Erreur de chargement c:\windows\system32\...
derpolo
Messages postés
4
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
lorsque j'allume mon PC, sur mon poste de travail, j'ai des message d'erreur RUNDLL du type :
Erreur de chargement c:\windows\system32\---.dll
le module spécifié est introuvable
en ce moment les fichiers --- sont : tenugizu.dll - nikarili.dll - likebowa.dll
merci de me dire à quoi ça correspond et comment faire pour ne plus recevoir ce genre de message.
lorsque j'allume mon PC, sur mon poste de travail, j'ai des message d'erreur RUNDLL du type :
Erreur de chargement c:\windows\system32\---.dll
le module spécifié est introuvable
en ce moment les fichiers --- sont : tenugizu.dll - nikarili.dll - likebowa.dll
merci de me dire à quoi ça correspond et comment faire pour ne plus recevoir ce genre de message.
Configuration: Windows XP Internet Explorer 7.0
5 réponses
-
slt pour voir
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit-
slt jlpjlp,
je viens de faire le lancement,
Voici ce que contient le fichier log
Logfile of random's system information tool 1.06 (written by random/random)
Run by PAPA at 2009-11-07 18:46:07
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 5 GB (16%) free of 31 GB
Total RAM: 1023 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:13, on 07/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxdpcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
D:\Documents and Settings\PAPA\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\APPS\skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\APPS\skype\Plugin Manager\skypePM.exe
D:\Documents and Settings\PAPA\Bureau\divers\RSIT.exe
C:\Program Files\trend micro\PAPA.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {624A6AAF-D5CB-42F2-864B-0632E1E8E099} - c:\windows\system32\aedhjqj.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: C:\WINDOWS\system32\jkshfuiehi.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jkshfuiehi.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
O4 - HKLM\..\Run: [lxdpamon] "C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] D:\Documents and Settings\All Users\Application Data\Software rule flag owns\CLOSE TRANS.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [medomafiha] Rundll32.exe "C:\WINDOWS\system32\tenugizu.dll",s
O4 - HKLM\..\Run: [SoftwareHelper] D:\Documents and Settings\PAPA\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [3ce72f6f] rundll32.exe "C:\WINDOWS\system32\nikarili.dll",b
O4 - HKLM\..\Run: [CPM3fd41cf3] Rundll32.exe "c:\windows\system32\likebowa.dll",a
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [medomafiha] Rundll32.exe "C:\WINDOWS\system32\tenugizu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3AA0A95-1270-4F7F-935B-3DA8C827F3F6}: NameServer = 85.255.112.121,85.255.112.123
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.121,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.121,85.255.112.123
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qhfpag.dll C:\WINDOWS\system32\vodewenu.dll c:\windows\system32\likebowa.dll c:\windows\system32\temekatu.dll
O20 - Winlogon Notify: ciztrbsy - C:\WINDOWS\SYSTEM32\aedhjqj.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\likebowa.dll (file missing)
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jkshfuiehi.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\likebowa.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
-
-
slt
tu es gavé d'infections! et détourné en urkaine!!!!
Enregistre wort sur ton bureau:
http://pc-system.fr/
Double-clique sur le fichier WORT.exe et sélectionne le Bureau à l'aide du bouton "Parcourir". Suis les instructions et double-clique sur le fichier Wareout Removal Tool.bat qui vient d'être créé sur le Bureau. Sélectionne l'option 1 et valide par entrée.
Double-clique sur le fichier WORT.exe et sélectionne le Bureau à l'aide du bouton "Parcourir". Suis les instructions et double-clique sur le fichier Wareout Removal Tool.bat qui vient d'être créé sur le Bureau. Sélectionne l'option 1 et valide par entrée.
_______________________
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
---
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
__________________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
remets un rapport RSIT
a plus-
slt,
tu trouveras ci-dessous les différents rapport demandé :
rapport généré (C:\lopR.txt) - recherche
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3700+ )
BIOS : BIOS Date: 05/04/05 17:18:45 Ver: 08.00.12
USER : PAPA ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 091108-0] 4.8.1351 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:196 Go (Free:184 Go)
E:\ (CD or DVD)
F:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 08/11/2009|17:14 )
--------------------\\ Listing des dossiers dans APPLIC~1
[06/06/2009|17:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[24/10/2009|20:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/07/2009|18:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AGI
[21/09/2005|12:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[06/06/2009|16:42] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[13/06/2009|21:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[29/09/2006|23:51] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[21/09/2005|12:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[08/03/2009|21:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[11/09/2009|19:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\f-secure
[11/09/2009|18:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[31/10/2009|16:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/11/2009|22:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[31/10/2009|16:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[17/04/2009|15:18] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lexmark Z2300 Series
[26/03/2006|00:23] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[28/02/2006|14:47] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[28/08/2009|19:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2007|20:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[10/07/2006|18:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[12/12/2008|19:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[03/01/2009|00:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[21/09/2005|12:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[01/12/2005|22:12] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[08/03/2009|17:55] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2005|12:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[21/09/2005|21:10] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[20/08/2007|17:12] D:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
[24/10/2009|17:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[12/09/2009|17:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
[13/12/2008|17:19] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[21/09/2005|12:36] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[21/09/2005|12:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[11/03/2006|02:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[16/09/2006|00:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[19/12/2008|22:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[22/04/2006|12:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WinSoftware
[03/02/2008|19:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[15/02/2007|18:28] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[21/09/2005|12:32] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[21/09/2005|12:29] D:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[30/01/2009|19:42] D:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[28/04/2006|20:11] D:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[08/12/2008|18:24] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[06/12/2008|19:52] D:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
[10/07/2006|23:29] D:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft
[29/09/2006|22:07] D:\DOCUME~1\LOCALS~1.000\APPLIC~1\Microsoft
[02/05/2009|16:18] D:\DOCUME~1\LOCALS~1.001\APPLIC~1\agi
[08/03/2009|21:54] D:\DOCUME~1\LOCALS~1.001\APPLIC~1\Microsoft
[21/09/2005|21:10] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/04/2006|17:18] D:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[10/07/2006|23:29] D:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft
[29/09/2006|22:07] D:\DOCUME~1\NETWOR~1.000\APPLIC~1\Microsoft
[15/06/2009|18:30] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\agi
[08/09/2006|02:54] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\Microsoft
[11/03/2009|11:39] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\Mozilla
[17/09/2009|20:43] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\szejamsh
[30/12/2008|15:23] D:\DOCUME~1\PAPA\APPLIC~1\ACD Systems
[09/05/2009|10:08] D:\DOCUME~1\PAPA\APPLIC~1\Adobe
[03/12/2008|16:02] D:\DOCUME~1\PAPA\APPLIC~1\AdobeUM
[31/05/2009|11:08] D:\DOCUME~1\PAPA\APPLIC~1\EoRezo
[07/09/2009|15:19] D:\DOCUME~1\PAPA\APPLIC~1\F-Secure
[03/12/2008|15:56] D:\DOCUME~1\PAPA\APPLIC~1\Google
[15/03/2009|12:44] D:\DOCUME~1\PAPA\APPLIC~1\Icone
[08/09/2006|02:54] D:\DOCUME~1\PAPA\APPLIC~1\Identities
[01/05/2009|18:23] D:\DOCUME~1\PAPA\APPLIC~1\Macromedia
[03/12/2008|15:57] D:\DOCUME~1\PAPA\APPLIC~1\Math Option Dent
[16/04/2009|10:42] D:\DOCUME~1\PAPA\APPLIC~1\Microsoft
[11/09/2009|17:39] D:\DOCUME~1\PAPA\APPLIC~1\Mozilla
[28/02/2009|19:56] D:\DOCUME~1\PAPA\APPLIC~1\Nokia
[01/01/2009|19:03] D:\DOCUME~1\PAPA\APPLIC~1\OD2
[28/02/2009|19:56] D:\DOCUME~1\PAPA\APPLIC~1\PC Suite
[21/12/2008|17:08] D:\DOCUME~1\PAPA\APPLIC~1\Real
[08/11/2009|17:07] D:\DOCUME~1\PAPA\APPLIC~1\Skype
[08/11/2009|17:06] D:\DOCUME~1\PAPA\APPLIC~1\skypePM
[24/04/2009|18:33] D:\DOCUME~1\PAPA\APPLIC~1\Sun
[05/12/2008|18:15] D:\DOCUME~1\PAPA\APPLIC~1\Symantec
[11/09/2009|18:33] D:\DOCUME~1\PAPA\APPLIC~1\szejamsh
[08/06/2009|16:26] D:\DOCUME~1\PAPA\APPLIC~1\TeamViewer
[03/12/2008|16:43] D:\DOCUME~1\PAPA\APPLIC~1\Ulead Systems
[21/09/2005|12:29] D:\DOCUME~1\PAPA\APPLIC~1\You've Got Pictures Screensaver
[20/12/2005|17:54] D:\DOCUME~1\Pauline\APPLIC~1\ACD Systems
[23/08/2006|15:38] D:\DOCUME~1\Pauline\APPLIC~1\Adobe
[08/12/2005|22:42] D:\DOCUME~1\Pauline\APPLIC~1\AdobeUM
[19/11/2005|22:11] D:\DOCUME~1\Pauline\APPLIC~1\CyberLink
[23/08/2006|15:51] D:\DOCUME~1\Pauline\APPLIC~1\DataLayer
[13/12/2005|22:24] D:\DOCUME~1\Pauline\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[13/12/2005|22:24] D:\DOCUME~1\Pauline\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[31/07/2006|16:00] D:\DOCUME~1\Pauline\APPLIC~1\HbTools
[01/12/2005|22:30] D:\DOCUME~1\Pauline\APPLIC~1\Help
[30/09/2005|06:12] D:\DOCUME~1\Pauline\APPLIC~1\Identities
[20/12/2005|13:47] D:\DOCUME~1\Pauline\APPLIC~1\Leadertech
[30/09/2005|06:12] D:\DOCUME~1\Pauline\APPLIC~1\Macromedia
[26/06/2006|18:47] D:\DOCUME~1\Pauline\APPLIC~1\Microsoft
[20/08/2006|20:41] D:\DOCUME~1\Pauline\APPLIC~1\MobileAction
[23/08/2006|15:51] D:\DOCUME~1\Pauline\APPLIC~1\Nokia
[23/08/2006|16:09] D:\DOCUME~1\Pauline\APPLIC~1\Nokia Multimedia Player
[08/01/2006|00:54] D:\DOCUME~1\Pauline\APPLIC~1\Norman
[01/12/2005|22:07] D:\DOCUME~1\Pauline\APPLIC~1\OD2
[07/09/2006|18:00] D:\DOCUME~1\Pauline\APPLIC~1\OFFICE One v6
[23/08/2006|15:48] D:\DOCUME~1\Pauline\APPLIC~1\PC Suite
[17/12/2005|17:28] D:\DOCUME~1\Pauline\APPLIC~1\Real
[19/11/2005|23:20] D:\DOCUME~1\Pauline\APPLIC~1\Skype
[20/12/2005|13:51] D:\DOCUME~1\Pauline\APPLIC~1\Sonic
[14/12/2005|00:23] D:\DOCUME~1\Pauline\APPLIC~1\Sun
[24/01/2006|23:16] D:\DOCUME~1\Pauline\APPLIC~1\Symantec
[22/11/2005|21:45] D:\DOCUME~1\Pauline\APPLIC~1\Ulead Systems
[24/04/2006|21:54] D:\DOCUME~1\Pauline\APPLIC~1\WinAntiVirus Pro 2006
[30/09/2005|06:12] D:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
[17/09/2006|22:45] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\ACD Systems
[07/09/2006|18:20] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\Adobe
[07/09/2006|20:01] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\AdobeUM
[17/09/2006|21:33] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\CyberLink
[17/09/2006|22:00] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[27/08/2006|11:26] D:\DOCUME~1\PIERRE~1\APPLIC~1\Adobe
[20/11/2005|15:38] D:\DOCUME~1\PIERRE~1\APPLIC~1\CyberLink
[14/12/2005|13:42] D:\DOCUME~1\PIERRE~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[19/12/2005|17:22] D:\DOCUME~1\PIERRE~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[31/07/2006|11:45] D:\DOCUME~1\PIERRE~1\APPLIC~1\HbTools
[11/01/2006|14:01] D:\DOCUME~1\PIERRE~1\APPLIC~1\Help
[30/09/2005|06:12] D:\DOCUME~1\PIERRE~1\APPLIC~1\Identities
[01/04/2006|18:58] D:\DOCUME~1\PIERRE~1\APPLIC~1\InterTrust
[30/09/2005|06:12] D:\DOCUME~1\PIERRE~1\APPLIC~1\Macromedia
[06/09/2006|11:05] D:\DOCUME~1\PIERRE~1\APPLIC~1\Microsoft
[06/02/2006|18:33] D:\DOCUME~1\PIERRE~1\APPLIC~1\MSNInstaller
[26/04/2006|16:46] D:\DOCUME~1\PIERRE~1\APPLIC~1\OD2
[07/09/2006|18:01] D:\DOCUME~1\PIERRE~1\APPLIC~1\OFFICE One v6
[23/08/2006|17:41] D:\DOCUME~1\PIERRE~1\APPLIC~1\PC Suite
[07/02/2006|19:08] D:\DOCUME~1\PIERRE~1\APPLIC~1\Real
[04/07/2006|14:19] D:\DOCUME~1\PIERRE~1\APPLIC~1\report
[13/06/2006|17:07] D:\DOCUME~1\PIERRE~1\APPLIC~1\ShopperReports
[19/11/2005|12:22] D:\DOCUME~1\PIERRE~1\APPLIC~1\Skype
[23/02/2006|14:56] D:\DOCUME~1\PIERRE~1\APPLIC~1\Sun
[19/11/2005|12:22] D:\DOCUME~1\PIERRE~1\APPLIC~1\Symantec
[17/12/2005|20:33] D:\DOCUME~1\PIERRE~1\APPLIC~1\Ulead Systems
[25/04/2006|12:55] D:\DOCUME~1\PIERRE~1\APPLIC~1\WinAntiVirus Pro 2006
[30/09/2005|06:12] D:\DOCUME~1\PIERRE~1\APPLIC~1\You've Got Pictures Screensaver
[27/08/2009|21:15] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Adobe
[05/11/2009|15:37] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Identities
[27/08/2009|20:57] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Macromedia
[31/10/2009|16:29] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Microsoft
[11/09/2009|19:43] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Mozilla
[28/08/2009|18:59] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\OD2
[05/11/2009|15:44] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\PhotoFiltre Studio X
[20/09/2009|20:25] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Real
[20/09/2009|18:39] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Samsung
[31/10/2009|22:48] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Skype
[31/10/2009|16:46] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\skypePM
[28/08/2009|20:50] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Sun
[21/09/2005|12:32] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Symantec
[20/09/2009|17:55] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\szejamsh
[28/08/2009|11:42] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Windows Live Writer
[31/08/2009|16:54] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\WinRAR
[21/09/2005|12:29] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\You've Got Pictures Screensaver
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[07/11/2009 21:15][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{5DC87CFA-E920-4800-B9C1-0C62D34AB15C}.job
[08/11/2009 17:05][--ah-----] C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[08/11/2009 17:11][--a------] C:\WINDOWS\tasks\NSSstub.job
[02/11/2009 19:30][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/11/2009 14:57][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[08/11/2009 17:00][--a------] C:\WINDOWS\tasks\Configurer mon PC.job
[08/11/2009 17:00][--ah-----] C:\WINDOWS\tasks\B655D34091924A6C.job
[08/11/2009 17:00][--ah-----] C:\WINDOWS\tasks\A821B950918A36E8.job
[08/11/2009 14:24][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
( A821B950918A36E8.job )=( d:\docume~1\popo\applic~1\mathop~1\DRAWFORD64.exe )
( B655D34091924A6C.job )=( d:\docume~1\pierre~1.104\applic~1\mathop~1\DRAWFORD64.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[12/09/2009|17:09] C:\Program Files\A360
[10/02/2009|14:05] C:\Program Files\ACD Systems
[10/04/2009|22:17] C:\Program Files\Adobe
[06/07/2009|18:39] C:\Program Files\AGI
[12/09/2009|16:57] C:\Program Files\Alwil Software
[08/09/2006|02:48] C:\Program Files\AMD
[06/06/2009|16:43] C:\Program Files\Apple Software Update
[11/01/2009|15:48] C:\Program Files\Bitmanagement Software
[06/06/2009|17:44] C:\Program Files\Bonjour
[12/09/2009|17:10] C:\Program Files\Circle Developement
[13/12/2008|17:56] C:\Program Files\Common Files
[08/09/2006|02:48] C:\Program Files\ComPlus Applications
[08/09/2006|02:48] C:\Program Files\CyberLink
[28/02/2009|19:18] C:\Program Files\DIFX
[04/04/2007|21:26] C:\Program Files\directx
[04/01/2008|15:39] C:\Program Files\EA GAMES
[02/01/2009|16:37] C:\Program Files\Electronic Arts
[10/02/2009|12:35] C:\Program Files\eMule
[17/10/2006|21:53] C:\Program Files\EZFace
[31/10/2009|16:35] C:\Program Files\Fichiers communs
[13/12/2008|17:56] C:\Program Files\GameSpy Arcade
[08/09/2006|02:48] C:\Program Files\GMixon
[31/10/2009|17:03] C:\Program Files\Google
[03/05/2009|14:24] C:\Program Files\GP Vs Superbike
[28/02/2008|11:51] C:\Program Files\Hewlett-Packard
[16/12/2007|17:32] C:\Program Files\IMSI
[02/07/2009|21:39] C:\Program Files\InstallJammer Registry
[10/02/2009|11:16] C:\Program Files\InstallShield Installation Information
[28/02/2008|11:53] C:\Program Files\InterActual
[29/08/2009|19:06] C:\Program Files\Internet Explorer
[20/09/2006|11:02] C:\Program Files\ISSENDIS
[11/08/2009|18:43] C:\Program Files\Java
[08/09/2006|02:48] C:\Program Files\Learn2.com
[05/09/2009|18:02] C:\Program Files\Lexmark Toolbar
[13/12/2008|15:24] C:\Program Files\Lexmark Z2300 Series
[03/12/2008|17:04] C:\Program Files\Math Option Dent
[12/12/2008|19:29] C:\Program Files\Messenger
[03/04/2009|18:20] C:\Program Files\Messenger Plus! Live
[01/03/2008|18:15] C:\Program Files\M‚thodes Piano DVD
[14/11/2006|23:36] C:\Program Files\Micro Application
[03/11/2006|18:38] C:\Program Files\Micrografx
[19/12/2008|22:24] C:\Program Files\Microsoft
[08/09/2006|02:48] C:\Program Files\microsoft frontpage
[21/12/2008|17:42] C:\Program Files\Microsoft Office
[02/10/2009|18:52] C:\Program Files\Microsoft Silverlight
[19/12/2008|22:22] C:\Program Files\Microsoft SQL Server Compact Edition
[19/12/2008|22:23] C:\Program Files\Microsoft Sync Framework
[14/11/2006|23:49] C:\Program Files\Microsoft.NET
[12/12/2008|19:25] C:\Program Files\Movie Maker
[08/11/2009|17:07] C:\Program Files\Mozilla Firefox
[06/12/2008|16:22] C:\Program Files\MSECache
[07/09/2006|18:59] C:\Program Files\MSN
[08/09/2006|02:48] C:\Program Files\MSN Gaming Zone
[15/10/2006|21:23] C:\Program Files\MSXML 4.0
[12/12/2008|19:22] C:\Program Files\NetMeeting
[31/10/2009|16:35] C:\Program Files\Nokia
[28/02/2009|19:16] C:\Program Files\Nokia PC Suite 6
[08/09/2006|02:48] C:\Program Files\Norman
[03/01/2009|00:28] C:\Program Files\NOS
[29/09/2006|23:53] C:\Program Files\OFFICE One
[30/09/2006|00:02] C:\Program Files\OFFICE One6.5
[07/10/2006|21:48] C:\Program Files\OfficeUpdate11
[08/09/2006|02:50] C:\Program Files\Online Services
[20/12/2008|17:13] C:\Program Files\Orange
[29/08/2009|18:16] C:\Program Files\OrangeHSS
[12/12/2008|19:22] C:\Program Files\Outlook Express
[14/03/2009|14:45] C:\Program Files\Packard Bell
[14/03/2009|14:56] C:\Program Files\Packard Bell External HDD
[28/02/2009|19:18] C:\Program Files\PC Connectivity Solution
[01/06/2009|20:57] C:\Program Files\PhotoFiltre Studio X
[31/10/2009|16:29] C:\Program Files\PicLensIE
[30/09/2006|00:02] C:\Program Files\Readiris Pro 8
[08/09/2006|02:48] C:\Program Files\Real
[03/11/2006|12:20] C:\Program Files\Saitek
[09/02/2009|19:52] C:\Program Files\Samsung
[07/09/2009|14:47] C:\Program Files\Securitoo
[29/08/2009|11:12] C:\Program Files\Services en ligne
[18/06/2007|18:18] C:\Program Files\SM
[11/02/2009|22:27] C:\Program Files\Sonic
[15/08/2007|09:52] C:\Program Files\THQ
[13/12/2008|17:55] C:\Program Files\trackmania
[07/11/2009|18:46] C:\Program Files\trend micro
[04/04/2007|18:06] C:\Program Files\Ubi Soft
[11/08/2009|21:15] C:\Program Files\Ubisoft
[08/09/2006|02:48] C:\Program Files\Ulead Systems
[08/09/2006|02:48] C:\Program Files\Uninstall Information
[04/10/2006|17:15] C:\Program Files\USBToolbox
[29/06/2007|16:45] C:\Program Files\ValuSoft
[08/09/2006|02:48] C:\Program Files\Viewpoint
[08/03/2009|11:55] C:\Program Files\Vive Dieu
[02/10/2009|18:20] C:\Program Files\Windows Live
[19/12/2008|22:21] C:\Program Files\Windows Live SkyDrive
[19/12/2008|22:24] C:\Program Files\Windows Live Toolbar
[08/09/2006|02:48] C:\Program Files\Windows Media Components
[08/12/2008|16:28] C:\Program Files\Windows Media Connect 2
[12/12/2008|19:22] C:\Program Files\Windows Media Player
[12/12/2008|19:22] C:\Program Files\Windows NT
[08/09/2006|02:48] C:\Program Files\WindowsUpdate
[18/02/2009|22:31] C:\Program Files\WinRAR
[08/09/2006|02:48] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/10/2009|17:43] C:\Program Files\Fichiers communs\Adobe
[07/09/2006|19:32] C:\Program Files\Fichiers communs\AOL
[08/09/2006|02:50] C:\Program Files\Fichiers communs\aolshare
[20/09/2006|11:01] C:\Program Files\Fichiers communs\Borland Shared
[04/12/2006|23:05] C:\Program Files\Fichiers communs\DESIGNER
[30/09/2006|15:58] C:\Program Files\Fichiers communs\DirectX
[05/12/2008|18:56] C:\Program Files\Fichiers communs\France Telecom
[17/09/2006|22:00] C:\Program Files\Fichiers communs\Hewlett-Packard
[04/04/2007|18:04] C:\Program Files\Fichiers communs\InstallShield
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Java
[18/09/2006|11:03] C:\Program Files\Fichiers communs\Logitech
[18/02/2009|19:25] C:\Program Files\Fichiers communs\Microsoft Shared
[05/08/2004|13:00] C:\Program Files\Fichiers communs\Mozilla Shared
[08/09/2006|02:48] C:\Program Files\Fichiers communs\MSSoap
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Nullsoft
[08/09/2006|02:48] C:\Program Files\Fichiers communs\ODBC
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Real
[08/09/2006|02:50] C:\Program Files\Fichiers communs\Services
[24/10/2009|17:56] C:\Program Files\Fichiers communs\Skype
[08/09/2006|02:50] C:\Program Files\Fichiers communs\Sonic Shared
[08/09/2006|02:48] C:\Program Files\Fichiers communs\SpeechEngines
[21/10/2007|16:58] C:\Program Files\Fichiers communs\SureThing Shared
[05/04/2009|17:07] C:\Program Files\Fichiers communs\SWF Studio
[12/12/2008|19:22] C:\Program Files\Fichiers communs\System
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Ulead Systems
[19/12/2008|22:02] C:\Program Files\Fichiers communs\Windows Live
[29/12/2007|16:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[08/09/2006|02:48] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 53 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
D:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
D:\DOCUME~1\PAPA\APPLIC~1\mathop~1
C:\Program Files\mathop~1
D:\DOCUME~1\PAPA\LOCALS~1\Temp\nsd3D.tmp
D:\DOCUME~1\PAPA\LOCALS~1\Temp\NSSstub.txt
D:\DOCUME~1\PAPA\LOCALS~1\Temp\nsy429.tmp
C:\Program Files\Circle Developement
C:\WINDOWS\Tasks\A821B950918A36E8.job
C:\WINDOWS\Tasks\B655D34091924A6C.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag Owns Live Grim"="D:\\Documents and Settings\\All Users\\Application Data\\Software rule flag owns\\CLOSE TRANS.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 17:17:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
folder error: D:\DOCUME~1\PAPA\LOCALS~1\APPLIC~1
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\epasibat.ini
C:\WINDOWS\system32\epasibat.ini2
[b]==> VUNDO <==/b
--------------------\\ ROGUES ..
D:\DOCUME~1\Pauline\APPLIC~1\WinAntiVirus Pro 2006
D:\DOCUME~1\PIERRE~1\APPLIC~1\WinAntiVirus Pro 2006
[F:1587][D:110]-> D:\DOCUME~1\PAPA\LOCALS~1\Temp
[F:30][D:0]-> D:\DOCUME~1\PAPA\Cookies
[F:240][D:8]-> D:\DOCUME~1\PAPA\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 08/11/2009|17:18 - Option : [1]
--------------------\\ Fin du rapport a 17:18:23
RAPPORT SUPPRESSION
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3700+ )
BIOS : BIOS Date: 05/04/05 17:18:45 Ver: 08.00.12
USER : PAPA ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 091108-0] 4.8.1351 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:196 Go (Free:184 Go)
E:\ (CD or DVD)
F:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 08/11/2009|17:19 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - D:\DOCUME~1\PAPA\LOCALS~1\Temp\nsd3D.tmp
Supprime! - D:\DOCUME~1\PAPA\LOCALS~1\Temp\NSSstub.txt
Supprime! - D:\DOCUME~1\PAPA\LOCALS~1\Temp\nsy429.tmp
Supprime! - C:\WINDOWS\Tasks\A821B950918A36E8.job
Supprime! - C:\WINDOWS\Tasks\B655D34091924A6C.job
Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
Supprime! - D:\DOCUME~1\PAPA\APPLIC~1\mathop~1
Supprime! - C:\Program Files\mathop~1
Supprime! - C:\Program Files\Circle Developement
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprime! - C:\Program Files\Viewpoint
Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[06/06/2009|17:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[24/10/2009|20:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/07/2009|18:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AGI
[21/09/2005|12:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[06/06/2009|16:42] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[13/06/2009|21:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[29/09/2006|23:51] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[21/09/2005|12:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[08/03/2009|21:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[11/09/2009|19:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\f-secure
[11/09/2009|18:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[31/10/2009|16:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/11/2009|22:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[31/10/2009|16:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[17/04/2009|15:18] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lexmark Z2300 Series
[26/03/2006|00:23] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[28/02/2006|14:47] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[28/08/2009|19:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2007|20:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[10/07/2006|18:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[12/12/2008|19:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[03/01/2009|00:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[21/09/2005|12:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[01/12/2005|22:12] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[08/03/2009|17:55] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2005|12:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[21/09/2005|21:10] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[24/10/2009|17:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[13/12/2008|17:19] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[21/09/2005|12:36] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11/03/2006|02:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[16/09/2006|00:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[19/12/2008|22:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[22/04/2006|12:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WinSoftware
[03/02/2008|19:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[15/02/2007|18:28] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[08/09/2006|02:54] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[21/09/2005|12:32] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[21/09/2005|12:29] D:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[30/01/2009|19:42] D:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[28/04/2006|20:11] D:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[08/12/2008|18:24] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[06/12/2008|19:52] D:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
[10/07/2006|23:29] D:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft
[29/09/2006|22:07] D:\DOCUME~1\LOCALS~1.000\APPLIC~1\Microsoft
[02/05/2009|16:18] D:\DOCUME~1\LOCALS~1.001\APPLIC~1\agi
[08/03/2009|21:54] D:\DOCUME~1\LOCALS~1.001\APPLIC~1\Microsoft
[21/09/2005|21:10] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/04/2006|17:18] D:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[10/07/2006|23:29] D:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft
[29/09/2006|22:07] D:\DOCUME~1\NETWOR~1.000\APPLIC~1\Microsoft
[15/06/2009|18:30] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\agi
[08/09/2006|02:54] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\Microsoft
[11/03/2009|11:39] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\Mozilla
[17/09/2009|20:43] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\szejamsh
[30/12/2008|15:23] D:\DOCUME~1\PAPA\APPLIC~1\ACD Systems
[09/05/2009|10:08] D:\DOCUME~1\PAPA\APPLIC~1\Adobe
[03/12/2008|16:02] D:\DOCUME~1\PAPA\APPLIC~1\AdobeUM
[31/05/2009|11:08] D:\DOCUME~1\PAPA\APPLIC~1\EoRezo
[07/09/2009|15:19] D:\DOCUME~1\PAPA\APPLIC~1\F-Secure
[03/12/2008|15:56] D:\DOCUME~1\PAPA\APPLIC~1\Google
[15/03/2009|12:44] D:\DOCUME~1\PAPA\APPLIC~1\Icone
[08/09/2006|02:54] D:\DOCUME~1\PAPA\APPLIC~1\Identities
[01/05/2009|18:23] D:\DOCUME~1\PAPA\APPLIC~1\Macromedia
[16/04/2009|10:42] D:\DOCUME~1\PAPA\APPLIC~1\Microsoft
[11/09/2009|17:39] D:\DOCUME~1\PAPA\APPLIC~1\Mozilla
[28/02/2009|19:56] D:\DOCUME~1\PAPA\APPLIC~1\Nokia
[01/01/2009|19:03] D:\DOCUME~1\PAPA\APPLIC~1\OD2
[28/02/2009|19:56] D:\DOCUME~1\PAPA\APPLIC~1\PC Suite
[21/12/2008|17:08] D:\DOCUME~1\PAPA\APPLIC~1\Real
[08/11/2009|17:07] D:\DOCUME~1\PAPA\APPLIC~1\Skype
[08/11/2009|17:06] D:\DOCUME~1\PAPA\APPLIC~1\skypePM
[24/04/2009|18:33] D:\DOCUME~1\PAPA\APPLIC~1\Sun
[05/12/2008|18:15] D:\DOCUME~1\PAPA\APPLIC~1\Symantec
[11/09/2009|18:33] D:\DOCUME~1\PAPA\APPLIC~1\szejamsh
[08/06/2009|16:26] D:\DOCUME~1\PAPA\APPLIC~1\TeamViewer
[03/12/2008|16:43] D:\DOCUME~1\PAPA\APPLIC~1\Ulead Systems
[21/09/2005|12:29] D:\DOCUME~1\PAPA\APPLIC~1\You've Got Pictures Screensaver
[20/12/2005|17:54] D:\DOCUME~1\Pauline\APPLIC~1\ACD Systems
[23/08/2006|15:38] D:\DOCUME~1\Pauline\APPLIC~1\Adobe
[08/12/2005|22:42] D:\DOCUME~1\Pauline\APPLIC~1\AdobeUM
[19/11/2005|22:11] D:\DOCUME~1\Pauline\APPLIC~1\CyberLink
[23/08/2006|15:51] D:\DOCUME~1\Pauline\APPLIC~1\DataLayer
[13/12/2005|22:24] D:\DOCUME~1\Pauline\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[13/12/2005|22:24] D:\DOCUME~1\Pauline\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[31/07/2006|16:00] D:\DOCUME~1\Pauline\APPLIC~1\HbTools
[01/12/2005|22:30] D:\DOCUME~1\Pauline\APPLIC~1\Help
[30/09/2005|06:12] D:\DOCUME~1\Pauline\APPLIC~1\Identities
[20/12/2005|13:47] D:\DOCUME~1\Pauline\APPLIC~1\Leadertech
[30/09/2005|06:12] D:\DOCUME~1\Pauline\APPLIC~1\Macromedia
[26/06/2006|18:47] D:\DOCUME~1\Pauline\APPLIC~1\Microsoft
[20/08/2006|20:41] D:\DOCUME~1\Pauline\APPLIC~1\MobileAction
[23/08/2006|15:51] D:\DOCUME~1\Pauline\APPLIC~1\Nokia
[23/08/2006|16:09] D:\DOCUME~1\Pauline\APPLIC~1\Nokia Multimedia Player
[08/01/2006|00:54] D:\DOCUME~1\Pauline\APPLIC~1\Norman
[01/12/2005|22:07] D:\DOCUME~1\Pauline\APPLIC~1\OD2
[07/09/2006|18:00] D:\DOCUME~1\Pauline\APPLIC~1\OFFICE One v6
[23/08/2006|15:48] D:\DOCUME~1\Pauline\APPLIC~1\PC Suite
[17/12/2005|17:28] D:\DOCUME~1\Pauline\APPLIC~1\Real
[19/11/2005|23:20] D:\DOCUME~1\Pauline\APPLIC~1\Skype
[20/12/2005|13:51] D:\DOCUME~1\Pauline\APPLIC~1\Sonic
[14/12/2005|00:23] D:\DOCUME~1\Pauline\APPLIC~1\Sun
[24/01/2006|23:16] D:\DOCUME~1\Pauline\APPLIC~1\Symantec
[22/11/2005|21:45] D:\DOCUME~1\Pauline\APPLIC~1\Ulead Systems
[24/04/2006|21:54] D:\DOCUME~1\Pauline\APPLIC~1\WinAntiVirus Pro 2006
[30/09/2005|06:12] D:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
[17/09/2006|22:45] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\ACD Systems
[07/09/2006|18:20] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\Adobe
[07/09/2006|20:01] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\AdobeUM
[17/09/2006|21:33] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\CyberLink
[17/09/2006|22:00] D:\DOCUME~1\PAULIN~1.104\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[27/08/2006|11:26] D:\DOCUME~1\PIERRE~1\APPLIC~1\Adobe
[20/11/2005|15:38] D:\DOCUME~1\PIERRE~1\APPLIC~1\CyberLink
[14/12/2005|13:42] D:\DOCUME~1\PIERRE~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[19/12/2005|17:22] D:\DOCUME~1\PIERRE~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[31/07/2006|11:45] D:\DOCUME~1\PIERRE~1\APPLIC~1\HbTools
[11/01/2006|14:01] D:\DOCUME~1\PIERRE~1\APPLIC~1\Help
[30/09/2005|06:12] D:\DOCUME~1\PIERRE~1\APPLIC~1\Identities
[01/04/2006|18:58] D:\DOCUME~1\PIERRE~1\APPLIC~1\InterTrust
[30/09/2005|06:12] D:\DOCUME~1\PIERRE~1\APPLIC~1\Macromedia
[06/09/2006|11:05] D:\DOCUME~1\PIERRE~1\APPLIC~1\Microsoft
[06/02/2006|18:33] D:\DOCUME~1\PIERRE~1\APPLIC~1\MSNInstaller
[26/04/2006|16:46] D:\DOCUME~1\PIERRE~1\APPLIC~1\OD2
[07/09/2006|18:01] D:\DOCUME~1\PIERRE~1\APPLIC~1\OFFICE One v6
[23/08/2006|17:41] D:\DOCUME~1\PIERRE~1\APPLIC~1\PC Suite
[07/02/2006|19:08] D:\DOCUME~1\PIERRE~1\APPLIC~1\Real
[04/07/2006|14:19] D:\DOCUME~1\PIERRE~1\APPLIC~1\report
[13/06/2006|17:07] D:\DOCUME~1\PIERRE~1\APPLIC~1\ShopperReports
[19/11/2005|12:22] D:\DOCUME~1\PIERRE~1\APPLIC~1\Skype
[23/02/2006|14:56] D:\DOCUME~1\PIERRE~1\APPLIC~1\Sun
[19/11/2005|12:22] D:\DOCUME~1\PIERRE~1\APPLIC~1\Symantec
[17/12/2005|20:33] D:\DOCUME~1\PIERRE~1\APPLIC~1\Ulead Systems
[25/04/2006|12:55] D:\DOCUME~1\PIERRE~1\APPLIC~1\WinAntiVirus Pro 2006
[30/09/2005|06:12] D:\DOCUME~1\PIERRE~1\APPLIC~1\You've Got Pictures Screensaver
[27/08/2009|21:15] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Adobe
[05/11/2009|15:37] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Identities
[27/08/2009|20:57] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Macromedia
[31/10/2009|16:29] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Microsoft
[11/09/2009|19:43] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Mozilla
[28/08/2009|18:59] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\OD2
[05/11/2009|15:44] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\PhotoFiltre Studio X
[20/09/2009|20:25] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Real
[20/09/2009|18:39] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Samsung
[31/10/2009|22:48] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Skype
[31/10/2009|16:46] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\skypePM
[28/08/2009|20:50] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Sun
[21/09/2005|12:32] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Symantec
[20/09/2009|17:55] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\szejamsh
[28/08/2009|11:42] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\Windows Live Writer
[31/08/2009|16:54] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\WinRAR
[21/09/2005|12:29] D:\DOCUME~1\PIERRE~1.104\APPLIC~1\You've Got Pictures Screensaver
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[07/11/2009 21:15][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{5DC87CFA-E920-4800-B9C1-0C62D34AB15C}.job
[08/11/2009 17:05][--ah-----] C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[08/11/2009 17:11][--a------] C:\WINDOWS\tasks\NSSstub.job
[02/11/2009 19:30][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/11/2009 14:57][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[08/11/2009 17:00][--a------] C:\WINDOWS\tasks\Configurer mon PC.job
[08/11/2009 14:24][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[12/09/2009|17:09] C:\Program Files\A360
[10/02/2009|14:05] C:\Program Files\ACD Systems
[10/04/2009|22:17] C:\Program Files\Adobe
[06/07/2009|18:39] C:\Program Files\AGI
[12/09/2009|16:57] C:\Program Files\Alwil Software
[08/09/2006|02:48] C:\Program Files\AMD
[06/06/2009|16:43] C:\Program Files\Apple Software Update
[11/01/2009|15:48] C:\Program Files\Bitmanagement Software
[06/06/2009|17:44] C:\Program Files\Bonjour
[13/12/2008|17:56] C:\Program Files\Common Files
[08/09/2006|02:48] C:\Program Files\ComPlus Applications
[08/09/2006|02:48] C:\Program Files\CyberLink
[28/02/2009|19:18] C:\Program Files\DIFX
[04/04/2007|21:26] C:\Program Files\directx
[04/01/2008|15:39] C:\Program Files\EA GAMES
[02/01/2009|16:37] C:\Program Files\Electronic Arts
[10/02/2009|12:35] C:\Program Files\eMule
[17/10/2006|21:53] C:\Program Files\EZFace
[31/10/2009|16:35] C:\Program Files\Fichiers communs
[13/12/2008|17:56] C:\Program Files\GameSpy Arcade
[08/09/2006|02:48] C:\Program Files\GMixon
[31/10/2009|17:03] C:\Program Files\Google
[03/05/2009|14:24] C:\Program Files\GP Vs Superbike
[28/02/2008|11:51] C:\Program Files\Hewlett-Packard
[16/12/2007|17:32] C:\Program Files\IMSI
[02/07/2009|21:39] C:\Program Files\InstallJammer Registry
[10/02/2009|11:16] C:\Program Files\InstallShield Installation Information
[28/02/2008|11:53] C:\Program Files\InterActual
[29/08/2009|19:06] C:\Program Files\Internet Explorer
[20/09/2006|11:02] C:\Program Files\ISSENDIS
[11/08/2009|18:43] C:\Program Files\Java
[08/09/2006|02:48] C:\Program Files\Learn2.com
[05/09/2009|18:02] C:\Program Files\Lexmark Toolbar
[13/12/2008|15:24] C:\Program Files\Lexmark Z2300 Series
[12/12/2008|19:29] C:\Program Files\Messenger
[03/04/2009|18:20] C:\Program Files\Messenger Plus! Live
[01/03/2008|18:15] C:\Program Files\M‚thodes Piano DVD
[14/11/2006|23:36] C:\Program Files\Micro Application
[03/11/2006|18:38] C:\Program Files\Micrografx
[19/12/2008|22:24] C:\Program Files\Microsoft
[08/09/2006|02:48] C:\Program Files\microsoft frontpage
[21/12/2008|17:42] C:\Program Files\Microsoft Office
[02/10/2009|18:52] C:\Program Files\Microsoft Silverlight
[19/12/2008|22:22] C:\Program Files\Microsoft SQL Server Compact Edition
[19/12/2008|22:23] C:\Program Files\Microsoft Sync Framework
[14/11/2006|23:49] C:\Program Files\Microsoft.NET
[12/12/2008|19:25] C:\Program Files\Movie Maker
[08/11/2009|17:07] C:\Program Files\Mozilla Firefox
[06/12/2008|16:22] C:\Program Files\MSECache
[07/09/2006|18:59] C:\Program Files\MSN
[08/09/2006|02:48] C:\Program Files\MSN Gaming Zone
[15/10/2006|21:23] C:\Program Files\MSXML 4.0
[12/12/2008|19:22] C:\Program Files\NetMeeting
[31/10/2009|16:35] C:\Program Files\Nokia
[28/02/2009|19:16] C:\Program Files\Nokia PC Suite 6
[08/09/2006|02:48] C:\Program Files\Norman
[03/01/2009|00:28] C:\Program Files\NOS
[29/09/2006|23:53] C:\Program Files\OFFICE One
[30/09/2006|00:02] C:\Program Files\OFFICE One6.5
[07/10/2006|21:48] C:\Program Files\OfficeUpdate11
[08/09/2006|02:50] C:\Program Files\Online Services
[20/12/2008|17:13] C:\Program Files\Orange
[29/08/2009|18:16] C:\Program Files\OrangeHSS
[12/12/2008|19:22] C:\Program Files\Outlook Express
[14/03/2009|14:45] C:\Program Files\Packard Bell
[14/03/2009|14:56] C:\Program Files\Packard Bell External HDD
[28/02/2009|19:18] C:\Program Files\PC Connectivity Solution
[01/06/2009|20:57] C:\Program Files\PhotoFiltre Studio X
[31/10/2009|16:29] C:\Program Files\PicLensIE
[30/09/2006|00:02] C:\Program Files\Readiris Pro 8
[08/09/2006|02:48] C:\Program Files\Real
[03/11/2006|12:20] C:\Program Files\Saitek
[09/02/2009|19:52] C:\Program Files\Samsung
[07/09/2009|14:47] C:\Program Files\Securitoo
[29/08/2009|11:12] C:\Program Files\Services en ligne
[18/06/2007|18:18] C:\Program Files\SM
[11/02/2009|22:27] C:\Program Files\Sonic
[15/08/2007|09:52] C:\Program Files\THQ
[13/12/2008|17:55] C:\Program Files\trackmania
[07/11/2009|18:46] C:\Program Files\trend micro
[04/04/2007|18:06] C:\Program Files\Ubi Soft
[11/08/2009|21:15] C:\Program Files\Ubisoft
[08/09/2006|02:48] C:\Program Files\Ulead Systems
[08/09/2006|02:48] C:\Program Files\Uninstall Information
[04/10/2006|17:15] C:\Program Files\USBToolbox
[29/06/2007|16:45] C:\Program Files\ValuSoft
[08/03/2009|11:55] C:\Program Files\Vive Dieu
[02/10/2009|18:20] C:\Program Files\Windows Live
[19/12/2008|22:21] C:\Program Files\Windows Live SkyDrive
[19/12/2008|22:24] C:\Program Files\Windows Live Toolbar
[08/09/2006|02:48] C:\Program Files\Windows Media Components
[08/12/2008|16:28] C:\Program Files\Windows Media Connect 2
[12/12/2008|19:22] C:\Program Files\Windows Media Player
[12/12/2008|19:22] C:\Program Files\Windows NT
[08/09/2006|02:48] C:\Program Files\WindowsUpdate
[18/02/2009|22:31] C:\Program Files\WinRAR
[08/09/2006|02:48] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/10/2009|17:43] C:\Program Files\Fichiers communs\Adobe
[07/09/2006|19:32] C:\Program Files\Fichiers communs\AOL
[08/09/2006|02:50] C:\Program Files\Fichiers communs\aolshare
[20/09/2006|11:01] C:\Program Files\Fichiers communs\Borland Shared
[04/12/2006|23:05] C:\Program Files\Fichiers communs\DESIGNER
[30/09/2006|15:58] C:\Program Files\Fichiers communs\DirectX
[05/12/2008|18:56] C:\Program Files\Fichiers communs\France Telecom
[17/09/2006|22:00] C:\Program Files\Fichiers communs\Hewlett-Packard
[04/04/2007|18:04] C:\Program Files\Fichiers communs\InstallShield
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Java
[18/09/2006|11:03] C:\Program Files\Fichiers communs\Logitech
[18/02/2009|19:25] C:\Program Files\Fichiers communs\Microsoft Shared
[05/08/2004|13:00] C:\Program Files\Fichiers communs\Mozilla Shared
[08/09/2006|02:48] C:\Program Files\Fichiers communs\MSSoap
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Nullsoft
[08/09/2006|02:48] C:\Program Files\Fichiers communs\ODBC
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Real
[08/09/2006|02:50] C:\Program Files\Fichiers communs\Services
[24/10/2009|17:56] C:\Program Files\Fichiers communs\Skype
[08/09/2006|02:50] C:\Program Files\Fichiers communs\Sonic Shared
[08/09/2006|02:48] C:\Program Files\Fichiers communs\SpeechEngines
[21/10/2007|16:58] C:\Program Files\Fichiers communs\SureThing Shared
[05/04/2009|17:07] C:\Program Files\Fichiers communs\SWF Studio
[12/12/2008|19:22] C:\Program Files\Fichiers communs\System
[08/09/2006|02:48] C:\Program Files\Fichiers communs\Ulead Systems
[19/12/2008|22:02] C:\Program Files\Fichiers communs\Windows Live
[29/12/2007|16:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[08/09/2006|02:48] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 53 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 17:22:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
folder error: D:\DOCUME~1\PAPA\LOCALS~1\APPLIC~1
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\epasibat.ini
C:\WINDOWS\system32\epasibat.ini2
[b]==> VUNDO <==/b
--------------------\\ ROGUES ..
D:\DOCUME~1\Pauline\APPLIC~1\WinAntiVirus Pro 2006
D:\DOCUME~1\PIERRE~1\APPLIC~1\WinAntiVirus Pro 2006
[F:1584][D:108]-> D:\DOCUME~1\PAPA\LOCALS~1\Temp
[F:30][D:0]-> D:\DOCUME~1\PAPA\Cookies
[F:242][D:8]-> D:\DOCUME~1\PAPA\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 08/11/2009|17:18 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 08/11/2009|17:23 - Option : [2]
--------------------\\ Fin du rapport a 17:23:14
RAPPORT DE malwarebyte
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3126
Windows 5.1.2600 Service Pack 3
08/11/2009 18:31:53
mbam-log-2009-11-08 (18-31-53).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 270424
Temps écoulé: 1 hour(s), 2 minute(s), 33 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 23
Processus mémoire infecté(s):
D:\Documents and Settings\PAPA\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\aedhjqj.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{624a6aaf-d5cb-42f2-864b-0632e1e8e099} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ciztrbsy (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{624a6aaf-d5cb-42f2-864b-0632e1e8e099} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gymdzqqx (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gymdzqqx (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gymdzqqx (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gymdzqqx (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{624a6aaf-d5cb-42f2-864b-0632e1e8e099} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\office one 450 fonts_is1 (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\medomafiha (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3ce72f6f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3fd41cf3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
D:\Documents and Settings\Pauline\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pauline\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pierre-Henri\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pierre-Henri\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\aedhjqj.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\Documents and Settings\PAPA\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qpyhw5ce.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vftjoqy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wujeluhe.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fihasine.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Documents and Settings\PAPA\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
D:\Documents and Settings\pierre-henri.1040402203196\Mes documents\srm_free_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pauline\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pauline\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pauline\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pauline\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pierre-Henri\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pierre-Henri\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\Pierre-Henri\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\aqrts.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\asakvg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\fbjw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\kinkerc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
A+
-
-
remets un rapport rsit pour vérifier
je me mets ceci de coté
C:\WINDOWS\system32\epasibat.ini
C:\WINDOWS\system32\epasibat.ini2 -
slt,
voici le rapport RSIT.
en tout cas lorsque que j'ai allumer le PC je n'avait plus ce message d'erreur. est-ce que toutes les manipulations éffectué précédemment sont à faire régulièrement? il y a t-il quelque chose à faire pour que ça se reproduit pas à nouveau?
Logfile of random's system information tool 1.06 (written by random/random)
Run by PAPA at 2009-11-14 13:27:53
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 2 GB (7%) free of 31 GB
Total RAM: 1023 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:03, on 14/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\APPS\skype\Phone\Skype.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\APPS\skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\PAPA\Bureau\RSIT.exe
C:\Program Files\trend micro\PAPA.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {624A6AAF-D5CB-42F2-864B-0632E1E8E099} - c:\windows\system32\aedhjqj.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
O4 - HKLM\..\Run: [lxdpamon] "C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [medomafiha] Rundll32.exe "C:\WINDOWS\system32\tenugizu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qhfpag.dll C:\WINDOWS\system32\vodewenu.dll c:\windows\system32\likebowa.dll c:\windows\system32\temekatu.dll
O20 - Winlogon Notify: ciztrbsy - C:\WINDOWS\SYSTEM32\aedhjqj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
