HI jack this for me
Fermé
Aurel
-
22 sept. 2009 à 21:50
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 27 sept. 2009 à 18:41
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 27 sept. 2009 à 18:41
A voir également:
- HI jack this for me
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Copytrans heic for windows - Télécharger - Visionnage & Diaporama
- Download instagram for pc - Télécharger - Divers Communication
- Idm for mac - Télécharger - Téléchargement & Transfert
- Saveaspdf.exe for office 2007 - Télécharger - Bureautique
20 réponses
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
22 sept. 2009 à 22:48
22 sept. 2009 à 22:48
bonjour, tu peux poster le sacn hijackthis si il est fais , mais perso je préfèrerais un RSIT qui nous en montre plus
• Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
ps:Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
Tutoriel pour t'aider
• Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
ps:Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
Tutoriel pour t'aider
kduc
Messages postés
1462
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
1 novembre 2011
133
22 sept. 2009 à 22:51
22 sept. 2009 à 22:51
Salut,
Ca m' a tout l' air d' être une variante de Vundo !
---
Fais un clic droit sur le lien pour installer SDFix (par AndyManchesta) :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.
Important : dans "Nom du fichier" enregistre (renomme) "sdfix" ou "SdFix.exe" en sd-fix.exe
Redémarre en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.htm
(de préférence par F8 au démarrage).
--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.
--------------------------------------------
Sur le bureau, double-clique sur sd-fix.exe et choisis Install pour l'extraire sur le Bureau.
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur
RunThis.cmd (ou RunThis.bat) pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre des trojans trouvés puis te
demandera d'appuyer sur une touche pour redémarrer. Fais-le.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va
continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera
aussi dans le dossier SDFix sous le nom Report.txt.
Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
Tuto : https://www.malekal.com/slenfbot-still-an-other-irc-bot/
---
Ensuite, télécharge, installe et mets à jour Malwarebytes Anti-Malwares …
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.
PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
puis sur Supprimer la sélection.
Ca m' a tout l' air d' être une variante de Vundo !
---
Fais un clic droit sur le lien pour installer SDFix (par AndyManchesta) :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.
Important : dans "Nom du fichier" enregistre (renomme) "sdfix" ou "SdFix.exe" en sd-fix.exe
Redémarre en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.htm
(de préférence par F8 au démarrage).
--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.
--------------------------------------------
Sur le bureau, double-clique sur sd-fix.exe et choisis Install pour l'extraire sur le Bureau.
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur
RunThis.cmd (ou RunThis.bat) pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre des trojans trouvés puis te
demandera d'appuyer sur une touche pour redémarrer. Fais-le.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va
continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera
aussi dans le dossier SDFix sous le nom Report.txt.
Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
Tuto : https://www.malekal.com/slenfbot-still-an-other-irc-bot/
---
Ensuite, télécharge, installe et mets à jour Malwarebytes Anti-Malwares …
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.
PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
puis sur Supprimer la sélection.
salut !
voici les 2 rapports demandés par jacques, je ne connais pas encore ta réponse, mais les fichiers DLL du 20/09 affichés sur le log ont l'air d'etre la source du problème. :)
Aujourd'hui, le trojan n'a pas voulu s'exécuter ! Par contre, les pop-ups sont toujours là, et bizarrerie extraordinaire : quand je veux taper un accent circonflexe, il m'affiche l'accent sans que je puisse taper la lettre...><
info.txt logfile of random's system information tool 1.06 2009-09-25 16:47:40
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
ALLCapture 3.0 Essai-->"C:\Program Files\ALLCapture 3.0 Essai\unins000.exe"
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
Burn4Free Toolbar-->"C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6906.exe" _?=C:\Program Files\Burn4Free Toolbar
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Energy Saver Advance B8.0711.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly
EVGA Precision 1.3.3-->"C:\Program Files\EVGA Precision\uninstall.exe"
Favorit-->"c:\documents and settings\aurel\local settings\application data\icyms.exe" -uninstall
Fish & Shark of Poker V0.2.1-->"C:\Program Files\Fish&SharkOfPoker V0.2\unins000.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Free Pascal 2.0.0-->"C:\FPC\2.0.0\unins000.exe"
Friendly PPPoE v3.0.0.26-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\FRIEND~1\BROADB~1
G.O.M-->C:\WINDOWS\system32\usetup.exe \C:\Program Files\
Geany 0.16-->C:\Program Files\Geany\uninst.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Maple 12-->"C:\Program Files\Maple 12\Uninstall_Maple 12\Uninstall Maple 12.exe"
Mathematics V10 FREE Download-->MsiExec.exe /X{4BC0AC6E-A5AD-4D43-9F69-3B319792AA46}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mikogo-->C:\Documents and Settings\Aurel\Application Data\Mikogo\remover.exe
mIRC-->"C:\Program Files\SyllabiK\mirc.exe" -uninstall
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PokerStove version 1.23-->"C:\Program Files\PokerStove\unins000.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
Pro Evolution Soccer 2010 DEMO-->MsiExec.exe /X{1F126EDC-DA29-4D5B-80DF-735252475FEE}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
RecFree toolbar powered by Ask.com-->"C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\uninstall.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SeekService 1.0 build 129-->C:\Program Files\SeekService\uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sky-Tech Patch 3.0 Update 3.0-->C:\Program Files\KONAMI\Pro Evolution Soccer 2009\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Manager B08.0515.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E25C468-7745-4051-8B37-4A2C6635BA8B}
USB MODEM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
VLC media player 1.0.1-->C:\Program Files\VLC\uninstall.exe
vlnet1.com - SiteVacuum-->C:\Program Files\EasySearch\uninst.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: AUREL-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 7236
Source Name: Tcpip
Time Written: 20090814154207.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 7233
Source Name: Tcpip
Time Written: 20090814150712.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001FD0A4C35F. The IP address being used is 169.254.163.178.
Record Number: 7230
Source Name: Dhcp
Time Written: 20090814095326.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 7197
Source Name: Tcpip
Time Written: 20090813154721.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001FD0A4C35F. The IP address being used is 169.254.163.178.
Record Number: 7196
Source Name: Dhcp
Time Written: 20090813105503.000000+120
Event Type: warning
User:
=====Application event log=====
Computer Name: AUREL-PC
Event Code: 1002
Message: Hanging application Empire.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 229
Source Name: Application Hang
Time Written: 20090328152517.000000+060
Event Type: error
User:
Computer Name: AUREL-PC
Event Code: 3006
Message: Error reading log event record.
Handle specified is 665080. Return code from ReadEventLog is 122.
Record Number: 228
Source Name: EvntAgnt
Time Written: 20090328131001.000000+060
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.
Record Number: 225
Source Name: EvntAgnt
Time Written: 20090328130934.000000+060
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .
Record Number: 224
Source Name: EvntAgnt
Time Written: 20090328130934.000000+060
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1000
Message: Faulting application empire.exe, version 1.0.0.0, faulting module mss32.dll, version 7.2.4.0, fault address 0x0007a965.
Record Number: 222
Source Name: Application Error
Time Written: 20090328115814.000000+060
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\watcom-1.3\binnt;C:\watcom-1.3\binw;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"KMP_DUPLICATE_LIB_OK"=TRUE
"WATCOM"=C:\watcom-1.3
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
-----------------EOF-----------------
voici les 2 rapports demandés par jacques, je ne connais pas encore ta réponse, mais les fichiers DLL du 20/09 affichés sur le log ont l'air d'etre la source du problème. :)
Aujourd'hui, le trojan n'a pas voulu s'exécuter ! Par contre, les pop-ups sont toujours là, et bizarrerie extraordinaire : quand je veux taper un accent circonflexe, il m'affiche l'accent sans que je puisse taper la lettre...><
info.txt logfile of random's system information tool 1.06 2009-09-25 16:47:40
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
ALLCapture 3.0 Essai-->"C:\Program Files\ALLCapture 3.0 Essai\unins000.exe"
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
Burn4Free Toolbar-->"C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6906.exe" _?=C:\Program Files\Burn4Free Toolbar
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Energy Saver Advance B8.0711.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly
EVGA Precision 1.3.3-->"C:\Program Files\EVGA Precision\uninstall.exe"
Favorit-->"c:\documents and settings\aurel\local settings\application data\icyms.exe" -uninstall
Fish & Shark of Poker V0.2.1-->"C:\Program Files\Fish&SharkOfPoker V0.2\unins000.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Free Pascal 2.0.0-->"C:\FPC\2.0.0\unins000.exe"
Friendly PPPoE v3.0.0.26-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\FRIEND~1\BROADB~1
G.O.M-->C:\WINDOWS\system32\usetup.exe \C:\Program Files\
Geany 0.16-->C:\Program Files\Geany\uninst.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Maple 12-->"C:\Program Files\Maple 12\Uninstall_Maple 12\Uninstall Maple 12.exe"
Mathematics V10 FREE Download-->MsiExec.exe /X{4BC0AC6E-A5AD-4D43-9F69-3B319792AA46}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mikogo-->C:\Documents and Settings\Aurel\Application Data\Mikogo\remover.exe
mIRC-->"C:\Program Files\SyllabiK\mirc.exe" -uninstall
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PokerStove version 1.23-->"C:\Program Files\PokerStove\unins000.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
Pro Evolution Soccer 2010 DEMO-->MsiExec.exe /X{1F126EDC-DA29-4D5B-80DF-735252475FEE}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
RecFree toolbar powered by Ask.com-->"C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\uninstall.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SeekService 1.0 build 129-->C:\Program Files\SeekService\uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sky-Tech Patch 3.0 Update 3.0-->C:\Program Files\KONAMI\Pro Evolution Soccer 2009\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Manager B08.0515.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E25C468-7745-4051-8B37-4A2C6635BA8B}
USB MODEM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
VLC media player 1.0.1-->C:\Program Files\VLC\uninstall.exe
vlnet1.com - SiteVacuum-->C:\Program Files\EasySearch\uninst.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: AUREL-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 7236
Source Name: Tcpip
Time Written: 20090814154207.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 7233
Source Name: Tcpip
Time Written: 20090814150712.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001FD0A4C35F. The IP address being used is 169.254.163.178.
Record Number: 7230
Source Name: Dhcp
Time Written: 20090814095326.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 7197
Source Name: Tcpip
Time Written: 20090813154721.000000+120
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001FD0A4C35F. The IP address being used is 169.254.163.178.
Record Number: 7196
Source Name: Dhcp
Time Written: 20090813105503.000000+120
Event Type: warning
User:
=====Application event log=====
Computer Name: AUREL-PC
Event Code: 1002
Message: Hanging application Empire.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 229
Source Name: Application Hang
Time Written: 20090328152517.000000+060
Event Type: error
User:
Computer Name: AUREL-PC
Event Code: 3006
Message: Error reading log event record.
Handle specified is 665080. Return code from ReadEventLog is 122.
Record Number: 228
Source Name: EvntAgnt
Time Written: 20090328131001.000000+060
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.
Record Number: 225
Source Name: EvntAgnt
Time Written: 20090328130934.000000+060
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .
Record Number: 224
Source Name: EvntAgnt
Time Written: 20090328130934.000000+060
Event Type: warning
User:
Computer Name: AUREL-PC
Event Code: 1000
Message: Faulting application empire.exe, version 1.0.0.0, faulting module mss32.dll, version 7.2.4.0, fault address 0x0007a965.
Record Number: 222
Source Name: Application Error
Time Written: 20090328115814.000000+060
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\watcom-1.3\binnt;C:\watcom-1.3\binw;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"KMP_DUPLICATE_LIB_OK"=TRUE
"WATCOM"=C:\watcom-1.3
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Aurel at 2009-09-25 16:47:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 811 GB (85%) free of 954 GB
Total RAM: 3326 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:37, on 25.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\PSIService.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\SeekService\seekservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RecvMessage.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aurel\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Aurel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://fr.ask.com/?o=0&l=dir&ad=dirN{searchTerms}&o=14482&l=dis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Super-Search - search like an expert - {B88F0A3B-663C-4342-A7CE-2D6F81032897} - C:\PROGRA~1\EASYSE~1\BHO\4SUPER~1.DLL (file missing)
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\8GOOGL~1.DLL (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escort.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e4d02059-c4eb-4079-8b5a-22a5eff3b3b9} - wavenimu.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll (file missing)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [tray2] C:\WINDOWS\system32\CML.exe
O4 - HKLM\..\Run: [tray3] C:\WINDOWS\system32\RecvMessage.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteVacuum] C:\Program Files\EasySearch\SiteVacuumClient.exe
O4 - HKLM\..\Run: [pududejuy] Rundll32.exe "c:\windows\system32\rokeyuki.dll",a
O4 - HKLM\..\Run: [mimeriyiwe] Rundll32.exe "huholapu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [icyms] "c:\documents and settings\aurel\local settings\application data\icyms.exe" icyms
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-746137067-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E7A162C-2A90-476F-B547-5DC4EF6BA2DF}: NameServer = 86.64.145.145 84.103.237.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\gelapele.dll c:\windows\system32\nuyimuto.dll c:\windows\system32\rokeyuki.dll,meruyuva.dll
O21 - SSODL: pularegaf - {c0b45aec-d38e-49bf-959d-4243e6c00104} - c:\windows\system32\gelapele.dll (file missing)
O21 - SSODL: fokehuvew - {aee438cc-93bb-4d18-9685-d0bee49171a8} - c:\windows\system32\lohulatu.dll
O21 - SSODL: kebobumok - {321f8633-d716-4fb7-9052-398bb232edc8} - c:\windows\system32\rokeyuki.dll
O22 - SharedTaskScheduler: kupuhivus - {c0b45aec-d38e-49bf-959d-4243e6c00104} - c:\windows\system32\gelapele.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {aee438cc-93bb-4d18-9685-d0bee49171a8} - c:\windows\system32\lohulatu.dll
O22 - SharedTaskScheduler: mujuzedij - {321f8633-d716-4fb7-9052-398bb232edc8} - c:\windows\system32\rokeyuki.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Aurel\Application Data\Mikogo\B-Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Run by Aurel at 2009-09-25 16:47:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 811 GB (85%) free of 954 GB
Total RAM: 3326 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:37, on 25.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\PSIService.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\SeekService\seekservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RecvMessage.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aurel\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Aurel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://fr.ask.com/?o=0&l=dir&ad=dirN{searchTerms}&o=14482&l=dis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Super-Search - search like an expert - {B88F0A3B-663C-4342-A7CE-2D6F81032897} - C:\PROGRA~1\EASYSE~1\BHO\4SUPER~1.DLL (file missing)
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\8GOOGL~1.DLL (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escort.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e4d02059-c4eb-4079-8b5a-22a5eff3b3b9} - wavenimu.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll (file missing)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [tray2] C:\WINDOWS\system32\CML.exe
O4 - HKLM\..\Run: [tray3] C:\WINDOWS\system32\RecvMessage.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteVacuum] C:\Program Files\EasySearch\SiteVacuumClient.exe
O4 - HKLM\..\Run: [pududejuy] Rundll32.exe "c:\windows\system32\rokeyuki.dll",a
O4 - HKLM\..\Run: [mimeriyiwe] Rundll32.exe "huholapu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [icyms] "c:\documents and settings\aurel\local settings\application data\icyms.exe" icyms
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-746137067-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E7A162C-2A90-476F-B547-5DC4EF6BA2DF}: NameServer = 86.64.145.145 84.103.237.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\gelapele.dll c:\windows\system32\nuyimuto.dll c:\windows\system32\rokeyuki.dll,meruyuva.dll
O21 - SSODL: pularegaf - {c0b45aec-d38e-49bf-959d-4243e6c00104} - c:\windows\system32\gelapele.dll (file missing)
O21 - SSODL: fokehuvew - {aee438cc-93bb-4d18-9685-d0bee49171a8} - c:\windows\system32\lohulatu.dll
O21 - SSODL: kebobumok - {321f8633-d716-4fb7-9052-398bb232edc8} - c:\windows\system32\rokeyuki.dll
O22 - SharedTaskScheduler: kupuhivus - {c0b45aec-d38e-49bf-959d-4243e6c00104} - c:\windows\system32\gelapele.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {aee438cc-93bb-4d18-9685-d0bee49171a8} - c:\windows\system32\lohulatu.dll
O22 - SharedTaskScheduler: mujuzedij - {321f8633-d716-4fb7-9052-398bb232edc8} - c:\windows\system32\rokeyuki.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Aurel\Application Data\Mikogo\B-Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
25 sept. 2009 à 18:03
25 sept. 2009 à 18:03
Aurel bonjour, tu as de grosses infections tu fais ce qui suis dans l'ordre , tu fais OTM et tu postes le rapport , tu fais toolsbarS&D option 1 et 2 et tu postes les rapports au fure et à mesure, tu fais le nettoyage avec ccleaner , et puis tu passeras malwarebytes tu postes le rapport suivi d'un nouveau log.tx de RSIT , Merci et si tu as un problème pendant cela tu reviens ici et on verra cela !!
1) fais OTM
Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
Double-clique sur OTM.exe pour le lancer.Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:processes
explorer.exe
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"icyms"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pularegaf"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fokehuvew"=-
:files
c:\program files\seekservice\seekservice.exe
c:\windows\system32\sdra64.exe
c:\documents and settings\aurel\local settings\application data\icyms.exe
c:\windows\system32\gelapele.dll
c:\windows\system32\lohulatu.dll
c:\windows\system32\lohulatu.dll
c:\windows\system32\wavenimu.dll
c:\documents and settings\aurel\local settings\application data\icyms.exe
c:\windows\system32\lohulatu.dll
c:\windows\system32\lohulatu.dll
c:\program files\seekservice\seekservice.exe
c:\windows\system32\tovituta.dll
c:\windows\system32\toteduba.dll
c:\windows\system32\rutihuku.dll
c:\windows\system32\hopawiki.dll
c:\windows\system32\mebokewe.dll
c:\windows\system32\hisozopa.dll
c:\windows\system32\gewofawu.dll
c:\windows\system32\lohulatu.dll
c:\windows\system32\mufokuvo.dll
c:\windows\system32\dajufiwe.dll
c:\windows\system32\todolaze.dll
c:\windows\system32\gobewowi.dll
c:\windows\system32\yolufeta.dll
c:\windows\system32\yikujode.dll
:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTM\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
2) fais toolbar option 1 et 2
Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
Suppression option 2
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
3) redémarres ton pc et passes ccleaner avec les réglages donnés
télécharges Ccleaner à partir de cette adresses
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ou plus ici: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96
4) tu fais un examen complet du pc avec malwarbytes attention il dure près de 2h
Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc si il le fait pas lui même
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
5) tu relances RSIT et tu poste le rapport log.txt
1) fais OTM
Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
Double-clique sur OTM.exe pour le lancer.Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:processes
explorer.exe
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"icyms"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pularegaf"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fokehuvew"=-
:files
c:\program files\seekservice\seekservice.exe
c:\windows\system32\sdra64.exe
c:\documents and settings\aurel\local settings\application data\icyms.exe
c:\windows\system32\gelapele.dll
c:\windows\system32\lohulatu.dll
c:\windows\system32\lohulatu.dll
c:\windows\system32\wavenimu.dll
c:\documents and settings\aurel\local settings\application data\icyms.exe
c:\windows\system32\lohulatu.dll
c:\windows\system32\lohulatu.dll
c:\program files\seekservice\seekservice.exe
c:\windows\system32\tovituta.dll
c:\windows\system32\toteduba.dll
c:\windows\system32\rutihuku.dll
c:\windows\system32\hopawiki.dll
c:\windows\system32\mebokewe.dll
c:\windows\system32\hisozopa.dll
c:\windows\system32\gewofawu.dll
c:\windows\system32\lohulatu.dll
c:\windows\system32\mufokuvo.dll
c:\windows\system32\dajufiwe.dll
c:\windows\system32\todolaze.dll
c:\windows\system32\gobewowi.dll
c:\windows\system32\yolufeta.dll
c:\windows\system32\yikujode.dll
:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTM\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
2) fais toolbar option 1 et 2
Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
Suppression option 2
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
3) redémarres ton pc et passes ccleaner avec les réglages donnés
télécharges Ccleaner à partir de cette adresses
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ou plus ici: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96
4) tu fais un examen complet du pc avec malwarbytes attention il dure près de 2h
Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc si il le fait pas lui même
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
5) tu relances RSIT et tu poste le rapport log.txt
1) OTM : au beau milieu de la suppression, avira m'avertit :
Virus or unwanted program 'TR/Dldr.FraudLoa.WD [trojan]'
detected in file 'C:\WINDOWS\system32\hopawiki.dll.
Action performed: Deny access
voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\icyms deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pularegaf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fokehuvew deleted successfully.
========== FILES ==========
c:\program files\seekservice\seekservice.exe moved successfully.
File/Folder c:\windows\system32\sdra64.exe not found.
File/Folder c:\documents and settings\aurel\local settings\application data\icyms.exe not found.
File/Folder c:\windows\system32\gelapele.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\lohulatu.dll
c:\windows\system32\lohulatu.dll NOT unregistered.
c:\windows\system32\lohulatu.dll moved successfully.
File/Folder c:\windows\system32\lohulatu.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\wavenimu.dll
c:\windows\system32\wavenimu.dll NOT unregistered.
c:\windows\system32\wavenimu.dll moved successfully.
File/Folder c:\documents and settings\aurel\local settings\application data\icyms.exe not found.
File/Folder c:\windows\system32\lohulatu.dll not found.
File/Folder c:\windows\system32\lohulatu.dll not found.
File/Folder c:\program files\seekservice\seekservice.exe not found.
DllUnregisterServer procedure not found in c:\windows\system32\tovituta.dll
c:\windows\system32\tovituta.dll NOT unregistered.
c:\windows\system32\tovituta.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\toteduba.dll
c:\windows\system32\toteduba.dll NOT unregistered.
c:\windows\system32\toteduba.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rutihuku.dll
c:\windows\system32\rutihuku.dll NOT unregistered.
c:\windows\system32\rutihuku.dll moved successfully.
LoadLibrary failed for c:\windows\system32\hopawiki.dll
c:\windows\system32\hopawiki.dll NOT unregistered.
c:\windows\system32\hopawiki.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\mebokewe.dll
c:\windows\system32\mebokewe.dll NOT unregistered.
c:\windows\system32\mebokewe.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hisozopa.dll
c:\windows\system32\hisozopa.dll NOT unregistered.
c:\windows\system32\hisozopa.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\gewofawu.dll
c:\windows\system32\gewofawu.dll NOT unregistered.
c:\windows\system32\gewofawu.dll moved successfully.
File/Folder c:\windows\system32\lohulatu.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\mufokuvo.dll
c:\windows\system32\mufokuvo.dll NOT unregistered.
c:\windows\system32\mufokuvo.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\dajufiwe.dll
c:\windows\system32\dajufiwe.dll NOT unregistered.
c:\windows\system32\dajufiwe.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\todolaze.dll
c:\windows\system32\todolaze.dll NOT unregistered.
c:\windows\system32\todolaze.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\gobewowi.dll
c:\windows\system32\gobewowi.dll NOT unregistered.
c:\windows\system32\gobewowi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yolufeta.dll
c:\windows\system32\yolufeta.dll NOT unregistered.
c:\windows\system32\yolufeta.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yikujode.dll
c:\windows\system32\yikujode.dll NOT unregistered.
c:\windows\system32\yikujode.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Aurel
->Temp folder emptied: 4500997 bytes
->Temporary Internet Files folder emptied: 50909131 bytes
->Java cache emptied: 22984655 bytes
->FireFox cache emptied: 56653148 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 693371 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\NV9882992.TMP folder deleted successfully.
%systemroot% .tmp files removed: 490290 bytes
File delete failed. C:\WINDOWS\System32\rifediga.dll.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\solenoda.dll.tmp scheduled to be deleted on reboot.
%systemroot%\System32 .tmp files removed: 4228625 bytes
Windows Temp folder emptied: 976491 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 135.01 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09252009_202348
Files moved on Reboot...
C:\WINDOWS\System32\rifediga.dll.tmp moved successfully.
C:\WINDOWS\System32\solenoda.dll.tmp moved successfully.
Registry entries deleted on Reboot...
Virus or unwanted program 'TR/Dldr.FraudLoa.WD [trojan]'
detected in file 'C:\WINDOWS\system32\hopawiki.dll.
Action performed: Deny access
voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\icyms deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pularegaf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fokehuvew deleted successfully.
========== FILES ==========
c:\program files\seekservice\seekservice.exe moved successfully.
File/Folder c:\windows\system32\sdra64.exe not found.
File/Folder c:\documents and settings\aurel\local settings\application data\icyms.exe not found.
File/Folder c:\windows\system32\gelapele.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\lohulatu.dll
c:\windows\system32\lohulatu.dll NOT unregistered.
c:\windows\system32\lohulatu.dll moved successfully.
File/Folder c:\windows\system32\lohulatu.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\wavenimu.dll
c:\windows\system32\wavenimu.dll NOT unregistered.
c:\windows\system32\wavenimu.dll moved successfully.
File/Folder c:\documents and settings\aurel\local settings\application data\icyms.exe not found.
File/Folder c:\windows\system32\lohulatu.dll not found.
File/Folder c:\windows\system32\lohulatu.dll not found.
File/Folder c:\program files\seekservice\seekservice.exe not found.
DllUnregisterServer procedure not found in c:\windows\system32\tovituta.dll
c:\windows\system32\tovituta.dll NOT unregistered.
c:\windows\system32\tovituta.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\toteduba.dll
c:\windows\system32\toteduba.dll NOT unregistered.
c:\windows\system32\toteduba.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rutihuku.dll
c:\windows\system32\rutihuku.dll NOT unregistered.
c:\windows\system32\rutihuku.dll moved successfully.
LoadLibrary failed for c:\windows\system32\hopawiki.dll
c:\windows\system32\hopawiki.dll NOT unregistered.
c:\windows\system32\hopawiki.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\mebokewe.dll
c:\windows\system32\mebokewe.dll NOT unregistered.
c:\windows\system32\mebokewe.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hisozopa.dll
c:\windows\system32\hisozopa.dll NOT unregistered.
c:\windows\system32\hisozopa.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\gewofawu.dll
c:\windows\system32\gewofawu.dll NOT unregistered.
c:\windows\system32\gewofawu.dll moved successfully.
File/Folder c:\windows\system32\lohulatu.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\mufokuvo.dll
c:\windows\system32\mufokuvo.dll NOT unregistered.
c:\windows\system32\mufokuvo.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\dajufiwe.dll
c:\windows\system32\dajufiwe.dll NOT unregistered.
c:\windows\system32\dajufiwe.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\todolaze.dll
c:\windows\system32\todolaze.dll NOT unregistered.
c:\windows\system32\todolaze.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\gobewowi.dll
c:\windows\system32\gobewowi.dll NOT unregistered.
c:\windows\system32\gobewowi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yolufeta.dll
c:\windows\system32\yolufeta.dll NOT unregistered.
c:\windows\system32\yolufeta.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yikujode.dll
c:\windows\system32\yikujode.dll NOT unregistered.
c:\windows\system32\yikujode.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Aurel
->Temp folder emptied: 4500997 bytes
->Temporary Internet Files folder emptied: 50909131 bytes
->Java cache emptied: 22984655 bytes
->FireFox cache emptied: 56653148 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 693371 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\NV9882992.TMP folder deleted successfully.
%systemroot% .tmp files removed: 490290 bytes
File delete failed. C:\WINDOWS\System32\rifediga.dll.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\solenoda.dll.tmp scheduled to be deleted on reboot.
%systemroot%\System32 .tmp files removed: 4228625 bytes
Windows Temp folder emptied: 976491 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 135.01 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09252009_202348
Files moved on Reboot...
C:\WINDOWS\System32\rifediga.dll.tmp moved successfully.
C:\WINDOWS\System32\solenoda.dll.tmp moved successfully.
Registry entries deleted on Reboot...
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
25 sept. 2009 à 20:47
25 sept. 2009 à 20:47
ok , continu avec toolbar , je pense que otm et le script on remué la merde sur le pc et antivir au passage a repérré hopawiki.dll.
OK !!!
Voici le rapport de toolbar :
c'est marrant, burn4free est un logiciel de gravure que j'ai téléchargé sur comment-ca-marche !
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
BIOS : Award Modular BIOS v6.00PG
USER : Aurel ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:931 Go (Free:790 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 25.09.2009|20:42 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Burn4Free
C:\Program Files\Burn4Free\bass.dll
C:\Program Files\Burn4Free\basscd.dll
C:\Program Files\Burn4Free\bassflac.dll
C:\Program Files\Burn4Free\basswma.dll
C:\Program Files\Burn4Free\basswv.dll
C:\Program Files\Burn4Free\bass_ape.dll
C:\Program Files\Burn4Free\bass_mpc.dll
C:\Program Files\Burn4Free\BURN4FREE.CFG
C:\Program Files\Burn4Free\Burn4Free.exe
C:\Program Files\Burn4Free\languages
C:\Program Files\Burn4Free\license.txt
C:\Program Files\Burn4Free\queue
C:\Program Files\Burn4Free\temp
C:\Program Files\Burn4Free\uninstall.exe
C:\Program Files\Burn4Free\wav
C:\Program Files\Burn4Free\languages\ARABIC.INI
C:\Program Files\Burn4Free\languages\BELARUSSIAN.INI
C:\Program Files\Burn4Free\languages\CATALAN.INI
C:\Program Files\Burn4Free\languages\CHINESEBIG5.INI
C:\Program Files\Burn4Free\languages\CHINESEGB.INI
C:\Program Files\Burn4Free\languages\CROATIAN_FUN.INI
C:\Program Files\Burn4Free\languages\CZECH.INI
C:\Program Files\Burn4Free\languages\DUTCH.INI
C:\Program Files\Burn4Free\languages\ENGLISH.INI
C:\Program Files\Burn4Free\languages\FRENCH.INI
C:\Program Files\Burn4Free\languages\GALEGO.INI
C:\Program Files\Burn4Free\languages\GERMAN.INI
C:\Program Files\Burn4Free\languages\GERMAN_2.INI
C:\Program Files\Burn4Free\languages\HEBREW.INI
C:\Program Files\Burn4Free\languages\HELLENIC.INI
C:\Program Files\Burn4Free\languages\ITALIANO.INI
C:\Program Files\Burn4Free\languages\JAPANESE.INI
C:\Program Files\Burn4Free\languages\KOREAN.INI
C:\Program Files\Burn4Free\languages\LITHUANIAN.INI
C:\Program Files\Burn4Free\languages\MACEDONIAN.INI
C:\Program Files\Burn4Free\languages\MAGYAR.INI
C:\Program Files\Burn4Free\languages\NORSK.INI
C:\Program Files\Burn4Free\languages\POLISH.INI
C:\Program Files\Burn4Free\languages\PORTUGUESE.INI
C:\Program Files\Burn4Free\languages\ROMANA.INI
C:\Program Files\Burn4Free\languages\RUSSIAN.INI
C:\Program Files\Burn4Free\languages\RUSSIAN_2.INI
C:\Program Files\Burn4Free\languages\SERBIAN.INI
C:\Program Files\Burn4Free\languages\SLOVAK.INI
C:\Program Files\Burn4Free\languages\SLOVENIAN.INI
C:\Program Files\Burn4Free\languages\SPANISH.INI
C:\Program Files\Burn4Free\languages\SUOMI.INI
C:\Program Files\Burn4Free\languages\SVENSKA.INI
C:\Program Files\Burn4Free\languages\TURKISH.INI
C:\Program Files\Burn4Free\languages\UKRAINIAN.INI
C:\Program Files\Burn4Free\languages\VALENCIAN.INI
C:\DOCUME~1\Aurel\Desktop\burn4free_setup.exe
C:\DOCUME~1\ALLUSE~1\Desktop\Burn4Free.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Burn4Free Toolbar
C:\DOCUME~1\Aurel\Cookies\aurel@iredirect.burn4free[2].txt
C:\DOCUME~1\Aurel\Cookies\aurel@iredirect468.burn4free[1].txt
C:\DOCUME~1\Aurel\Cookies\aurel@www.burn4free[1].txt
C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
C:\Program Files\Burn4Free Toolbar
C:\Program Files\Burn4Free Toolbar\settings.dat
C:\Program Files\Burn4Free Toolbar\uninstall.txt
C:\Program Files\Burn4Free Toolbar\v3.3.0.3
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\installer.ico
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome.manifest
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\install.rdf
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content\toolbar.js
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content\toolbar.xul
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\go.GIF
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\overlay.css
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\toolbar_logo.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\checkmark.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\configure.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\configure_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\cookies.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\cookies_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\favorites.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\favorites_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\find.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\find_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go1.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go1_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go2.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go2_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\help.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\help_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\highlight.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\highlight_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\history.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\history_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\images.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\images_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\mag.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\magnifying_glass.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\magnifying_glass_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\multi_home_page.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\multi_home_page_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\panic.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\panic_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\popup_blocker_off.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\popup_blocker_on.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\radiodot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\run_application.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\run_application_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\save_web_pages_urls.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\save_web_pages_urls_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\searchbg.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\source.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\source_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\temporary_internet_files.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\temporary_internet_files_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\Toolbar.js
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\Toolbar4Free.exe
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\toolbar_logo.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\typed_urls.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\typed_urls_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_in.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_in_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_out.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_out_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\beruby.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\downloads_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\shopping_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\travel_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\webmasters_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\bin
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\css
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\dropdown.htm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\models.sm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\preferences.htm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\bin\CSA.dll
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\css\main.css
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\cancel.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\compare.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar1.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar2.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar3.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\empty.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\gradient.jpg
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\prontologo.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\update.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_bg.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_feature_bracket.gif
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_logo.gif
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_search_bracket.gif
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_star_bullet.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_toolbar.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\toolbar_intro.htm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\accuweather.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\amazon.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\dictionary.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\ebay.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\flickr.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_groups.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_images.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_maps.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_news.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\shopping.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\technorati.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\wikipedia.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\yahoo.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\yahoo_answers.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\youtube.bmp
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Burn4Free Toolbar
C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6906.exe
C:\WINDOWS\System32\b4fm.dll
C:\DOCUME~1\Aurel\Desktop\burn4free_setup.exe
C:\DOCUME~1\ALLUSE~1\Desktop\Burn4Free.lnk
-----------\\ Extensions
(Aurel) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Aurel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.europowersearch.com/Search.html?SelectedSearchLang=FR"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.europowersearch.com/Search.html?SelectedSearchLang=FR"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_nav.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 25.09.2009|20:45 - Option : [1]
-----------\\ Fin du rapport a 20:45:35.07
Voici le rapport de toolbar :
c'est marrant, burn4free est un logiciel de gravure que j'ai téléchargé sur comment-ca-marche !
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
BIOS : Award Modular BIOS v6.00PG
USER : Aurel ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:931 Go (Free:790 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 25.09.2009|20:42 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Burn4Free
C:\Program Files\Burn4Free\bass.dll
C:\Program Files\Burn4Free\basscd.dll
C:\Program Files\Burn4Free\bassflac.dll
C:\Program Files\Burn4Free\basswma.dll
C:\Program Files\Burn4Free\basswv.dll
C:\Program Files\Burn4Free\bass_ape.dll
C:\Program Files\Burn4Free\bass_mpc.dll
C:\Program Files\Burn4Free\BURN4FREE.CFG
C:\Program Files\Burn4Free\Burn4Free.exe
C:\Program Files\Burn4Free\languages
C:\Program Files\Burn4Free\license.txt
C:\Program Files\Burn4Free\queue
C:\Program Files\Burn4Free\temp
C:\Program Files\Burn4Free\uninstall.exe
C:\Program Files\Burn4Free\wav
C:\Program Files\Burn4Free\languages\ARABIC.INI
C:\Program Files\Burn4Free\languages\BELARUSSIAN.INI
C:\Program Files\Burn4Free\languages\CATALAN.INI
C:\Program Files\Burn4Free\languages\CHINESEBIG5.INI
C:\Program Files\Burn4Free\languages\CHINESEGB.INI
C:\Program Files\Burn4Free\languages\CROATIAN_FUN.INI
C:\Program Files\Burn4Free\languages\CZECH.INI
C:\Program Files\Burn4Free\languages\DUTCH.INI
C:\Program Files\Burn4Free\languages\ENGLISH.INI
C:\Program Files\Burn4Free\languages\FRENCH.INI
C:\Program Files\Burn4Free\languages\GALEGO.INI
C:\Program Files\Burn4Free\languages\GERMAN.INI
C:\Program Files\Burn4Free\languages\GERMAN_2.INI
C:\Program Files\Burn4Free\languages\HEBREW.INI
C:\Program Files\Burn4Free\languages\HELLENIC.INI
C:\Program Files\Burn4Free\languages\ITALIANO.INI
C:\Program Files\Burn4Free\languages\JAPANESE.INI
C:\Program Files\Burn4Free\languages\KOREAN.INI
C:\Program Files\Burn4Free\languages\LITHUANIAN.INI
C:\Program Files\Burn4Free\languages\MACEDONIAN.INI
C:\Program Files\Burn4Free\languages\MAGYAR.INI
C:\Program Files\Burn4Free\languages\NORSK.INI
C:\Program Files\Burn4Free\languages\POLISH.INI
C:\Program Files\Burn4Free\languages\PORTUGUESE.INI
C:\Program Files\Burn4Free\languages\ROMANA.INI
C:\Program Files\Burn4Free\languages\RUSSIAN.INI
C:\Program Files\Burn4Free\languages\RUSSIAN_2.INI
C:\Program Files\Burn4Free\languages\SERBIAN.INI
C:\Program Files\Burn4Free\languages\SLOVAK.INI
C:\Program Files\Burn4Free\languages\SLOVENIAN.INI
C:\Program Files\Burn4Free\languages\SPANISH.INI
C:\Program Files\Burn4Free\languages\SUOMI.INI
C:\Program Files\Burn4Free\languages\SVENSKA.INI
C:\Program Files\Burn4Free\languages\TURKISH.INI
C:\Program Files\Burn4Free\languages\UKRAINIAN.INI
C:\Program Files\Burn4Free\languages\VALENCIAN.INI
C:\DOCUME~1\Aurel\Desktop\burn4free_setup.exe
C:\DOCUME~1\ALLUSE~1\Desktop\Burn4Free.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Burn4Free Toolbar
C:\DOCUME~1\Aurel\Cookies\aurel@iredirect.burn4free[2].txt
C:\DOCUME~1\Aurel\Cookies\aurel@iredirect468.burn4free[1].txt
C:\DOCUME~1\Aurel\Cookies\aurel@www.burn4free[1].txt
C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
C:\Program Files\Burn4Free Toolbar
C:\Program Files\Burn4Free Toolbar\settings.dat
C:\Program Files\Burn4Free Toolbar\uninstall.txt
C:\Program Files\Burn4Free Toolbar\v3.3.0.3
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\installer.ico
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome.manifest
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\install.rdf
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content\toolbar.js
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content\toolbar.xul
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\go.GIF
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\overlay.css
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\toolbar_logo.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\checkmark.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\configure.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\configure_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\cookies.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\cookies_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\favorites.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\favorites_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\find.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\find_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go1.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go1_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go2.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\go2_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\help.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\help_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\highlight.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\highlight_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\history.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\history_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\images.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\images_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\mag.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\magnifying_glass.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\magnifying_glass_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\multi_home_page.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\multi_home_page_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\panic.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\panic_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\popup_blocker_off.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\popup_blocker_on.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\radiodot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\run_application.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\run_application_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\save_web_pages_urls.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\save_web_pages_urls_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\searchbg.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\source.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\source_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\temporary_internet_files.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\temporary_internet_files_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\Toolbar.js
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\Toolbar4Free.exe
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\toolbar_logo.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\typed_urls.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\typed_urls_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_in.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_in_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_out.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_out_hot.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\beruby.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\downloads_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\shopping_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\travel_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\webmasters_logo_small.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\bin
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\css
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\dropdown.htm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\models.sm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\preferences.htm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\bin\CSA.dll
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\css\main.css
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\cancel.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\compare.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar1.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar2.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar3.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\empty.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\gradient.jpg
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\prontologo.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\update.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_bg.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_feature_bracket.gif
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_logo.gif
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_search_bracket.gif
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_star_bullet.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_toolbar.png
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\intro\toolbar_intro.htm
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\accuweather.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\amazon.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\dictionary.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\ebay.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\flickr.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_groups.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_images.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_maps.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_news.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\shopping.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\technorati.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\Thumbs.db
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\wikipedia.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\yahoo.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\yahoo_answers.bmp
C:\Program Files\Burn4Free Toolbar\v3.3.0.3\resources\search\youtube.bmp
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Burn4Free Toolbar
C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6906.exe
C:\WINDOWS\System32\b4fm.dll
C:\DOCUME~1\Aurel\Desktop\burn4free_setup.exe
C:\DOCUME~1\ALLUSE~1\Desktop\Burn4Free.lnk
-----------\\ Extensions
(Aurel) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Aurel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.europowersearch.com/Search.html?SelectedSearchLang=FR"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.europowersearch.com/Search.html?SelectedSearchLang=FR"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_nav.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 25.09.2009|20:45 - Option : [1]
-----------\\ Fin du rapport a 20:45:35.07
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
25 sept. 2009 à 20:58
25 sept. 2009 à 20:58
ok tu fais option 2 de toolbar et puis ccleaner mais tu attend pour malwarebytes car vu le rapport option 1 il serait préférable de faire navilog avant , en espérant que tu vois mon message avnt de lancer malwarebytes
Télécharge Navilog1 (par IL-MAFIOSO) sur ton bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, double clique sur le raccourci Navilog1 présent sur le bureau.
Laisse-toi guider. Appuie sur une touche quand on te le demande.
Au menu principal, choisis 1 et valide.
< Ne fais pas le choix 2 >
Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.
Patiente jusqu'au message "Scan terminé le......"
Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.
PS : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt
Télécharge Navilog1 (par IL-MAFIOSO) sur ton bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, double clique sur le raccourci Navilog1 présent sur le bureau.
Laisse-toi guider. Appuie sur une touche quand on te le demande.
Au menu principal, choisis 1 et valide.
< Ne fais pas le choix 2 >
Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.
Patiente jusqu'au message "Scan terminé le......"
Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.
PS : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt
2)Toolbar option 2 :
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
BIOS : Award Modular BIOS v6.00PG
USER : Aurel ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:931 Go (Free:790 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 25.09.2009|21:39 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Burn4Free\bass.dll
Supprime! - C:\Program Files\Burn4Free\basscd.dll
Supprime! - C:\Program Files\Burn4Free\bassflac.dll
Supprime! - C:\Program Files\Burn4Free\basswma.dll
Supprime! - C:\Program Files\Burn4Free\basswv.dll
Supprime! - C:\Program Files\Burn4Free\bass_ape.dll
Supprime! - C:\Program Files\Burn4Free\bass_mpc.dll
Supprime! - C:\Program Files\Burn4Free\BURN4FREE.CFG
Supprime! - C:\Program Files\Burn4Free\Burn4Free.exe
Supprime! - C:\Program Files\Burn4Free\languages
Supprime! - C:\Program Files\Burn4Free\license.txt
Supprime! - C:\Program Files\Burn4Free\queue
Supprime! - C:\Program Files\Burn4Free\temp
Supprime! - C:\Program Files\Burn4Free\uninstall.exe
Supprime! - C:\Program Files\Burn4Free\wav
Supprime! - C:\DOCUME~1\Aurel\Desktop\burn4free_setup.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\Desktop\Burn4Free.lnk
Supprime! - C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Burn4Free Toolbar
Supprime! - C:\DOCUME~1\Aurel\Cookies\aurel@iredirect.burn4free[2].txt
Supprime! - C:\DOCUME~1\Aurel\Cookies\aurel@iredirect468.burn4free[1].txt
Supprime! - C:\DOCUME~1\Aurel\Cookies\aurel@www.burn4free[1].txt
Supprime! - C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
Supprime! - C:\Program Files\Burn4Free Toolbar\settings.dat
Supprime! - C:\Program Files\Burn4Free Toolbar\uninstall.txt
Supprime! - C:\Program Files\Burn4Free Toolbar\v3.3.0.3
Supprime! - C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6906.exe
Supprime! - C:\WINDOWS\System32\b4fm.dll
Supprime! - C:\Program Files\Burn4Free
Supprime! - C:\Program Files\Burn4Free Toolbar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Aurel) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Aurel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.europowersearch.com/Search.html?SelectedSearchLang=FR"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_nav.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 25.09.2009|20:45 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25.09.2009|21:43 - Option : [2]
-----------\\ Fin du rapport a 21:43:01.67
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
BIOS : Award Modular BIOS v6.00PG
USER : Aurel ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:931 Go (Free:790 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 25.09.2009|21:39 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Burn4Free\bass.dll
Supprime! - C:\Program Files\Burn4Free\basscd.dll
Supprime! - C:\Program Files\Burn4Free\bassflac.dll
Supprime! - C:\Program Files\Burn4Free\basswma.dll
Supprime! - C:\Program Files\Burn4Free\basswv.dll
Supprime! - C:\Program Files\Burn4Free\bass_ape.dll
Supprime! - C:\Program Files\Burn4Free\bass_mpc.dll
Supprime! - C:\Program Files\Burn4Free\BURN4FREE.CFG
Supprime! - C:\Program Files\Burn4Free\Burn4Free.exe
Supprime! - C:\Program Files\Burn4Free\languages
Supprime! - C:\Program Files\Burn4Free\license.txt
Supprime! - C:\Program Files\Burn4Free\queue
Supprime! - C:\Program Files\Burn4Free\temp
Supprime! - C:\Program Files\Burn4Free\uninstall.exe
Supprime! - C:\Program Files\Burn4Free\wav
Supprime! - C:\DOCUME~1\Aurel\Desktop\burn4free_setup.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\Desktop\Burn4Free.lnk
Supprime! - C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Burn4Free Toolbar
Supprime! - C:\DOCUME~1\Aurel\Cookies\aurel@iredirect.burn4free[2].txt
Supprime! - C:\DOCUME~1\Aurel\Cookies\aurel@iredirect468.burn4free[1].txt
Supprime! - C:\DOCUME~1\Aurel\Cookies\aurel@www.burn4free[1].txt
Supprime! - C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
Supprime! - C:\Program Files\Burn4Free Toolbar\settings.dat
Supprime! - C:\Program Files\Burn4Free Toolbar\uninstall.txt
Supprime! - C:\Program Files\Burn4Free Toolbar\v3.3.0.3
Supprime! - C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6906.exe
Supprime! - C:\WINDOWS\System32\b4fm.dll
Supprime! - C:\Program Files\Burn4Free
Supprime! - C:\Program Files\Burn4Free Toolbar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Aurel) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Aurel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.europowersearch.com/Search.html?SelectedSearchLang=FR"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_nav.dat
C:\DOCUME~1\Aurel\LOCALS~1\APPLIC~1\icyms_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 25.09.2009|20:45 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25.09.2009|21:43 - Option : [2]
-----------\\ Fin du rapport a 21:43:01.67
J'ai effectué minutieusement les étapes 3)ccleaner et 3)bis navilog.
voici le rapport de navilog :
Fix Navipromo version 4.0.2 commencé le 25.09.2009 22:05:08.12
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
BIOS : Award Modular BIOS v6.00PG
USER : Aurel ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:931 Go (Free:790 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
c:\docume~1\aurel\locals~1\applic~1\icyms.dat supprimé !
c:\docume~1\aurel\locals~1\applic~1\icyms_nav.dat supprimé !
c:\docume~1\aurel\locals~1\applic~1\icyms_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Aurel\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Scan terminé 25.09.2009 22:14:38.07 ***
voici le rapport de navilog :
Fix Navipromo version 4.0.2 commencé le 25.09.2009 22:05:08.12
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
BIOS : Award Modular BIOS v6.00PG
USER : Aurel ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:931 Go (Free:790 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
c:\docume~1\aurel\locals~1\applic~1\icyms.dat supprimé !
c:\docume~1\aurel\locals~1\applic~1\icyms_nav.dat supprimé !
c:\docume~1\aurel\locals~1\applic~1\icyms_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Aurel\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Scan terminé 25.09.2009 22:14:38.07 ***
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
25 sept. 2009 à 22:22
25 sept. 2009 à 22:22
ok merci navilog a bien supprimé ce que toolbar signalait , tu peux continuer avec malwarebytes et puis le nouveau RSIT
Bonjour bonjour :)
ce matin, j'ai fait le scan malwarebyte. une trentaine de fichiers/registres infectés.
Oui mais voilà, Vundo (ou ses petits-frères ou ses amis), il est pas content que malwarebyte vienne fouiller chez lui et donc ça à donner beaucoup de tentatives de "je vous emmerde" détectées par avira :D
- à chaque fois que j'ai scan un dll infecté avec malwarebyte, message d'avira : blocage de trojan
- au cours de la suppression de la selection infectée, multiples messages d'avira de blocage de trojan
- au cours du redémarrage et de la tentative de suppression des fichiers infectés qui n'ont pas pu l'être avant, eh bien......énormément de messages d'avira !!!
je vous passe l'analyse de MLWB puis les messages d'avira.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2861
Windows 5.1.2600 Service Pack 3
26.09.2009 12:04:56
mbam-log-2009-09-26 (12-04-56).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 186844
Temps écoulé: 1 hour(s), 36 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\monigula.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{65b011c8-9b04-4670-971c-1f43744ed993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pududejuy (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{65b011c8-9b04-4670-971c-1f43744ed993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\puzeyumeb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\monigula.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\monigula.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\WINDOWS\system32\monigula.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\SyllabiK\systeme\dlls\nhtmln\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP197\A0050611.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052706.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052712.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052714.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0053974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuyimuto.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ginekufu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yebalino.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zarenija.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8FMZCPWL\main_[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\dajufiwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\gewofawu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\gobewowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\hisozopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\hopawiki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\lohulatu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\mebokewe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\mufokuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\rutihuku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\tovituta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\yikujode.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\yolufeta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dokakuru.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\leduhuma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lumuheze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saduyaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vodarowo.dll (Trojan.Vundo) -> Delete on reboot.
je suis assez spectique quand à la suppression des fichiers "system32\nom_exotique.dll", on dirait qu'ils se multiplient et se renomme à chaque fois.
Voici les messages d'alertes d'AVIRA
à 10h47, début du scan de MLWB.
Virus or unwanted program 'TR/Drop.WormDrop.AB [trojan]'
detected in file 'C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052706.exe.
Action performed: Deny access
Virus or unwanted program 'TR/Monder.bzea.153 [trojan]'
detected in file 'C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052739.dll.
Action performed: Deny access
de 11h55 à 12h04 : suppression des fichiers infectés :
Virus or unwanted program 'TR/Monder.bzea.153 [trojan]'
detected in file 'C:\WINDOWS\system32\nuyimuto.VIR.
Action performed: Deny access
Virus or unwanted program 'TR/Monder.bzea.143 [trojan]'
detected in file 'C:\WINDOWS\system32\zarenija.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Spy.96256.21 [trojan]'
detected in file 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0DQXAHOD\static_[1].stdc.
Action performed: Deny access
Virus or unwanted program 'TR/Drop.WormDrop.AB [trojan]'
detected in file 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8FMZCPWL\main_[1].exe.
Action performed: Deny access
Virus or unwanted program 'TR/Dldr.FraudLoa.WD [trojan]'
detected in file 'C:\_OTM\MovedFiles\09252009_202348\windows\system32\hopawiki.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Drop.WormDrop.AB [trojan]'
detected in file 'C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052706.exe.
Action performed: Deny access
Virus or unwanted program 'TR/Dldr.FraudLoa.WD [trojan]'
detected in file 'C:\_OTM\MovedFiles\09252009_202348\windows\system32\hopawiki.dll.
Action performed: Deny access
de 12h07 à 12h09, période de redémarrage de windows, j'ai reçu approximativement 75 messages d'alertes , les 75 ne sont en fait que des répétitions de ces 3 trojan :
Virus or unwanted program 'TR/Drop.Softomat.AN [trojan]'
detected in file 'C:\WINDOWS\system32\vodarowo.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\dokakuru.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\monigula.dll.
Action performed: Deny access
merci de votre aide précieuse.
ce matin, j'ai fait le scan malwarebyte. une trentaine de fichiers/registres infectés.
Oui mais voilà, Vundo (ou ses petits-frères ou ses amis), il est pas content que malwarebyte vienne fouiller chez lui et donc ça à donner beaucoup de tentatives de "je vous emmerde" détectées par avira :D
- à chaque fois que j'ai scan un dll infecté avec malwarebyte, message d'avira : blocage de trojan
- au cours de la suppression de la selection infectée, multiples messages d'avira de blocage de trojan
- au cours du redémarrage et de la tentative de suppression des fichiers infectés qui n'ont pas pu l'être avant, eh bien......énormément de messages d'avira !!!
je vous passe l'analyse de MLWB puis les messages d'avira.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2861
Windows 5.1.2600 Service Pack 3
26.09.2009 12:04:56
mbam-log-2009-09-26 (12-04-56).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 186844
Temps écoulé: 1 hour(s), 36 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 35
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\monigula.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{65b011c8-9b04-4670-971c-1f43744ed993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pududejuy (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{65b011c8-9b04-4670-971c-1f43744ed993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\puzeyumeb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\monigula.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\monigula.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\WINDOWS\system32\monigula.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\SyllabiK\systeme\dlls\nhtmln\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP197\A0050611.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052706.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052712.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052714.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0053974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuyimuto.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ginekufu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yebalino.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zarenija.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8FMZCPWL\main_[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\dajufiwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\gewofawu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\gobewowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\hisozopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\hopawiki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\lohulatu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\mebokewe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\mufokuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\rutihuku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\tovituta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\yikujode.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\09252009_202348\windows\system32\yolufeta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dokakuru.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\leduhuma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lumuheze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saduyaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vodarowo.dll (Trojan.Vundo) -> Delete on reboot.
je suis assez spectique quand à la suppression des fichiers "system32\nom_exotique.dll", on dirait qu'ils se multiplient et se renomme à chaque fois.
Voici les messages d'alertes d'AVIRA
à 10h47, début du scan de MLWB.
Virus or unwanted program 'TR/Drop.WormDrop.AB [trojan]'
detected in file 'C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052706.exe.
Action performed: Deny access
Virus or unwanted program 'TR/Monder.bzea.153 [trojan]'
detected in file 'C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052739.dll.
Action performed: Deny access
de 11h55 à 12h04 : suppression des fichiers infectés :
Virus or unwanted program 'TR/Monder.bzea.153 [trojan]'
detected in file 'C:\WINDOWS\system32\nuyimuto.VIR.
Action performed: Deny access
Virus or unwanted program 'TR/Monder.bzea.143 [trojan]'
detected in file 'C:\WINDOWS\system32\zarenija.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Spy.96256.21 [trojan]'
detected in file 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0DQXAHOD\static_[1].stdc.
Action performed: Deny access
Virus or unwanted program 'TR/Drop.WormDrop.AB [trojan]'
detected in file 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8FMZCPWL\main_[1].exe.
Action performed: Deny access
Virus or unwanted program 'TR/Dldr.FraudLoa.WD [trojan]'
detected in file 'C:\_OTM\MovedFiles\09252009_202348\windows\system32\hopawiki.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Drop.WormDrop.AB [trojan]'
detected in file 'C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP199\A0052706.exe.
Action performed: Deny access
Virus or unwanted program 'TR/Dldr.FraudLoa.WD [trojan]'
detected in file 'C:\_OTM\MovedFiles\09252009_202348\windows\system32\hopawiki.dll.
Action performed: Deny access
de 12h07 à 12h09, période de redémarrage de windows, j'ai reçu approximativement 75 messages d'alertes , les 75 ne sont en fait que des répétitions de ces 3 trojan :
Virus or unwanted program 'TR/Drop.Softomat.AN [trojan]'
detected in file 'C:\WINDOWS\system32\vodarowo.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\dokakuru.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\monigula.dll.
Action performed: Deny access
merci de votre aide précieuse.
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
26 sept. 2009 à 13:27
26 sept. 2009 à 13:27
bonjour, tu redémarres le pc si cela n'a pas été fait tu ouvre malwarebytes et tu vide la quarantaine , les messages de antivir un peut normal car malwarebytes àa remué la merde et lui te le signal
tu peux si tu veux refaire un examen complet avec malwarebytes pour être sur qu'il n'y a plus rien
tu peux si tu veux refaire un examen complet avec malwarebytes pour être sur qu'il n'y a plus rien
cette fois-ci il n'y a plus que 5 fichiers infectés !
J'ai refait la même procédure, à savoir scan, redémarrage, suppression de la quarantaine.
Voici le log de MLWB :
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2861
Windows 5.1.2600 Service Pack 3
26.09.2009 15:08:54
mbam-log-2009-09-26 (15-08-54).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 186603
Temps écoulé: 34 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0054060.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0054061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0054068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wopeneda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yetubiyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
J'ai refait la même procédure, à savoir scan, redémarrage, suppression de la quarantaine.
Voici le log de MLWB :
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2861
Windows 5.1.2600 Service Pack 3
26.09.2009 15:08:54
mbam-log-2009-09-26 (15-08-54).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 186603
Temps écoulé: 34 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0054060.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0054061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83747EEF-F88D-48E1-9C3D-C5DF82E53093}\RP200\A0054068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wopeneda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yetubiyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
26 sept. 2009 à 19:31
26 sept. 2009 à 19:31
bonjour, pour ce qui conserne C:\System Volume Information\_restore pas trop méchant il suffira de supprimer les points de restauration pour être tranquille mais il faut le faire que quand le pc est clean et la tu as retrouvé deux choses qui n'était pas dans le pc avant , je te propose de passer combofix si tu le veux car c'est l'outil par exélance sur les tronjans , mais comme il est puissant il est à risque si tu as un pc avec une licence pas légal il arrive qu'il le plante !! mais bon cela reste marginal , tu prends le temps de lire le tutoriel officeil avant pour faire connaissance , tu déactives toute protections anti-virus anti-spyware et tu te déconnectes d'internet, tu ne touches pas au pc pendant qu'il travail sauf pour répondre quand il te le demande , et tout ira bien
ps: installes la console de récupération quand il te le demandera , cela est une sécurité en cas de problème et même après combofix cela peut aider pour réparrer windows !!
Tutoriel officiel prends le temps de le regarder : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge Combofix.exe de sUBs sur ton Bureau,
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnectes toi d'internet et désactives ton antivirus et toutes protection résidente, pour que Combofix puisse s'exécuter normalement.
Doubles clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
tu Ne touches à rien tant que le scan n'est pas terminé.
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
Réactives la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.
Note : Le rapport se trouve également là : C:\Combofix.txt
ps: installes la console de récupération quand il te le demandera , cela est une sécurité en cas de problème et même après combofix cela peut aider pour réparrer windows !!
Tutoriel officiel prends le temps de le regarder : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge Combofix.exe de sUBs sur ton Bureau,
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnectes toi d'internet et désactives ton antivirus et toutes protection résidente, pour que Combofix puisse s'exécuter normalement.
Doubles clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
tu Ne touches à rien tant que le scan n'est pas terminé.
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
Réactives la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.
Note : Le rapport se trouve également là : C:\Combofix.txt
Bonjour jaques,
j'ai DL et exécuter combofix, voici le log :
ComboFix 09-09-25.01 - Aurel 27.09.2009 16:06.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1033.18.3326.2765 [GMT 2:00]
Lancé depuis: c:\documents and settings\Aurel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\71ef4c.msi
c:\windows\Installer\71ef4d.msp
c:\windows\Installer\71ef4e.msp
c:\windows\Installer\71ef4f.msp
c:\windows\Installer\71ef50.msp
c:\windows\Installer\71ef51.msp
c:\windows\Installer\71ef52.msp
c:\windows\Installer\71ef53.msp
c:\windows\Installer\71ef54.msp
c:\windows\Installer\71ef55.msp
c:\windows\Installer\71ef56.msp
c:\windows\system32\borababu.dll
c:\windows\system32\gmail.dll
c:\windows\system32\huholapu.dll.tmp
c:\windows\system32\meruyuva.dll.tmp
c:\windows\system32\ranatepo.dll
c:\windows\system32\rumenite.dll
c:\windows\system32\tusavila.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-27 au 2009-09-27 ))))))))))))))))))))))))))))))))))))
.
2009-09-27 14:12 . 2009-09-27 14:18 6862 ----a-w- c:\windows\system32\jerror.dat
2009-09-27 14:12 . 2009-09-27 14:18 22987 ----a-w- c:\windows\system32\jcsball.dat
2009-09-26 13:25 . 2009-09-26 13:25 -------- d-----w- c:\documents and settings\Aurel\Application Data\Uniblue
2009-09-26 10:42 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-26 08:22 . 2009-09-26 08:22 -------- d-----w- c:\documents and settings\Aurel\Application Data\Malwarebytes
2009-09-26 08:22 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-26 08:22 . 2009-09-26 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-26 08:22 . 2009-09-26 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-26 08:22 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 20:04 . 2009-09-25 20:14 -------- d-----w- c:\program files\Navilog1
2009-09-25 19:54 . 2009-09-25 19:54 -------- d-----w- c:\program files\CCleaner
2009-09-25 18:42 . 2009-09-25 19:43 -------- d-----w- C:\ToolBar SD
2009-09-25 18:23 . 2009-09-25 18:23 -------- d-----w- C:\_OTM
2009-09-25 14:47 . 2009-09-25 14:47 -------- d-----w- C:\rsit
2009-09-22 19:49 . 2009-09-22 19:49 -------- d-----w- c:\program files\Trend Micro
2009-09-20 14:28 . 2009-09-20 14:28 -------- d-----w- c:\program files\eptsoft
2009-09-20 14:28 . 2009-09-20 14:28 -------- d-----w- c:\windows\Downloaded Installations
2009-09-20 10:32 . 2009-09-20 10:32 -------- d-----w- c:\program files\CleanUp!
2009-09-19 14:13 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-09-19 14:13 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-09-19 14:13 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-09-19 14:13 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-09-19 14:13 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-09-19 14:13 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-09-19 14:13 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-09-19 14:13 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-09-18 14:16 . 2009-09-18 14:16 -------- d-----w- c:\documents and settings\Aurel\Local Settings\Application Data\Downloaded Installations
2009-09-16 20:01 . 2009-09-27 13:12 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-16 20:01 . 2009-09-27 13:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-16 20:01 . 2009-09-16 20:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-13 16:20 . 2009-09-14 19:47 534 ----a-w- c:\windows\eReg.dat
2009-09-13 16:20 . 1998-06-17 16:07 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2009-09-08 08:33 . 2009-09-08 08:33 -------- d-----w- c:\program files\RVG Software
2009-09-05 13:55 . 2009-09-05 13:55 -------- d-----w- c:\documents and settings\Aurel\Application Data\ALLCapture
2009-09-05 13:55 . 2009-09-05 13:55 -------- d-----w- c:\program files\ALLCapture 3.0 Essai
2009-09-05 08:48 . 2009-09-05 08:48 126976 ----a-w- c:\windows\system32\UAService7.exe
2009-09-05 08:46 . 2009-09-05 08:46 -------- d-----w- c:\program files\Giant
2009-09-04 15:04 . 2009-09-25 16:23 -------- d-----w- c:\documents and settings\Aurel\Application Data\vlc
2009-09-04 15:03 . 2009-09-04 15:03 -------- d-----w- c:\program files\VLC
2009-09-02 21:13 . 2009-09-02 21:13 79792 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-31 09:59 . 2009-08-31 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-08-31 08:49 . 2009-08-31 12:47 -------- d-----w- c:\documents and settings\Aurel\Local Settings\Application Data\www.pro-evo.xooit.fr
2009-08-30 20:06 . 2009-08-30 20:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni
2009-08-30 20:06 . 2009-08-30 20:06 -------- d-----w- C:\ProgramData
2009-08-28 19:30 . 2009-09-09 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 14:12 . 2009-03-27 14:05 16608 ----a-w- c:\windows\gdrv.sys
2009-09-27 14:02 . 2009-07-17 13:49 -------- d-----w- c:\documents and settings\Aurel\Application Data\Free Download Manager
2009-09-27 11:12 . 2009-06-27 11:12 87552 --sha-w- c:\windows\system32\wudiyopi.dll
2009-09-26 13:38 . 2009-05-26 18:17 -------- d-----w- c:\documents and settings\Aurel\Application Data\DNA
2009-09-26 13:11 . 2009-05-26 18:17 -------- d-----w- c:\program files\DNA
2009-09-26 09:55 . 2009-06-26 09:55 49152 --sha-w- c:\windows\system32\yevilido.dll
2009-09-26 09:35 . 2009-06-26 09:34 50176 --sha-w- c:\windows\system32\jalezada.dll
2009-09-25 18:45 . 2009-03-27 20:33 -------- d-----w- c:\program files\Steam
2009-09-25 18:23 . 2009-06-12 13:54 -------- d-----w- c:\program files\SeekService
2009-09-23 18:56 . 2009-06-12 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-09-22 17:03 . 2008-04-14 00:21 5760 ----a-w- c:\windows\system32\drivers\arp1394.sys
2009-09-18 14:19 . 2009-04-20 21:27 -------- d-----w- c:\program files\KONAMI
2009-09-14 19:50 . 2009-03-27 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 21:43 . 2009-03-27 19:53 -------- d-----w- c:\program files\adslTV
2009-09-08 09:23 . 2009-09-08 09:23 -------- d-----w- c:\program files\PostgreSQL
2009-09-06 15:06 . 2009-07-17 13:49 -------- d-----w- c:\program files\Free Download Manager
2009-09-04 21:27 . 2009-07-20 12:40 -------- d-----w- c:\documents and settings\Aurel\Application Data\dvdcss
2009-08-31 10:57 . 2009-03-28 09:13 -------- d-----w- c:\documents and settings\Aurel\Application Data\geany
2009-08-31 09:24 . 2009-05-26 18:17 -------- d-----w- c:\documents and settings\Aurel\Application Data\BitTorrent
2009-08-24 14:55 . 2009-08-24 13:30 -------- d-----w- c:\program files\PokerStars
2009-08-24 09:50 . 2009-03-27 21:29 88 --sh--r- c:\windows\system32\15E5DB2FC4.sys
2009-08-24 09:50 . 2009-03-27 21:29 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-21 10:35 . 2009-03-27 17:18 23448 ----a-w- c:\documents and settings\Aurel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 14:06 . 2009-03-28 09:13 -------- d-----w- c:\documents and settings\Aurel\Application Data\gtk-2.0
2009-08-05 19:18 . 2009-03-27 19:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 08:50 . 2009-06-19 19:56 -------- d-----w- c:\program files\Java
2009-08-01 22:04 . 2009-08-01 22:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-25 03:23 . 2009-06-17 18:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:49 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-12 14:04 . 2009-06-12 14:04 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-26 09:56 . 2009-06-26 09:56 49152 --sha-w- c:\windows\system32\rahuziti.dll
2009-06-26 09:46 . 2009-06-26 09:46 50176 --sha-w- c:\windows\system32\zehakebo.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4d02059-c4eb-4079-8b5a-22a5eff3b3b9}]
2009-06-26 09:56 49152 --sha-w- c:\windows\system32\rahuziti.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"tray3"="c:\windows\system32\RecvMessage.exe" [2007-01-10 196608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"%FP%Friendly fts.exe"="c:\program files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 72192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-12 30192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"pududejuy"="c:\windows\system32\wudiyopi.dll" [2009-09-27 87552]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-02 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1d650781-578a-48a0-8c50-c4cca780c58e}"= "c:\windows\system32\wudiyopi.dll" [2009-09-27 87552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wotisediw"= {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll [2009-09-27 87552]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\RecvMessage.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\java.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Moniteur neufbox\\Moniteur neufbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\SyllabiK\\mirc.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Team Pro Evo 09.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\SeekService\\seekservice129.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.03.2009 21:44 108289]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [27.03.2009 16:06 80392]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13.03.2009 05:50 65536]
R2 SeekService Service;SeekService Service;c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe [23.09.2009 20:56 54784]
S3 B-Service;B-Service;c:\documents and settings\Aurel\Application Data\Mikogo\B-Service.exe [22.05.2009 14:29 185640]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12.06.2009 16:04 30192]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29.05.2009 17:13 234864]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.europowersearch.com/Search.html?SelectedSearchLang=FR
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {4E7A162C-2A90-476F-B547-5DC4EF6BA2DF} = 86.64.145.148 84.103.237.148
FF - ProfilePath - c:\documents and settings\Aurel\Application Data\Mozilla\Firefox\Profiles\yo6wg1vw.default\
FF - prefs.js: browser.search.selectedEngine - Google Search Community
FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D286E828-E6B9-484d-A058-D7323666DE33} - (no file)
Toolbar-{0508F8F1-08E3-43EE-AAA8-09AD09803084} - (no file)
HKLM-Run-mimeriyiwe - borababu.dll
SharedTaskScheduler-{c0b45aec-d38e-49bf-959d-4243e6c00104} - (no file)
SharedTaskScheduler-{aee438cc-93bb-4d18-9685-d0bee49171a8} - (no file)
SharedTaskScheduler-{64bafd2b-8d9f-4b7b-8efc-62c5d62b5eae} - (no file)
SSODL-gizanepir-{64bafd2b-8d9f-4b7b-8efc-62c5d62b5eae} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 16:18
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"=""
"SaveDir"=""
"HistoryDir"="c:\\Documents and Settings\\Aurel\\Desktop\\PRO-EVO_Editing_Studio_200\\PRO-EVO Editing Studio 2009 V1.0.0.0\\PES CONVERTER 2.0\\FM Genie Scout 2008\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"WindowHeight"=dword:00000265
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:ffffffbb
"WindowTop"=dword:00000048
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000069
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dwo
j'ai DL et exécuter combofix, voici le log :
ComboFix 09-09-25.01 - Aurel 27.09.2009 16:06.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1033.18.3326.2765 [GMT 2:00]
Lancé depuis: c:\documents and settings\Aurel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\71ef4c.msi
c:\windows\Installer\71ef4d.msp
c:\windows\Installer\71ef4e.msp
c:\windows\Installer\71ef4f.msp
c:\windows\Installer\71ef50.msp
c:\windows\Installer\71ef51.msp
c:\windows\Installer\71ef52.msp
c:\windows\Installer\71ef53.msp
c:\windows\Installer\71ef54.msp
c:\windows\Installer\71ef55.msp
c:\windows\Installer\71ef56.msp
c:\windows\system32\borababu.dll
c:\windows\system32\gmail.dll
c:\windows\system32\huholapu.dll.tmp
c:\windows\system32\meruyuva.dll.tmp
c:\windows\system32\ranatepo.dll
c:\windows\system32\rumenite.dll
c:\windows\system32\tusavila.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-27 au 2009-09-27 ))))))))))))))))))))))))))))))))))))
.
2009-09-27 14:12 . 2009-09-27 14:18 6862 ----a-w- c:\windows\system32\jerror.dat
2009-09-27 14:12 . 2009-09-27 14:18 22987 ----a-w- c:\windows\system32\jcsball.dat
2009-09-26 13:25 . 2009-09-26 13:25 -------- d-----w- c:\documents and settings\Aurel\Application Data\Uniblue
2009-09-26 10:42 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-26 08:22 . 2009-09-26 08:22 -------- d-----w- c:\documents and settings\Aurel\Application Data\Malwarebytes
2009-09-26 08:22 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-26 08:22 . 2009-09-26 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-26 08:22 . 2009-09-26 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-26 08:22 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 20:04 . 2009-09-25 20:14 -------- d-----w- c:\program files\Navilog1
2009-09-25 19:54 . 2009-09-25 19:54 -------- d-----w- c:\program files\CCleaner
2009-09-25 18:42 . 2009-09-25 19:43 -------- d-----w- C:\ToolBar SD
2009-09-25 18:23 . 2009-09-25 18:23 -------- d-----w- C:\_OTM
2009-09-25 14:47 . 2009-09-25 14:47 -------- d-----w- C:\rsit
2009-09-22 19:49 . 2009-09-22 19:49 -------- d-----w- c:\program files\Trend Micro
2009-09-20 14:28 . 2009-09-20 14:28 -------- d-----w- c:\program files\eptsoft
2009-09-20 14:28 . 2009-09-20 14:28 -------- d-----w- c:\windows\Downloaded Installations
2009-09-20 10:32 . 2009-09-20 10:32 -------- d-----w- c:\program files\CleanUp!
2009-09-19 14:13 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-09-19 14:13 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-09-19 14:13 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-09-19 14:13 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-09-19 14:13 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-09-19 14:13 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-09-19 14:13 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-09-19 14:13 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-09-19 14:13 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-09-18 14:16 . 2009-09-18 14:16 -------- d-----w- c:\documents and settings\Aurel\Local Settings\Application Data\Downloaded Installations
2009-09-16 20:01 . 2009-09-27 13:12 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-16 20:01 . 2009-09-27 13:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-16 20:01 . 2009-09-16 20:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-13 16:20 . 2009-09-14 19:47 534 ----a-w- c:\windows\eReg.dat
2009-09-13 16:20 . 1998-06-17 16:07 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2009-09-08 08:33 . 2009-09-08 08:33 -------- d-----w- c:\program files\RVG Software
2009-09-05 13:55 . 2009-09-05 13:55 -------- d-----w- c:\documents and settings\Aurel\Application Data\ALLCapture
2009-09-05 13:55 . 2009-09-05 13:55 -------- d-----w- c:\program files\ALLCapture 3.0 Essai
2009-09-05 08:48 . 2009-09-05 08:48 126976 ----a-w- c:\windows\system32\UAService7.exe
2009-09-05 08:46 . 2009-09-05 08:46 -------- d-----w- c:\program files\Giant
2009-09-04 15:04 . 2009-09-25 16:23 -------- d-----w- c:\documents and settings\Aurel\Application Data\vlc
2009-09-04 15:03 . 2009-09-04 15:03 -------- d-----w- c:\program files\VLC
2009-09-02 21:13 . 2009-09-02 21:13 79792 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-31 09:59 . 2009-08-31 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-08-31 08:49 . 2009-08-31 12:47 -------- d-----w- c:\documents and settings\Aurel\Local Settings\Application Data\www.pro-evo.xooit.fr
2009-08-30 20:06 . 2009-08-30 20:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni
2009-08-30 20:06 . 2009-08-30 20:06 -------- d-----w- C:\ProgramData
2009-08-28 19:30 . 2009-09-09 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 14:12 . 2009-03-27 14:05 16608 ----a-w- c:\windows\gdrv.sys
2009-09-27 14:02 . 2009-07-17 13:49 -------- d-----w- c:\documents and settings\Aurel\Application Data\Free Download Manager
2009-09-27 11:12 . 2009-06-27 11:12 87552 --sha-w- c:\windows\system32\wudiyopi.dll
2009-09-26 13:38 . 2009-05-26 18:17 -------- d-----w- c:\documents and settings\Aurel\Application Data\DNA
2009-09-26 13:11 . 2009-05-26 18:17 -------- d-----w- c:\program files\DNA
2009-09-26 09:55 . 2009-06-26 09:55 49152 --sha-w- c:\windows\system32\yevilido.dll
2009-09-26 09:35 . 2009-06-26 09:34 50176 --sha-w- c:\windows\system32\jalezada.dll
2009-09-25 18:45 . 2009-03-27 20:33 -------- d-----w- c:\program files\Steam
2009-09-25 18:23 . 2009-06-12 13:54 -------- d-----w- c:\program files\SeekService
2009-09-23 18:56 . 2009-06-12 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-09-22 17:03 . 2008-04-14 00:21 5760 ----a-w- c:\windows\system32\drivers\arp1394.sys
2009-09-18 14:19 . 2009-04-20 21:27 -------- d-----w- c:\program files\KONAMI
2009-09-14 19:50 . 2009-03-27 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 21:43 . 2009-03-27 19:53 -------- d-----w- c:\program files\adslTV
2009-09-08 09:23 . 2009-09-08 09:23 -------- d-----w- c:\program files\PostgreSQL
2009-09-06 15:06 . 2009-07-17 13:49 -------- d-----w- c:\program files\Free Download Manager
2009-09-04 21:27 . 2009-07-20 12:40 -------- d-----w- c:\documents and settings\Aurel\Application Data\dvdcss
2009-08-31 10:57 . 2009-03-28 09:13 -------- d-----w- c:\documents and settings\Aurel\Application Data\geany
2009-08-31 09:24 . 2009-05-26 18:17 -------- d-----w- c:\documents and settings\Aurel\Application Data\BitTorrent
2009-08-24 14:55 . 2009-08-24 13:30 -------- d-----w- c:\program files\PokerStars
2009-08-24 09:50 . 2009-03-27 21:29 88 --sh--r- c:\windows\system32\15E5DB2FC4.sys
2009-08-24 09:50 . 2009-03-27 21:29 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-21 10:35 . 2009-03-27 17:18 23448 ----a-w- c:\documents and settings\Aurel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 14:06 . 2009-03-28 09:13 -------- d-----w- c:\documents and settings\Aurel\Application Data\gtk-2.0
2009-08-05 19:18 . 2009-03-27 19:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 08:50 . 2009-06-19 19:56 -------- d-----w- c:\program files\Java
2009-08-01 22:04 . 2009-08-01 22:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-25 03:23 . 2009-06-17 18:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:49 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-12 14:04 . 2009-06-12 14:04 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-26 09:56 . 2009-06-26 09:56 49152 --sha-w- c:\windows\system32\rahuziti.dll
2009-06-26 09:46 . 2009-06-26 09:46 50176 --sha-w- c:\windows\system32\zehakebo.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4d02059-c4eb-4079-8b5a-22a5eff3b3b9}]
2009-06-26 09:56 49152 --sha-w- c:\windows\system32\rahuziti.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"tray3"="c:\windows\system32\RecvMessage.exe" [2007-01-10 196608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"%FP%Friendly fts.exe"="c:\program files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 72192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-12 30192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"pududejuy"="c:\windows\system32\wudiyopi.dll" [2009-09-27 87552]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-02 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1d650781-578a-48a0-8c50-c4cca780c58e}"= "c:\windows\system32\wudiyopi.dll" [2009-09-27 87552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wotisediw"= {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll [2009-09-27 87552]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\RecvMessage.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\java.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Moniteur neufbox\\Moniteur neufbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\SyllabiK\\mirc.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Team Pro Evo 09.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\SeekService\\seekservice129.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.03.2009 21:44 108289]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [27.03.2009 16:06 80392]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13.03.2009 05:50 65536]
R2 SeekService Service;SeekService Service;c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe [23.09.2009 20:56 54784]
S3 B-Service;B-Service;c:\documents and settings\Aurel\Application Data\Mikogo\B-Service.exe [22.05.2009 14:29 185640]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12.06.2009 16:04 30192]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29.05.2009 17:13 234864]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.europowersearch.com/Search.html?SelectedSearchLang=FR
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {4E7A162C-2A90-476F-B547-5DC4EF6BA2DF} = 86.64.145.148 84.103.237.148
FF - ProfilePath - c:\documents and settings\Aurel\Application Data\Mozilla\Firefox\Profiles\yo6wg1vw.default\
FF - prefs.js: browser.search.selectedEngine - Google Search Community
FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D286E828-E6B9-484d-A058-D7323666DE33} - (no file)
Toolbar-{0508F8F1-08E3-43EE-AAA8-09AD09803084} - (no file)
HKLM-Run-mimeriyiwe - borababu.dll
SharedTaskScheduler-{c0b45aec-d38e-49bf-959d-4243e6c00104} - (no file)
SharedTaskScheduler-{aee438cc-93bb-4d18-9685-d0bee49171a8} - (no file)
SharedTaskScheduler-{64bafd2b-8d9f-4b7b-8efc-62c5d62b5eae} - (no file)
SSODL-gizanepir-{64bafd2b-8d9f-4b7b-8efc-62c5d62b5eae} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 16:18
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"=""
"SaveDir"=""
"HistoryDir"="c:\\Documents and Settings\\Aurel\\Desktop\\PRO-EVO_Editing_Studio_200\\PRO-EVO Editing Studio 2009 V1.0.0.0\\PES CONVERTER 2.0\\FM Genie Scout 2008\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"WindowHeight"=dword:00000265
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:ffffffbb
"WindowTop"=dword:00000048
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
[HKEY_USERS\S-1-5-21-484763869-746137067-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000069
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dwo
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
27 sept. 2009 à 17:23
27 sept. 2009 à 17:23
bonjour, tu vas refaire un OTM pour être sur que c'est partie et faire un log.txt en relancant RSIT
Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
Double-clique sur OTM.exe pour le lancer.Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:processes
explorer.exe
:files
c:\windows\system32\borababu.dll
c:\windows\system32\huholapu.dll
c:\windows\system32\meruyuva.dll
c:\windows\system32\wudiyopi.dll
c:\windows\system32\jalezada.dll
c:\windows\system32\zehakebo.dll
:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTM\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
Double-clique sur OTM.exe pour le lancer.Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:processes
explorer.exe
:files
c:\windows\system32\borababu.dll
c:\windows\system32\huholapu.dll
c:\windows\system32\meruyuva.dll
c:\windows\system32\wudiyopi.dll
c:\windows\system32\jalezada.dll
c:\windows\system32\zehakebo.dll
:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTM\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
rapport OTM :
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder c:\windows\system32\borababu.dll not found.
File/Folder c:\windows\system32\huholapu.dll not found.
File/Folder c:\windows\system32\meruyuva.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\wudiyopi.dll
c:\windows\system32\wudiyopi.dll NOT unregistered.
c:\windows\system32\wudiyopi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\jalezada.dll
c:\windows\system32\jalezada.dll NOT unregistered.
c:\windows\system32\jalezada.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\zehakebo.dll
c:\windows\system32\zehakebo.dll NOT unregistered.
c:\windows\system32\zehakebo.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Aurel
->Temp folder emptied: 1175006 bytes
->Temporary Internet Files folder emptied: 21259728 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38545123 bytes
->Google Chrome cache emptied: 6703587 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 708064 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 65.25 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09272009_172901
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder c:\windows\system32\borababu.dll not found.
File/Folder c:\windows\system32\huholapu.dll not found.
File/Folder c:\windows\system32\meruyuva.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\wudiyopi.dll
c:\windows\system32\wudiyopi.dll NOT unregistered.
c:\windows\system32\wudiyopi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\jalezada.dll
c:\windows\system32\jalezada.dll NOT unregistered.
c:\windows\system32\jalezada.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\zehakebo.dll
c:\windows\system32\zehakebo.dll NOT unregistered.
c:\windows\system32\zehakebo.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Aurel
->Temp folder emptied: 1175006 bytes
->Temporary Internet Files folder emptied: 21259728 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38545123 bytes
->Google Chrome cache emptied: 6703587 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 708064 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 65.25 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09272009_172901
Files moved on Reboot...
Registry entries deleted on Reboot...
Le log de RSIT :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Aurel at 2009-09-27 18:08:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 811 GB (85%) free of 954 GB
Total RAM: 3326 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:30, on 27.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RecvMessage.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aurel\Desktop\Programmes de sécurité\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Aurel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e4d02059-c4eb-4079-8b5a-22a5eff3b3b9} - rahuziti.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [tray3] C:\WINDOWS\system32\RecvMessage.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [pududejuy] Rundll32.exe "c:\windows\system32\wudiyopi.dll",a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-484763869-746137067-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E7A162C-2A90-476F-B547-5DC4EF6BA2DF}: NameServer = 84.103.237.145 86.64.145.145
O20 - AppInit_DLLs: c:\windows\system32\wudiyopi.dll,vodarowo.dll
O21 - SSODL: wotisediw - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Aurel\Application Data\Mikogo\B-Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1ca3f80dd8918d6) (gupdate1ca3f80dd8918d6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Aurel at 2009-09-27 18:08:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 811 GB (85%) free of 954 GB
Total RAM: 3326 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:30, on 27.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RecvMessage.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aurel\Desktop\Programmes de sécurité\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Aurel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e4d02059-c4eb-4079-8b5a-22a5eff3b3b9} - rahuziti.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [tray3] C:\WINDOWS\system32\RecvMessage.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [pududejuy] Rundll32.exe "c:\windows\system32\wudiyopi.dll",a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-484763869-746137067-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E7A162C-2A90-476F-B547-5DC4EF6BA2DF}: NameServer = 84.103.237.145 86.64.145.145
O20 - AppInit_DLLs: c:\windows\system32\wudiyopi.dll,vodarowo.dll
O21 - SSODL: wotisediw - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Aurel\Application Data\Mikogo\B-Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1ca3f80dd8918d6) (gupdate1ca3f80dd8918d6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
27 sept. 2009 à 18:41
27 sept. 2009 à 18:41
bonjour, tu vas fixer les ligne données avec hijackthis il es sur ton pc car RSIT le télécharge pour le rapport log.txt tu le trouveras ici : C:\Program Files\Trend Micro\HijackThis\Aurel.exe et puis tu feras un nettoyage avec ccleaner et tu reposteras un log.txt pour contrôler et tu me dira comment va le pc et tes problème de départ , Merci
1) Fixer les lignes
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis ou plustôt Aurel.exe
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {e4d02059-c4eb-4079-8b5a-22a5eff3b3b9} - rahuziti.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pududejuy] Rundll32.exe "c:\windows\system32\wudiyopi.dll",a
O4 - Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - AppInit_DLLs: c:\windows\system32\wudiyopi.dll,vodarowo.dll
O21 - SSODL: wotisediw - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
.Tu cliques sur "Fix Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
2) redémarres le pc et passes ccleaner avec les réglages donnés
télécharges Ccleaner à partir de cette adresses
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ou plus ici: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96
3) relances RSIT et poste le nouveau log.txt et tu me dis comment vont les soucis du départ
1) Fixer les lignes
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis ou plustôt Aurel.exe
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {e4d02059-c4eb-4079-8b5a-22a5eff3b3b9} - rahuziti.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pududejuy] Rundll32.exe "c:\windows\system32\wudiyopi.dll",a
O4 - Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - AppInit_DLLs: c:\windows\system32\wudiyopi.dll,vodarowo.dll
O21 - SSODL: wotisediw - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1d650781-578a-48a0-8c50-c4cca780c58e} - c:\windows\system32\wudiyopi.dll (file missing)
.Tu cliques sur "Fix Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
2) redémarres le pc et passes ccleaner avec les réglages donnés
télécharges Ccleaner à partir de cette adresses
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ou plus ici: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96
3) relances RSIT et poste le nouveau log.txt et tu me dis comment vont les soucis du départ