:\windows\system32\hedafatu.dll
c:\windows\system32\dulosilo.dll
c:\windows\system32\yupabuse.dll
c:\windows\system32	ubiwewa.dll
c:\windows\system32\godidusa.dll
c:\windows\system32\gotafahu.dll
c:\windows\system32\lejivaya.dll
c:\windows\system32
ahilifo.dll
c:\windows\system32
onowoda.dll
:commands
[purity]
[emptytemp]
[start explorer]


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

_______________



pour le rapport du message 63 il faudrait le rapport complet pour voir le lieu des infections ! car les infections sont peu être dans la restauration ou ont été mises en  quarantaine  par combofix...




si il reste des infections CID/lop non trouvées par lop sd il faudra passer lop xp par exemple ou les virer avec otmovit mais il faudrait un rapport complet


bonne suite

Utilisateur anonyme · Answer

slt lyonnais 
je viens de voir ton post :) car il y'en avait eu entre temps

je m'immisce car 15 mn de recherche sur le web résolvent la majorité des fichiers

autant pour moi, dsl de ne pas avoir passé 15 min sur le web :(
la prochaine fois , je ferais attention :)

romain35 · Answer

Bonjour,

voici le rapport pour c:\windows\system32\sirenacm.dll

MD5:  e5830533c13f30407e76c0584778aa4d
First received: -
Date 2009.03.25 23:14:09 (CET) [>16D]
Résultats 0/40
Permalink: http://www.virustotal.com/fr/analisis/1d09165186c842a557fdd290dc8f9b6c

EDIT voici le rapport

========== FILES ==========
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-07-22-56-01 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-07-14-47-38 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-04-17-16-40 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-03-17-25-22 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-01-17-43-40 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-01-17-31-03 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-30-17-08-43 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-26-18-15-10 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-25-14-11-07 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-25-12-25-32 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-24-11-02-18 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-22-18-17-37 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-14-18-19-12 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-14-13-33-35 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-14-13-33-33 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-12-18-30-42 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-11-12-41-06 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-10-18-21-00 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-09-00-13-17 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-08-23-05-31 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-06-23-16-45 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-03-17-38-06 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-03-11-20-53 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-02-10-49-42 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-31-13-08-03 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-29-18-10-43 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-26-18-00-24 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-25-17-15-18 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-22-12-53-15 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-22-12-44-52 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-22-12-43-54 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-22-12-43-52 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-19-20-28-21 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-18-21-02-48 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-17-11-23-21 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-15-11-08-08 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-15-11-07-46 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-13-21-52-53 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-13-21-52-52 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-13-21-50-12 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-13-09-30-19 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-13-09-30-18 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-12-19-35-17 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-12-19-35-07 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-12-14-20-36 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-04-20-47-07 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-04-19-15-40 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-05-18-02-31 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-04-18-44-16 moved successfully.
D:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar moved successfully.
LoadLibrary failed for c:\windows\system32
mwcdcls.dll
c:\windows\system32
mwcdcls.dll NOT unregistered.
c:\windows\system32
mwcdcls.dll moved successfully.
LoadLibrary failed for c:\windows\system32\fokitape.dll
c:\windows\system32\fokitape.dll NOT unregistered.
c:\windows\system32\fokitape.dll moved successfully.
LoadLibrary failed for c:\windows\system32\litikusi.dll
c:\windows\system32\litikusi.dll NOT unregistered.
c:\windows\system32\litikusi.dll moved successfully.
LoadLibrary failed for c:\windows\system32	eyesiti.dll
c:\windows\system32	eyesiti.dll NOT unregistered.
c:\windows\system32	eyesiti.dll moved successfully.
LoadLibrary failed for c:\windows\system32\wayebomi.dll
c:\windows\system32\wayebomi.dll NOT unregistered.
c:\windows\system32\wayebomi.dll moved successfully.
LoadLibrary failed for c:\windows\system32\fibikavi.dll
c:\windows\system32\fibikavi.dll NOT unregistered.
c:\windows\system32\fibikavi.dll moved successfully.
LoadLibrary failed for c:\windows\system32\sidehole.dll
c:\windows\system32\sidehole.dll NOT unregistered.
c:\windows\system32\sidehole.dll moved successfully.
LoadLibrary failed for c:\windows\system32\birokone.dll
c:\windows\system32\birokone.dll NOT unregistered.
c:\windows\system32\birokone.dll moved successfully.
LoadLibrary failed for c:\windows\system32efadojo.dll
c:\windows\system32efadojo.dll NOT unregistered.
c:\windows\system32efadojo.dll moved successfully.
File/Folder C:\WINDOWS\system32\dulosilo.dll.tmp not found.
LoadLibrary failed for c:\windows\system32\hedafatu.dll
c:\windows\system32\hedafatu.dll NOT unregistered.
c:\windows\system32\hedafatu.dll moved successfully.
LoadLibrary failed for c:\windows\system32\dulosilo.dll
c:\windows\system32\dulosilo.dll NOT unregistered.
c:\windows\system32\dulosilo.dll moved successfully.
LoadLibrary failed for c:\windows\system32\yupabuse.dll
c:\windows\system32\yupabuse.dll NOT unregistered.
c:\windows\system32\yupabuse.dll moved successfully.
LoadLibrary failed for c:\windows\system32	ubiwewa.dll
c:\windows\system32	ubiwewa.dll NOT unregistered.
c:\windows\system32	ubiwewa.dll moved successfully.
LoadLibrary failed for c:\windows\system32\godidusa.dll
c:\windows\system32\godidusa.dll NOT unregistered.
c:\windows\system32\godidusa.dll moved successfully.
LoadLibrary failed for c:\windows\system32\gotafahu.dll
c:\windows\system32\gotafahu.dll NOT unregistered.
c:\windows\system32\gotafahu.dll moved successfully.
LoadLibrary failed for c:\windows\system32\lejivaya.dll
c:\windows\system32\lejivaya.dll NOT unregistered.
c:\windows\system32\lejivaya.dll moved successfully.
LoadLibrary failed for c:\windows\system32
ahilifo.dll
c:\windows\system32
ahilifo.dll NOT unregistered.
c:\windows\system32
ahilifo.dll moved successfully.
LoadLibrary failed for c:\windows\system32
onowoda.dll
c:\windows\system32
onowoda.dll NOT unregistered.
c:\windows\system32
onowoda.dll moved successfully.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Mireille\LOCALS~1\Temp\etilqs_NCr9zdVXaNkM4PjyNuD9 scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Mireille\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Mireille\LOCALS~1\Temp\~DF9C92.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Mireille\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_46c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_4d8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04112009_080442

Files moved on Reboot...
File move failed. D:\DOCUME~1\Mireille\LOCALS~1\Temp\etilqs_NCr9zdVXaNkM4PjyNuD9 scheduled to be moved on reboot.
File move failed. D:\DOCUME~1\Mireille\LOCALS~1\Temp\hpodvd09.log scheduled to be moved on reboot.
File move failed. D:\DOCUME~1\Mireille\LOCALS~1\Temp\~DF9C92.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS	emp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS	emp\Perflib_Perfdata_46c.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS	emp\Perflib_Perfdata_4d8.dat scheduled to be moved on reboot.
File move failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. D:\Documents and Settings\Mireille\Local Settings\Application Data\Mozilla\Firefox\Profilesssxuudy.default\XUL.mfl scheduled to be moved on reboot.


Cordialement,
romain

romain35 · Answer

Bonjour,

voici un rapport complet de Lopxp 

# Rapport Lopxp fait le 11/04/2009 à  9:07:40
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.06 - Maj du 05/02/2008



========== Listing des dossiers Application Data

+- D:\Documents and Settings\Alexandre\Application Data

 2008-06-10 à 16:23:20 - Adobe 
 2006-11-01 à 13:58:15 - AdobeUM 
 2006-08-06 à 10:27:26 - CyberLink 
 2007-12-25 à 13:47:08 - Google 
 2006-04-05 à 16:03:01 - Help 
 2008-08-14 à 11:02:14 - HP 
 2005-11-29 à 17:04:05 - Identities 
 2006-02-22 à 20:28:15 - Image Zone Express
 2006-05-02 à 14:33:00 - Leadertech 
 2006-07-26 à 09:51:53 - Macromedia 
 2009-03-01 à 12:43:13 - Microsoft 
 2008-07-15 à 19:39:28 - Mozilla 
 2009-04-07 à 17:06:55 - Nokia 
 2006-02-19 à 16:14:22 - OD2 
 2006-02-22 à 20:08:28 - OFFICE One v6
 2009-04-07 à 17:06:31 - PC Suite
 2007-04-02 à 10:22:08 - Real 
 2006-05-02 à 14:33:00 - Sonic 
 2007-12-21 à 22:03:40 - Sun 
 2006-04-19 à 12:02:35 - Symantec 
 2007-07-16 à 14:26:28 - VadeRetro 
 2008-02-03 à 18:40:30 - WildTangent 
 2005-11-29 à 17:04:06 - You've Got Pictures Screensaver

+- D:\Documents and Settings\Alexandre\Local Settings\Application Data

 2006-11-01 à 13:57:56 - Adobe 
 2008-01-05 à 23:52:59 - ApplicationHistory 
 2007-12-25 à 13:47:08 - Google 
 2006-12-24 à 13:45:35 - Help 
 2007-07-16 à 14:24:15 - Identities 
 2009-03-01 à 12:43:12 - Microsoft 
 2007-12-23 à 12:05:57 - Mozilla 
 2006-08-06 à 16:04:33 - PowerCinema 
 2007-12-26 à 11:39:17 - Turbine 
 2006-06-05 à 11:29:59 - WMTools Downloaded Files
 2005-11-29 à 17:04:06 - {3248F0A6-6813-11D6-A77B-00B0D0150020} 

+- D:\Documents and Settings\Alicia\Application Data

 2008-03-05 à 13:29:09 - Adobe 
 2006-08-17 à 15:45:17 - AdobeUM 
 2007-03-09 à 18:36:05 - CyberLink 
 2008-01-26 à 12:53:13 - Google 
 2006-02-27 à 16:11:29 - Help 
 2007-02-03 à 19:46:41 - HP 
 2005-11-29 à 17:04:05 - Identities 
 2006-02-24 à 19:15:34 - Image Zone Express
 2006-02-24 à 16:51:49 - Leadertech 
 2005-11-29 à 17:04:05 - Macromedia 
 2008-04-26 à 12:48:46 - Magic Academy
 2008-12-19 à 17:18:58 - Microsoft 
 2008-07-18 à 15:01:44 - Mozilla 
 2006-02-16 à 13:13:07 - OD2 
 2006-02-22 à 19:50:55 - OFFICE One v6
 2005-11-29 à 17:04:06 - Real 
 2006-02-24 à 16:51:50 - Sonic 
 2007-12-21 à 20:59:49 - Sun 
 2006-04-20 à 16:24:16 - Symantec 
 2006-03-18 à 18:25:27 - Ulead Systems
 2005-11-29 à 17:04:06 - You've Got Pictures Screensaver

+- D:\Documents and Settings\Alicia\Local Settings\Application Data

 2006-08-17 à 15:44:51 - Adobe 
 2005-11-29 à 17:04:06 - ApplicationHistory 
 2008-01-26 à 12:53:13 - Google 
 2006-02-27 à 16:11:29 - Help 
 2006-03-25 à 12:55:15 - Identities 
 2008-12-19 à 17:18:58 - Microsoft 
 2007-12-26 à 12:53:19 - Mozilla 
 2007-03-09 à 19:30:01 - PowerCinema 
 2005-11-29 à 17:04:06 - {3248F0A6-6813-11D6-A77B-00B0D0150020} 

+- D:\Documents and Settings\All Users\Application Data

 2009-03-22 à 15:17:03 - Adobe 
 2008-01-20 à 18:56:01 - Alawar Stargaze
 2008-01-29 à 13:34:44 - AlawarGameBox 
 2008-02-27 à 16:28:33 - AOL 
 2008-08-08 à 20:18:45 - Astar Games
 2008-04-27 à 14:55:37 - BigFishGamesCache 
 2008-03-19 à 08:28:23 - Christmasville 
 2008-02-15 à 21:53:18 - Ciel 
 2005-11-29 à 17:03:56 - CyberLink 
 2008-07-30 à 14:22:31 - eGames 
 2008-01-17 à 08:46:09 - Enkord 
 2008-01-18 à 08:21:38 - Escape From Paradise
 2008-08-04 à 19:59:19 - EscapeTheMuseum 
 2008-03-01 à 13:14:33 - F-Secure 
 2008-06-23 à 09:26:51 - Flood Light Games
 2008-02-12 à 15:32:39 - FloodLightGames 
 2008-01-30 à 17:04:40 - Friends Games
 2008-03-01 à 13:14:24 - fssg 
 2008-08-15 à 20:56:22 - GameHouse 
 2008-06-25 à 20:32:31 - Genimo 
 2008-09-16 à 08:46:38 - Gogii 
 2008-07-24 à 19:25:49 - Gogii Games
 2007-12-22 à 17:53:26 - Google 
 2008-08-01 à 21:11:30 - HiddenSecretsNightmare 
 2006-02-11 à 21:09:56 - HP 
 2008-07-02 à 14:35:22 - Intenium 
 2008-06-16 à 13:02:15 - JollyBear 
 2009-04-09 à 15:05:01 - Malwarebytes 
 2009-04-09 à 17:03:09 - Messenger Plus!
 2009-02-21 à 11:15:58 - Microsoft 
 2008-04-07 à 22:08:18 - MonteCristo 
 2008-06-12 à 14:07:58 - MumboJumbo 
 2008-06-18 à 14:40:46 - My Games
 2008-11-14 à 10:24:15 - MythPeople 
 2009-01-24 à 17:52:12 - NeptunesAdve 
 2009-03-22 à 15:19:17 - Nokia 
 2008-06-23 à 14:59:47 - Oberon Media
 2005-11-29 à 17:03:57 - OD2 
 2009-04-09 à 09:02:56 - PC Suite
 2008-08-05 à 13:39:57 - PlayFirst 
 2008-06-10 à 19:48:27 - PlayPond 
 2005-11-29 à 17:03:57 - QuickTime 
 2008-05-22 à 15:09:20 - Sandlot Games
 2005-11-29 à 17:03:57 - SBSI 
 2008-07-29 à 20:14:30 - ScreenSeven 
 2007-09-02 à 16:42:43 - Skype 
 2008-08-27 à 10:10:51 - SpinTop Games
 2008-08-08 à 21:33:03 - SugarGames 
 2008-02-03 à 00:46:37 - Symantec 
 2008-08-17 à 13:53:01 - TEMP 
 2008-02-09 à 23:03:04 - The Game Equation
 2008-03-14 à 08:35:57 - Trymedia 
 2005-11-29 à 17:04:05 - Ulead Systems
 2005-11-29 à 17:04:05 - VadeRetro 
 2008-02-15 à 22:11:34 - WildTangent 
 2007-12-22 à 17:51:57 - Windows Genuine Advantage
 2009-01-02 à 16:56:51 - WLInstaller 
 2008-03-04 à 08:24:51 - Zylom 

+- D:\Documents and Settings\Dominique\Application Data

 2008-03-17 à 20:10:12 - Adobe 
 2008-07-29 à 19:49:38 - Big Fish Games
 2006-02-22 à 17:06:26 - CyberLink 
 2008-07-31 à 15:46:33 - eGames 
 2008-03-02 à 10:13:10 - F-Secure 
 2006-02-28 à 18:23:48 - Help 
 2006-02-22 à 17:33:32 - HP 
 2008-12-19 à 12:21:50 - Identities 
 2006-02-22 à 20:46:41 - Image Zone Express
 2006-02-19 à 23:14:36 - Leadertech 
 2008-01-05 à 21:30:53 - LimeWire 
 2005-11-29 à 17:04:05 - Macromedia 
 2009-03-01 à 19:40:42 - Microsoft 
 2008-07-07 à 12:33:27 - Mozilla 
 2009-03-29 à 08:24:17 - Nokia 
 2006-02-12 à 11:19:51 - OD2 
 2006-02-22 à 18:45:43 - OFFICE One v6
 2009-03-29 à 08:24:44 - PC Suite
 2005-11-29 à 17:04:06 - Real 
 2008-07-31 à 15:46:18 - SecuROM 
 2006-02-22 à 17:10:05 - Sonic 
 2006-02-22 à 17:37:58 - Sun 
 2006-02-12 à 11:15:55 - Symantec 
 2006-05-14 à 15:19:13 - VadeRetro 
 2005-11-29 à 17:04:06 - You've Got Pictures Screensaver
 2008-12-19 à 12:21:50 - Zylom 

+- D:\Documents and Settings\Dominique\Local Settings\Application Data

 2008-03-17 à 20:10:31 - Adobe 
 2005-11-29 à 17:04:06 - ApplicationHistory 
 2006-02-28 à 18:23:48 - Help 
 2006-05-14 à 15:19:01 - Identities 
 2009-03-01 à 19:40:41 - Microsoft 
 2007-12-23 à 18:02:23 - Mozilla 
 2006-02-22 à 17:06:57 - PowerCinema 
 2005-11-29 à 17:04:06 - {3248F0A6-6813-11D6-A77B-00B0D0150020} 

+- D:\Documents and Settings\Floriane\Application Data

 2007-12-23 à 19:20:16 - Adobe 
 2006-02-28 à 15:28:07 - AdobeUM 
 2006-03-16 à 20:06:15 - CyberLink 
 2006-02-28 à 15:00:22 - Help 
 2006-05-22 à 16:11:36 - HP 
 2005-11-29 à 17:04:05 - Identities 
 2006-12-27 à 16:56:27 - Macromedia 
 2008-02-26 à 18:24:27 - Microsoft 
 2008-12-05 à 21:30:43 - Mozilla 
 2006-02-12 à 18:34:52 - OD2 
 2007-05-05 à 14:13:06 - Real 
 2006-02-16 à 08:46:49 - Sun 
 2006-04-21 à 14:21:47 - Symantec 
 2006-05-25 à 20:37:35 - Ulead Systems
 2006-03-16 à 21:05:03 - VadeRetro 
 2005-11-29 à 17:04:06 - You've Got Pictures Screensaver

+- D:\Documents and Settings\Floriane\Local Settings\Application Data

 2006-02-16 à 11:53:20 - Adobe 
 2005-11-29 à 17:04:06 - ApplicationHistory 
 2007-01-22 à 18:32:55 - Help 
 2006-03-16 à 21:04:51 - Identities 
 2008-05-04 à 20:50:57 - Microsoft 
 2007-12-23 à 12:57:00 - Mozilla 
 2006-12-09 à 18:12:24 - PowerCinema 
 2006-05-14 à 12:46:32 - WMTools Downloaded Files
 2005-11-29 à 17:04:06 - {3248F0A6-6813-11D6-A77B-00B0D0150020} 

+- D:\Documents and Settings\Invité\Application Data

 2005-11-29 à 17:04:05 - Identities 
 2005-11-29 à 17:04:05 - Macromedia 
 2005-11-29 à 17:04:05 - Microsoft 
 2005-11-29 à 17:04:06 - Real 
 2005-11-28 à 01:44:22 - Symantec 
 2005-11-29 à 17:04:06 - You've Got Pictures Screensaver

+- D:\Documents and Settings\Invité\Local Settings\Application Data

 2005-11-29 à 17:04:06 - ApplicationHistory 
 2005-11-29 à 17:04:06 - Microsoft 
 2005-11-29 à 17:04:06 - PowerCinema 
 2005-11-29 à 17:04:06 - {3248F0A6-6813-11D6-A77B-00B0D0150020} 

+- D:\Documents and Settings\Mireille\Application Data

 2008-02-10 à 22:45:09 - Abra Academy2
 2009-03-22 à 15:17:13 - Adobe 
 2006-02-27 à 13:53:51 - AdobeUM 
 2008-06-03 à 14:13:03 - AlwaysNeat 
 2008-08-19 à 10:38:51 - Ancient Quest of Saqqarah__reflexive
 2008-07-02 à 14:24:21 - Big Fish Games
 2008-11-02 à 15:15:38 - BloodTies 
 2008-02-05 à 15:17:44 - Boomzap 
 2008-11-24 à 22:35:51 - Canvas Multi-Media
 2008-02-07 à 15:49:40 - CaribbeanHideaway 
 2008-07-26 à 16:45:03 - cerasus.media 
 2006-04-21 à 12:43:30 - CyberLink 
 2008-02-09 à 21:44:00 - DiVision Studios - Escaping Atlantis
 2008-05-08 à 12:42:56 - DivX 
 2008-07-30 à 14:21:56 - eGames 
 2008-03-01 à 13:21:51 - F-Secure 
 2008-06-23 à 09:26:51 - Flood Light Games
 2008-02-12 à 15:32:39 - FloodLightGames 
 2008-06-07 à 10:21:33 - funkitron 
 2008-07-02 à 13:06:53 - Gaijin Ent
 2008-06-19 à 12:33:28 - gemsweeperextractedgfx 
 2008-06-25 à 20:28:03 - Genimo 
 2008-07-24 à 19:25:49 - Gogii Games
 2007-12-23 à 20:27:22 - Google 
 2006-02-28 à 12:48:45 - Help 
 2006-05-29 à 11:37:09 - HP 
 2009-02-26 à 09:21:16 - Identities 
 2008-06-11 à 09:29:59 - Image Zone Express
 2008-10-16 à 19:31:50 - iWin 
 2006-02-15 à 09:43:23 - Leadertech 
 2008-02-29 à 22:05:35 - LimeWire 
 2008-05-07 à 13:57:07 - Macromedia 
 2008-05-15 à 21:37:29 - Magic Academy
 2009-04-09 à 15:05:05 - Malwarebytes 
 2009-02-22 à 11:51:52 - Microsoft 
 2009-04-09 à 11:37:03 - Mozilla 
 2009-01-02 à 16:40:29 - MSNInstaller 
 2008-06-03 à 12:56:23 - MythicPearls 
 2009-03-22 à 15:47:19 - Nokia 
 2008-02-25 à 16:11:13 - Notepad++ 
 2006-02-12 à 19:02:09 - OD2 
 2007-01-22 à 12:18:36 - OFFICE One v6
 2009-03-22 à 15:16:12 - PC Suite
 2008-06-28 à 17:52:45 - Pirateville 
 2008-07-09 à 19:48:26 - PlayFirst 
 2008-03-22 à 21:44:37 - Pogo Games
 2009-03-19 à 14:00:24 - PowerChallenge 
 2008-03-15 à 18:04:09 - Printer Info Cache
 2006-10-01 à 11:48:14 - Real 
 2008-11-16 à 15:00:10 - RealArcade 
 2008-06-28 à 10:09:33 - SecuROM 
 2009-01-12 à 09:28:12 - Skip-Bo 
 2006-04-21 à 12:36:44 - Sonic 
 2008-09-19 à 12:20:24 - SpinTop Games
 2008-09-22 à 13:43:59 - SprillBermudeEng 
 2008-06-27 à 08:55:39 - SprillBermudeFr 
 2007-12-18 à 23:19:52 - Sun 
 2006-04-18 à 07:26:54 - Symantec 
 2008-08-01 à 14:36:34 - TheScruffs 
 2006-12-27 à 16:05:27 - Ulead Systems
 2008-02-01 à 06:54:20 - URSE Games
 2006-04-13 à 11:52:40 - VadeRetro 
 2009-04-10 à 09:50:44 - vlc 
 2005-11-29 à 17:04:06 - You've Got Pictures Screensaver
 2009-02-26 à 09:21:16 - Zylom 

+- D:\Documents and Settings\Mireille\Local Settings\Application Data

 2008-02-04 à 22:47:39 - 7Wonders2 
 2008-02-02 à 18:25:18 - Adobe 
 2007-12-30 à 11:56:57 - ApplicationHistory 
 2009-04-09 à 14:13:30 - Google 
 2007-11-23 à 23:08:23 - Help 
 2006-04-13 à 11:52:25 - Identities 
 2008-06-16 à 13:02:15 - JollyBear 
 2009-04-09 à 10:50:53 - Microsoft 
 2007-07-31 à 14:53:32 - MicroVision Applications
 2007-12-22 à 16:30:28 - Mozilla 
 2008-06-23 à 22:13:18 - Oberon Games
 2008-06-23 à 14:59:47 - Oberon Media
 2009-01-02 à 16:58:22 - PCHealth 
 2006-10-01 à 11:54:06 - PowerCinema 
 2008-06-17 à 08:27:11 - Powerhouse Games
 2008-07-08 à 21:08:12 - SpookyManor 
 2009-01-07 à 20:58:21 - TimeParadox 
 2007-12-30 à 11:57:02 - Turbine 
 2005-11-29 à 17:04:06 - {3248F0A6-6813-11D6-A77B-00B0D0150020} 

========== Listing du dossier Program Files

+- C:\Program Files

 2008-08-17 à 13:28:08 - 10 Jours Sous Les Mers
 2007-07-24 à 12:51:15 - 3DRTBrickBlaster 
 2008-04-27 à 13:41:22 - absolutist.com 
 2008-04-27 à 13:44:40 - Absolutist_Games 
 2009-04-09 à 16:36:50 - Ad-remover 
 2009-03-22 à 15:17:03 - Adobe 
 2009-04-10 à 09:50:51 - adslTV 
 2008-02-15 à 21:56:34 - Alawar 
 2007-12-22 à 17:00:51 - Alwil Software
 2005-11-29 à 16:56:55 - AMD 
 2006-05-16 à 15:49:53 - Another Day
 2008-05-01 à 12:57:51 - AOL Games
 2008-04-27 à 14:54:49 - bfgclient 
 2009-04-09 à 16:24:12 - CCleaner 
 2005-11-29 à 16:56:55 - ComPlus Applications
 2008-05-25 à 16:11:08 - Cossacks 
 2005-11-29 à 16:56:55 - CyberLink 
 2009-03-22 à 15:14:59 - DIFX 
 2006-03-14 à 09:48:19 - directx 
 2009-01-03 à 14:00:25 - DivX 
 2007-10-23 à 18:08:26 - DK 
 2008-03-22 à 23:44:44 - DXBall2 
 2008-02-15 à 21:55:14 - Escape From Paradise
 2009-04-09 à 18:00:39 - Fichiers communs
 2006-11-05 à 13:47:15 - Firaxis Games
 2009-04-09 à 17:39:15 - GamesBar 
 2005-11-29 à 16:56:55 - GMixon 
 2005-11-29 à 16:56:55 - Goto Software
 2006-02-11 à 21:08:33 - Hewlett-Packard 
 2008-01-01 à 14:11:27 - HP 
 2009-01-02 à 18:52:03 - InstallShield Installation Information
 2009-04-11 à 06:39:12 - Internet Explorer
 2006-02-22 à 18:22:06 - ISSENDIS 
 2009-04-09 à 09:09:46 - Java 
 2006-04-22 à 12:08:59 - Kristanix 
 2006-11-28 à 17:13:33 - Lasermedia 
 2005-11-29 à 16:56:55 - Learn2.com 
 2009-04-11 à 07:07:46 - Lopxp 
 2009-02-10 à 17:12:33 - Maxis 
 2009-04-10 à 21:51:59 - Messenger 
 2009-04-09 à 16:47:49 - Messenger Plus! Live
 2009-01-30 à 21:49:03 - Micro Application
 2009-01-02 à 17:07:21 - Microsoft 
 2007-12-22 à 19:47:58 - Microsoft CAPICOM 2.1.0.2
 2005-11-29 à 16:56:55 - microsoft frontpage
 2009-04-09 à 23:43:24 - Microsoft Silverlight
 2009-02-21 à 11:15:20 - Microsoft SQL Server Compact Edition
 2009-02-21 à 11:16:07 - Microsoft Sync Framework
 2008-08-14 à 18:00:14 - Mindscape 
 2006-08-08 à 09:57:14 - Montparnasse multimedia - GEO
 2009-04-09 à 23:26:01 - Movie Maker
 2009-04-11 à 06:49:03 - Mozilla Firefox
 2009-01-02 à 16:40:31 - MSN 
 2005-11-29 à 16:56:55 - MSN Gaming Zone
 2009-04-09 à 09:51:19 - MSN Messenger
 2007-12-19 à 20:25:35 - MSXML 4.0
 2009-04-09 à 13:33:31 - Navilog1 
 2009-04-09 à 23:23:43 - NetMeeting 
 2009-03-22 à 15:19:14 - Nokia 
 2005-11-29 à 16:56:55 - Norman 
 2008-02-25 à 16:11:13 - Notepad++ 
 2008-02-15 à 22:08:32 - OFFICE One6.5
 2008-03-20 à 09:24:44 - orange 
 2009-04-09 à 23:23:39 - Outlook Express
 2008-11-18 à 20:09:24 - Oxygene V14a
 2009-03-22 à 15:14:41 - PC Connectivity Solution
 2008-02-26 à 09:28:25 - PopUp Destroy
 2007-12-09 à 11:34:10 - QuickTime 
 2008-02-15 à 22:13:14 - Readiris Pro 8
 2006-04-22 à 12:18:43 - Real 
 2008-01-17 à 08:44:37 - ReflexiveArcade 
 2006-02-27 à 14:32:58 - Rockstar Games
 2007-06-12 à 19:58:20 - Services en ligne
 2005-11-29 à 17:00:43 - ShowTime 
 2009-03-22 à 15:18:56 - SimpleCenter 
 2005-11-29 à 16:56:55 - Sonic 
 2008-02-03 à 00:44:48 - Symantec 
 2009-04-09 à 11:21:45 - TELE2 
 2006-05-24 à 10:50:45 - TFC 
 2008-02-15 à 22:11:04 - The Wonderful Wizard Of Oz
 2009-04-09 à 09:46:28 - Trend Micro
 2008-02-24 à 23:44:59 - Téléchargeur de FlatOut2
 2005-11-29 à 16:56:55 - Ulead Systems
 2005-11-29 à 16:56:55 - Uninstall Information
 2007-02-20 à 09:49:34 - Wanadoo Edition
 2009-04-09 à 11:36:06 - Windows Live
 2009-01-02 à 17:06:52 - Windows Live SkyDrive
 2005-11-29 à 16:56:55 - Windows Media Components
 2008-02-27 à 16:23:08 - Windows Media Connect 2
 2009-04-09 à 23:23:40 - Windows Media Player
 2009-01-03 à 16:01:55 - Windows NT
 2005-11-29 à 16:56:55 - WindowsUpdate 
 2005-11-29 à 16:56:55 - xerox 
 2009-04-09 à 16:37:19 - Zylom Games

========== Tâches planifiées

Aucune tâche planifiée détecté.

========== Clés registre


========== Bloqueur popups Internet Explorer

Blocage des popups non géré par cette version du navigateur.

==========    Suggestion ( /!\ Nécessite une interprétation.)    ==========


+- Registre : Aucune suggestion.


- Fin du rapport -


Cordialement,
romain

jlpjlp · Answer

colle le rapport d'un scan en ligne 
avec un des suivants: 


et cette fois mets le rapport entier pour voir les fichiers infectés  et dis tes soucis actuels

bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Comment enlever la pub CID

68 réponses

Discussions similaires

Newsletters