Trojan Downloader Renos.jm Help me please!!

Résolu
glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour à tous,

J'ai été infecté par un trojan downloader Renos.jm et je n'arrive pas à le faire partir avec Malwarebytes..j'ai essayé de faire un scan en mode échec, il me trouve à chaque fois de nouveaux fichiers infectés, je les supprime et windows defender trouve toujours ce virus...je réeffectue un scan et toujours la même chose..quelqu'un peut t-il m'aider svp?
Configuration: Windows Vista
Firefox 3.5.7

15 réponses

  1. Utilisateur anonyme
     
    Bonjour

    • Télécharge rsit outil de diagnostic afin d'identifier les divers infections: http://images.malwareremoval.com/random/RSIT.exe
    * Sous XP : double-cliquez sur RSIT.exe pour lancer l'outil.
    * Si vous êtes sous vista vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
    • Double clique sur RSIT.exe pour lancer l'outil.
    • Clique sur 'Continue' à l'écran Disclaimer.
    • Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    • Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
    ( C:\RSIT\log.txt et C:\RSIT\info.txt )
    • CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
    0
  2. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
     
    Merci de me répondre si vite! voici le contenu du premier rapport,le second rapport est plus bas:

    Premier rapport

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by dany at 2010-01-24 11:20:17
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
    System drive C: has 6 GB (7%) free of 85 GB
    Total RAM: 1790 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:20:40, on 24/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\VMware\VMware Workstation\hqtray.exe
    C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\dany\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\explorer.exe
    D:\telechargements\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\dany.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [OA004Cfg.exe] OA004Cfg.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
    O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
    O4 - HKLM\..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Google Update] "C:\Users\dany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BMIMZMHMFM] C:\Users\dany\AppData\Local\Temp\Kvr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{86BB3648-3355-4386-8553-A45C10CBD218}: NameServer = 213.166.201.1,213.166.201.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9b29d9527f0b3) (gupdate1c9b29d9527f0b3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  3. Utilisateur anonyme
     
    Pas mal d'infections

    • Télécharge :https://www.superantispyware.com/
    • Choisis "enregistrer" et enregistre-le sur ton bureau.
    • Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
    • Créé une icône sur le bureau.
    • Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
    • Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    • Sous Configuration and Preferences, clique sur le bouton "Preferences"
    • Clique sur l'onglet "Scanning Control "
    • Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining
    • Laisse les autres lignes décochées.
    • Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
    • Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
    • Dans la colonne de gauche, coche C:\Fixed Drive.
    • Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
    • Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
    • A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
    • Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
    • Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
    • Pour recopier les informations sur le forum, fais ceci :
    • après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    • Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
    • Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
    • Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
    • Copie son contenu dans ta réponse.
    • Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
    https://www.malekal.com/?s=SUPERAntiSpyware

    0
  4. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
     
    Salut après 4h de scan,voici le log généré avec SuperAntiSpyware:

    SUPERAntiSpyware Scan Log
    https://www.superantispyware.com/

    Generated 01/24/2010 at 05:39 PM

    Application Version : 4.33.1000

    Core Rules Database Version : 4511
    Trace Rules Database Version: 2323

    Scan type : Complete Scan
    Total Scan Time : 04:18:48

    Memory items scanned : 535
    Memory threats detected : 0
    Registry items scanned : 9594
    Registry threats detected : 1
    File items scanned : 69641
    File threats detected : 4168

    Trojan.Agent/Gen-CDesc[X]
    [BMIMZMHMFM] C:\USERS\DANY\APPDATA\LOCAL\TEMP\KVR.EXE
    C:\USERS\DANY\APPDATA\LOCAL\TEMP\KVR.EXE
    C:\USERS\DANY\APPDATA\LOCAL\TEMP\KVQ.EXE

    Adware.Tracking Cookie
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@xfy5f399718f2ab88404ee9b92a26237ff3.logv143.xiti.com.id175974.xdir[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adprotraffic[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@content.yieldmanager[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ad.yieldmanager[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@hardsextube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.xxxautomat[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@bluestreak[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@apmebf[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@overture[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@2006.stats.stats[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@toplist[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@hotfuckbook[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pornhub[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@porn.vidz[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@hisexgirls[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@774.stats.misstrends[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@eas.apm.emediate[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@fireporno[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.pornflashmovies[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@interflora2.solution.weborama[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@track.effiliation[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.tubeporngigs[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@momspornmovies[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.sexogolic[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@advertising[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.whaleads[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.search-torrent[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@double-sexe[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.crakmedia[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adserver.aol[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.spartateen[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adcount.70yx[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@bigmilfporno[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@counter3.sextracker[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@homemadesextube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@content.yieldmanager[4].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@sextracker[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@onpornstar[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.eroticteentube[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.gladteen[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@d2.advertserve[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@statcounter[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@t.bbtrack[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@tsprotraffic[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.gamersmedia[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ad2.doublepimp[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.ideal-teens[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.fuck[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@818.stats.misstrends[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@smartadserver[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@content.yieldmanager[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@exoclick[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ts.protraffic[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@yourmedia[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@summerlashayxxx[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.moncv[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ero-advertising[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@nextag[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@bluestreak[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@serving-sys[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.teensnow[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@1559.stats.misstrends[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@tradedoubler[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.pornhub[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@xxxcounter[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@traffic.uusee[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pornotesao[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@fullsexmovies[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.keepteens[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.eroticteentube[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.selfishteens[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@mmedia.t134[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@247realmedia[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@trafficholder[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@icesexgirl[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@2056.stats.misstrends[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adfarm1.adition[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ad.proxad[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@1734.stats.misstrends[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@mediaffiliation[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@doubleclick[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adserving.aedgency[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@imrworldwide[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adserver.hardsextube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@russian-porntube[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@1936.stats.stats[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.ad4game[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ad.weblogy[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@media6degrees[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adtech[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@sexlist[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@rm.piximedia[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@milfporn[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@banner.eurogrand[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.adgo-online[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@xiti[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@youporn[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@atdmt[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@content.yieldmanager[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@stat.ppstream[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@smartadserver[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.sexittender[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@toplist[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@madfucktube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@sexothumbs[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@tube1sex[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@663.stats.misstrends[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@atdmt[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@galleries.adult-empire[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.milfporn[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@bigsexshok[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.sexogolic[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.idealsexy[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@dev.hardsextube[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pornattitude[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ad.zanox[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.hardsextube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ad.yieldmanager[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@maturelikesex[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@yadro[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@tubeporngigs[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.sexmummy[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adxpansion[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@counter15.sextracker[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@abysspornstars[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pornhost[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@teenietube[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@fuck[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@sexgoldtube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.fullsexmovies[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@russianpornoxxx[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@questionmarket[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@zedo[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pornflashmovies[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@18freshteenies[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@xm.xtendmedia[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.pornotesao[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@1914.finditquickad[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.adultadvertising[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pointroll[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@fuckedteeny[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@gladteen[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@zbox.zanox[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.sexothumbs[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.hardteentube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@free.pornflashmovies[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.deenero[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adultfriendfinder[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@clickpayz10.91457.blueseek[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.madfucktube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@brightpornstars[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.teenartphotos[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.18freshteenies[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.drunkfucking[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@shop.zanox[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@xxx4u[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@mediaplex[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.teeniepornotube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.pornblues[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.onpornstar[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pornmomsxxx[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ideal-teens[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@yporn[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@pornteensmovies[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ads.pointroll[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@weborama[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adbrite[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@teensnow[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@reduxmedia[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@sexsilvertube[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@abyssteens[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@wt.sexsearchcom[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.sexyfatdaily[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@maturelikesex[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@galleries1.adult-empire[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@www.onpornstar[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@beeporn[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@zanox[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@russian-porntube[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@ad.zanox[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@advertising[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@adviva[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@exoclick[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\dany@zedo[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\Low\dany@ads.operadormovilsms[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\Low\dany@www.googleadservices[1].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\Low\dany@www.googleadservices[2].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\Low\dany@www.googleadservices[3].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\Low\dany@www.googleadservices[4].txt
    C:\Users\dany\AppData\Roaming\Microsoft\Windows\Cookies\Low\dany@yourmedia[1].txt

    Trojan.Agent/Gen
    C:\Program Files\SYS\fonts\ttf\cm\cmb10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbsy10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbsy6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbsy7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbsy8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbsy9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbx10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbx12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbx5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbx6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbx7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbx8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbx9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbxsl10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmbxti10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmcsc10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmcsc8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmcsc9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmdunh10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmex10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmex7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmex8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmex9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmff10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmfi10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmfib8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cminch.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmitt10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmi10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmi12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmi5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmi6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmi7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmi8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmi9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmib10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmib6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmib7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmib8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmmib9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr17.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmr9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsl10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsl12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsl8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsl9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsltt10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmss10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmss12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmss17.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmss8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmss9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssbx10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssdc10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssi10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssi12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssi17.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssi8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssi9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssq8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmssqi8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsy10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsy5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsy6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsy7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsy8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmsy9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtcsc10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtex10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtex8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtex9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmti10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmti12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmti7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmti8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmti9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtt10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtt12.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtt8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmtt9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmu10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\cmvtt10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\euex10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\euex7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\euex8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\euex9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufb10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufb5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufb6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufb7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufb8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufb9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufm10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufm5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufm6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufm7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufm8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eufm9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurb10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurb5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurb6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurb7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurb8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurb9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurm10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurm5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurm6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurm7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurm8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eurm9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusb10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusb5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusb6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusb7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusb8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusb9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusm10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusm5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusm6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusm7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusm8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\eusm9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msam10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msam5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msam6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msam7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msam8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msam9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msbm10.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msbm5.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msbm6.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msbm7.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msbm8.ttf
    C:\Program Files\SYS\fonts\ttf\cm\msbm9.ttf
    C:\Program Files\SYS\fonts\ttf\cm\README
    C:\Program Files\SYS\fonts\ttf\cm
    C:\Program Files\SYS\fonts\ttf
    C:\Program Files\SYS\fonts\type1\cm\cmb10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmb10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbsy10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbsy10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbx10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbx10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbx12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbx12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbx5.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbx5.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbx6.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbx6.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbx7.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbx7.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbx8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbx8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbx9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbx9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbxsl10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbxsl10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmbxti10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmbxti10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmcsc10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmcsc10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmdunh10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmdunh10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmex10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmex10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmff10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmff10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmfi10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmfi10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmfib8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmfib8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cminch.pfb
    C:\Program Files\SYS\fonts\type1\cm\cminch.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmitt10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmitt10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmi10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmi10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmi12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmi12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmi5.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmi5.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmi6.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmi6.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmi7.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmi7.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmi8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmi8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmi9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmi9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmmib10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmmib10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr17.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr17.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr5.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr5.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr6.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr6.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr7.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr7.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmr9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmr9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsl10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsl10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsl12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsl12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsl8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsl8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsl9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsl9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsltt10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsltt10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmss10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmss10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmss12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmss12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmss17.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmss17.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmss8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmss8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmss9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmss9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssbx10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssbx10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssdc10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssdc10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssi10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssi10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssi12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssi12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssi17.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssi17.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssi8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssi8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssi9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssi9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssq8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssq8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmssqi8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmssqi8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsy10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsy10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsy5.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsy5.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsy6.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsy6.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsy7.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsy7.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsy8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsy8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmsy9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmsy9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtcsc10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtcsc10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtex10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtex10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtex8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtex8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtex9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtex9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmti10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmti10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmti12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmti12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmti7.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmti7.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmti8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmti8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmti9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmti9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtt10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtt10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtt12.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtt12.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtt8.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtt8.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmtt9.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmtt9.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmu10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmu10.pfm
    C:\Program Files\SYS\fonts\type1\cm\cmvtt10.pfb
    C:\Program Files\SYS\fonts\type1\cm\cmvtt10.pfm
    C:\Program Files\SYS\fonts\type1\cm\lasy10.pfb
    C:\Program Files\SYS\fonts\type1\cm\lasy10.pfm
    C:\Program Files\SYS\fonts\type1\cm\lasy5.pfb
    C:\Program Files\SYS\fonts\type1\cm\lasy5.pfm
    C:\Program Files\SYS\fonts\type1\cm\lasy6.pfb
    C:\Program Files\SYS\fonts\type1\cm\lasy6.pfm
    C:\Program Files\SYS\fonts\type1\cm\lasy7.pfb
    C:\Program Files\SYS\fonts\type1\cm\lasy7.pfm
    C:\Program Files\SYS\fonts\type1\cm\lasy8.pfb
    C:\Program Files\SYS\fonts\type1\cm\lasy8.pfm
    C:\Program Files\SYS\fonts\type1\cm\lasy9.pfb
    C:\Program Files\SYS\fonts\type1\cm\lasy9.pfm
    C:\Program Files\SYS\fonts\type1\cm\lasyb10.pfb
    C:\Program Files\SYS\fonts\type1\cm\lasyb10.pfm
    C:\Program Files\SYS\fonts\type1\cm\lcircle1.pfb
    C:\Program Files\SYS\fonts\type1\cm\lcircle1.pfm
    C:\Program Files\SYS\fonts\type1\cm\lcirclew.pfb
    C:\Program Files\SYS\fonts\type1\cm\lcirclew.pfm
    C:\Program Files\SYS\fonts\type1\cm\lcmss8.pfb
    C:\Program Files\SYS\fonts\type1\cm\lcmss8.pfm
    C:\Program Files\SYS\fonts\type1\cm\lcmssb8.pfb
    C:\Program Files\SYS\fonts\type1\cm\lcmssb8.pfm
    C:\Program Files\SYS\fonts\type1\cm\lcmssi8.pfb
    C:\Program Files\SYS\fonts\type1\cm\lcmssi8.pfm
    C:\Program Files\SYS\fonts\type1\cm\line10.pfb
    C:\Program Files\SYS\fonts\type1\cm\line10.pfm
    C:\Program Files\SYS\fonts\type1\cm\linew10.pfb
    C:\Program Files\SYS\fonts\type1\cm\linew10.pfm
    C:\Program Files\SYS\fonts\type1\cm\logo10.pfb
    C:\Program Files\SYS\fonts\type1\cm\logo10.pfm
    C:\Program Files\SYS\fonts\type1\cm\logo8.pfb
    C:\Program Files\SYS\fonts\type1\cm\logo8.pfm
    C:\Program Files\SYS\fonts\type1\cm\logo9.pfb
    C:\Program Files\SYS\fonts\type1\cm\logo9.pfm
    C:\Program Files\SYS\fonts\type1\cm\logobf10.pfb
    C:\Program Files\SYS\fonts\type1\cm\logobf10.pfm
    C:\Program Files\SYS\fonts\type1\cm\logosl10.pfb
    C:\Program Files\SYS\fonts\type1\cm\logosl10.pfm
    C:\Program Files\SYS\fonts\type1\cm\README
    C:\Program Files\SYS\fonts\type1\cm
    C:\Program Files\SYS\fonts\type1
    C:\Program Files\SYS\fonts
    C:\Program Files\SYS\gs8x\fonts\bodish__.pfb
    C:\Program Files\SYS\gs8x\fonts\bodsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\bolish__.pfb
    C:\Program Files\SYS\gs8x\fonts\bolsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\cobosh__.pfb
    C:\Program Files\SYS\gs8x\fonts\cobsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\coosh___.pfb
    C:\Program Files\SYS\gs8x\fonts\cosh____.pfb
    C:\Program Files\SYS\gs8x\fonts\fobosh__.pfb
    C:\Program Files\SYS\gs8x\fonts\fobsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\fodosh__.pfb
    C:\Program Files\SYS\gs8x\fonts\fodsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\Fontmap
    C:\Program Files\SYS\gs8x\fonts\goth-21ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-22ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-23ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-24ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-25ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-26ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-27ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-28ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-30ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-31ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-32ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-33ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-34ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-35ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-36ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-37ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-38ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-39ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-3aku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-3bku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-3cku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-3dku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-3eku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-3fku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-40ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-41ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-42ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-43ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-44ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-45ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-46ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-47ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-48ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-49ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-4aku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-4bku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-4cku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-4dku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-4eku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-4fku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-50ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-51ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-52ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-53ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-54ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-55ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-56ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-57ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-58ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-59ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-5aku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-5bku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-5cku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-5dku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-5eku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-5fku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-60ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-61ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-62ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-63ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-64ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-65ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-66ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-67ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-68ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-69ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-6aku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-6bku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-6cku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-6dku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-6eku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-6fku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-70ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-71ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-72ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-73ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth-74ku.gsf
    C:\Program Files\SYS\gs8x\fonts\goth.gsf
    C:\Program Files\SYS\gs8x\fonts\hebosh__.pfb
    C:\Program Files\SYS\gs8x\fonts\hebsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\henbosh_.pfb
    C:\Program Files\SYS\gs8x\fonts\henbsh__.pfb
    C:\Program Files\SYS\gs8x\fonts\henosh__.pfb
    C:\Program Files\SYS\gs8x\fonts\hensh___.pfb
    C:\Program Files\SYS\gs8x\fonts\heosh___.pfb
    C:\Program Files\SYS\gs8x\fonts\hesh____.pfb
    C:\Program Files\SYS\gs8x\fonts\lapbish_.pfb
    C:\Program Files\SYS\gs8x\fonts\lapbsh__.pfb
    C:\Program Files\SYS\gs8x\fonts\lapish__.pfb
    C:\Program Files\SYS\gs8x\fonts\laprsh__.pfb
    C:\Program Files\SYS\gs8x\fonts\min-21ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-22ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-23ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-24ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-25ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-26ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-27ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-28ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-30ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-31ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-32ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-33ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-34ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-35ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-36ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-37ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-38ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-39ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-3aku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-3bku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-3cku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-3dku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-3eku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-3fku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-40ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-41ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-42ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-43ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-44ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-45ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-46ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-47ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-48ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-49ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-4aku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-4bku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-4cku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-4dku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-4eku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-4fku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-50ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-51ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-52ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-53ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-54ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-55ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-56ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-57ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-58ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-59ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-5aku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-5bku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-5cku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-5dku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-5eku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-5fku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-60ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-61ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-62ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-63ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-64ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-65ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-66ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-67ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-68ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-69ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-6aku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-6bku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-6cku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-6dku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-6eku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-6fku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-70ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-71ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-72ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-73ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min-74ku.gsf
    C:\Program Files\SYS\gs8x\fonts\min.gsf
    C:\Program Files\SYS\gs8x\fonts\nemsbis_.pfb
    C:\Program Files\SYS\gs8x\fonts\nemsbsh_.pfb
    C:\Program Files\SYS\gs8x\fonts\nemsish_.pfb
    C:\Program Files\SYS\gs8x\fonts\nemsrsh_.pfb
    C:\Program Files\SYS\gs8x\fonts\sysh____.pfb
    C:\Program Files\SYS\gs8x\fonts\tebish__.pfb
    C:\Program Files\SYS\gs8x\fonts\tebsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\teish___.pfb
    C:\Program Files\SYS\gs8x\fonts\tersh___.pfb
    C:\Program Files\SYS\gs8x\fonts\wibsh___.pfb
    C:\Program Files\SYS\gs8x\fonts\zacmish_.pfb
    C:\Program Files\SYS\gs8x\fonts
    C:\Program Files\SYS\gs8x\ps_files\acctest.ps
    C:\Program Files\SYS\gs8x\ps_files\addxchar.ps
    C:\Program Files\SYS\gs8x\ps_files\align.ps
    C:\Program Files\SYS\gs8x\ps_files\bdftops.ps
    C:\Program Files\SYS\gs8x\ps_files\caption.ps
    C:\Program Files\SYS\gs8x\ps_files\cid2code.ps
    C:\Program Files\SYS\gs8x\ps_files\cidfmap
    C:\Program Files\SYS\gs8x\ps_files\decrypt.ps
    C:\Program Files\SYS\gs8x\ps_files\docie.ps
    C:\Program Files\SYS\gs8x\ps_files\dumphint.ps
    C:\Program Files\SYS\gs8x\ps_files\EndOfTask.ps
    C:\Program Files\SYS\gs8x\ps_files\FAPIcidfmap
    C:\Program Files\SYS\gs8x\ps_files\FAPIconfig
    C:\Program Files\SYS\gs8x\ps_files\FAPIfontmap
    C:\Program Files\SYS\gs8x\ps_files\font2c.ps
    C:\Program Files\SYS\gs8x\ps_files\font2pcl.ps
    C:\Program Files\SYS\gs8x\ps_files\gslp.ps
    C:\Program Files\SYS\gs8x\ps_files\gsnup.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_agl.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_btokn.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ccfnt.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ce_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cff.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cidcm.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ciddc.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cidfm.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cidfn.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cidtt.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ciecs2.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ciecs3.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cmap.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cmdl.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_cspace.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_css_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_dbt_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_devcs.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_devn.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_devpxl.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_diskf.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_diskn.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_dpnxt.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_dps.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_dps1.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_dps2.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_dscp.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_epsf.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_fapi.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_fform.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_fntem.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_fonts.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_frsd.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_icc.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_il1_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_il2_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_img.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_indxd.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_init.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_kanji.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ksb_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_l2img.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_lev2.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_lgo_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_lgx_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ll3.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_mex_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_mgl_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_mro_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_patrn.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_pdfwr.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_pdf_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_pfile.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_rdlin.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_res.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_resmp.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_resst.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_sepr.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_setpd.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_statd.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_std_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_sym_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_trap.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_ttf.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_typ32.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_typ42.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_type1.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_wan_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_wl1_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_wl2_e.ps
    C:\Program Files\SYS\gs8x\ps_files\gs_wl5_e.ps
    C:\Program Files\SYS\gs8x\ps_files\ht_ccsto.ps
    C:\Program Files\SYS\gs8x\ps_files\image-qa.ps
    C:\Program Files\SYS\gs8x\ps_files\impath.ps
    C:\Program Files\SYS\gs8x\ps_files\jispaper.ps
    C:\Program Files\SYS\gs8x\ps_files\landscap.ps
    C:\Program Files\SYS\gs8x\ps_files\level1.ps
    C:\Program Files\SYS\gs8x\ps_files\lines.ps
    C:\Program Files\SYS\gs8x\ps_files\markhint.ps
    C:\Program Files\SYS\gs8x\ps_files\markpath.ps
    C:\Program Files\SYS\gs8x\ps_files\mkcidfm.ps
    C:\Program Files\SYS\gs8x\ps_files\opdfread.ps
    C:\Program Files\SYS\gs8x\ps_files\packfile.ps
    C:\Program Files\SYS\gs8x\ps_files\pcharstr.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf2dsc.ps
    C:\Program Files\SYS\gs8x\ps_files\PDFA_def.ps
    C:\Program Files\SYS\gs8x\ps_files\pdfopt.ps
    C:\Program Files\SYS\gs8x\ps_files\pdfwrite.ps
    C:\Program Files\SYS\gs8x\ps_files\PDFX_def.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf_base.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf_draw.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf_font.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf_main.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf_ops.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf_rbld.ps
    C:\Program Files\SYS\gs8x\ps_files\pdf_sec.ps
    C:\Program Files\SYS\gs8x\ps_files\pf2afm.ps
    C:\Program Files\SYS\gs8x\ps_files\pfbtopfa.ps
    C:\Program Files\SYS\gs8x\ps_files\ppath.ps
    C:\Program Files\SYS\gs8x\ps_files\pphs.ps
    C:\Program Files\SYS\gs8x\ps_files\prfont.ps
    C:\Program Files\SYS\gs8x\ps_files\printafm.ps
    C:\Program Files\SYS\gs8x\ps_files\ps2ai.ps
    C:\Program Files\SYS\gs8x\ps_files\ps2ascii.ps
    C:\Program Files\SYS\gs8x\ps_files\ps2epsi.ps
    C:\Program Files\SYS\gs8x\ps_files\quit.ps
    C:\Program Files\SYS\gs8x\ps_files\rollconv.ps
    C:\Program Files\SYS\gs8x\ps_files\showchar.ps
    C:\Program Files\SYS\gs8x\ps_files\showpage.ps
    C:\Program Files\SYS\gs8x\ps_files\stcinfo.ps
    C:\Program Files\SYS\gs8x\ps_files\stcolor.ps
    C:\Program Files\SYS\gs8x\ps_files\stocht.ps
    C:\Program Files\SYS\gs8x\ps_files\traceimg.ps
    C:\Program Files\SYS\gs8x\ps_files\traceop.ps
    C:\Program Files\SYS\gs8x\ps_files\type1enc.ps
    C:\Program Files\SYS\gs8x\ps_files\type1ops.ps
    C:\Program Files\SYS\gs8x\ps_files\uninfo.ps
    C:\Program Files\SYS\gs8x\ps_files\unprot.ps
    C:\Program Files\SYS\gs8x\ps_files\viewcmyk.ps
    C:\Program Files\SYS\gs8x\ps_files\viewgif.ps
    C:\Program Files\SYS\gs8x\ps_files\viewjpeg.ps
    C:\Program Files\SYS\gs8x\ps_files\viewmiff.ps
    C:\Program Files\SYS\gs8x\ps_files\viewpbm.ps
    C:\Program Files\SYS\gs8x\ps_files\viewpcx.ps
    C:\Program Files\SYS\gs8x\ps_files\viewps2a.ps
    C:\Program Files\SYS\gs8x\ps_files\wftopfa.ps
    C:\Program Files\SYS\gs8x\ps_files\winmaps.ps
    C:\Program Files\SYS\gs8x\ps_files\wrfont.ps
    C:\Program Files\SYS\gs8x\ps_files\xlatmap
    C:\Program Files\SYS\gs8x\ps_files\zeroline.ps
    C:\Program Files\SYS\gs8x\ps_files
    C:\Program Files\SYS\gs8x
    C:\Program Files\SYS\jade\bin\win32\grove.dll
    C:\Program Files\SYS\jade\bin\win32\groveoa.dll
    C:\Program Files\SYS\jade\bin\win32\jade.exe
    C:\Program Files\SYS\jade\bin\win32\msvcrt.dll
    C:\Program Files\SYS\jade\bin\win32\nsgmls.exe
    C:\Program Files\SYS\jade\bin\win32\ogrove13.dll
    C:\Program Files\SYS\jade\bin\win32\ogroveoa.dll
    C:\Program Files\SYS\jade\bin\win32\onsgmls.exe
    C:\Program Files\SYS\jade\bin\win32\openjade.exe
    C:\Program Files\SYS\jade\bin\win32\opent.exe
    C:\Program Files\SYS\jade\bin\win32\osgmlnorm.exe
    C:\Program Files\SYS\jade\bin\win32\osp134.dll
    C:\Program Files\SYS\jade\bin\win32\ospam.exe
    C:\Program Files\SYS\jade\bin\win32\ospgrove13.dll
    C:\Program Files\SYS\jade\bin\win32\ostyle13.dll
    C:\Program Files\SYS\jade\bin\win32\osx.exe
    C:\Program Files\SYS\jade\bin\win32\sgmlnorm.exe
    C:\Program Files\SYS\jade\bin\win32\sp132.dll
    C:\Program Files\SYS\jade\bin\win32\sp133.dll
    C:\Program Files\SYS\jade\bin\win32\spam.exe
    C:\Program Files\SYS\jade\bin\win32\spent.exe
    C:\Program Files\SYS\jade\bin\win32\spgrove.dll
    C:\Program Files\SYS\jade\bin\win32\style.dll
    C:\Program Files\SYS\jade\bin\win32\sx.exe
    C:\Program Files\SYS\jade\bin\win32
    C:\Program Files\SYS\jade\bin
    C:\Program Files\SYS\jade\docbook\bin\ChangeLog
    C:\Program Files\SYS\jade\docbook\bin\collateindex.pl
    C:\Program Files\SYS\jade\docbook\bin\collateindex.pl.1
    C:\Program Files\SYS\jade\docbook\bin
    C:\Program Files\SYS\jade\docbook\BUGS
    C:\Program Files\SYS\jade\docbook\catalog
    C:\Program Files\SYS\jade\docbook\ChangeLog
    C:\Program Files\SYS\jade\docbook\common\catalog
    C:\Program Files\SYS\jade\docbook\common\ChangeLog
    C:\Program Files\SYS\jade\docbook\common\cs-hack.pl
    C:\Program Files\SYS\jade\docbook\common\dbcommon.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl10n.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl10n.ent
    C:\Program Files\SYS\jade\docbook\common\dbl10n.pl
    C:\Program Files\SYS\jade\docbook\common\dbl10n.template
    C:\Program Files\SYS\jade\docbook\common\dbl1af.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1af.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1bg.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1bg.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1bs.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1bs.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1ca.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1ca.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1cs.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1cs.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1da.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1da.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1de.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1de.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1el.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1el.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1en.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1en.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1es.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1es.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1et.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1et.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1eu.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1eu.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1fi.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1fi.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1fr.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1fr.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1hu.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1hu.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1id.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1id.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1it.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1it.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1ja.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1ja.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1ko.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1ko.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1nl.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1nl.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1nn.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1nn.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1no.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1no.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1null.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1pl.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1pl.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1pt.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1pt.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1ptbr.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1ptbr.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1ro.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1ro.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1ru.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1ru.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1sk.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1sk.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1sl.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1sl.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1sr.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1sr.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1sv.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1sv.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1th.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1tr.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1tr.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1uk.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1uk.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1xh.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1xh.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1zhcn.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1zhcn.ent
    C:\Program Files\SYS\jade\docbook\common\dbl1zhtw.dsl
    C:\Program Files\SYS\jade\docbook\common\dbl1zhtw.ent
    C:\Program Files\SYS\jade\docbook\common\dbtable.dsl
    C:\Program Files\SYS\jade\docbook\common\README
    C:\Program Files\SYS\jade\docbook\common
    C:\Program Files\SYS\jade\docbook\contrib\header\header.dsl
    C:\Program Files\SYS\jade\docbook\contrib\header\ja\rptstylesheets.xml
    C:\Program Files\SYS\jade\docbook\contrib\header\ja
    C:\Program Files\SYS\jade\docbook\contrib\header\rptstylesheets.xml
    C:\Program Files\SYS\jade\docbook\contrib\header
    C:\Program Files\SYS\jade\docbook\contrib\html\ChangeLog
    C:\Program Files\SYS\jade\docbook\contrib\html\short-biblioentry.dsl
    C:\Program Files\SYS\jade\docbook\contrib\html
    C:\Program Files\SYS\jade\docbook\contrib\imagemap\ChangeLog
    C:\Program Files\SYS\jade\docbook\contrib\imagemap\imagemap.dsl
    C:\Program Files\SYS\jade\docbook\contrib\imagemap\testdoc.sgm
    C:\Program Files\SYS\jade\docbook\contrib\imagemap\testimg.jpg
    C:\Program Files\SYS\jade\docbook\contrib\imagemap
    C:\Program Files\SYS\jade\docbook\contrib\print\ChangeLog
    C:\Program Files\SYS\jade\docbook\contrib\print\short-biblioentry.dsl
    C:\Program Files\SYS\jade\docbook\contrib\print
    C:\Program Files\SYS\jade\docbook\contrib\renumberinpart\ChangeLog
    C:\Program Files\SYS\jade\docbook\contrib\renumberinpart\renumberinpart.dsl
    C:\Program Files\SYS\jade\docbook\contrib\renumberinpart\test.sgm
    C:\Program Files\SYS\jade\docbook\contrib\renumberinpart
    C:\Program Files\SYS\jade\docbook\contrib\subdoc\book.sgm
    C:\Program Files\SYS\jade\docbook\contrib\subdoc\ChangeLog
    C:\Program Files\SYS\jade\docbook\contrib\subdoc\subdoc.dsl
    C:\Program Files\SYS\jade\docbook\contrib\subdoc\subdoc.dtd
    C:\Program Files\SYS\jade\docbook\contrib\subdoc\subdoc1.sgm
    C:\Program Files\SYS\jade\docbook\contrib\subdoc\subdoc2.sgm
    C:\Program Files\SYS\jade\docbook\contrib\subdoc\subdocbc.mod
    C:\Program Files\SYS\jade\docbook\contrib\subdoc
    C:\Program Files\SYS\jade\docbook\contrib\textlink\textlink.dsl
    C:\Program Files\SYS\jade\docbook\contrib\textlink
    C:\Program Files\SYS\jade\docbook\contrib
    C:\Program Files\SYS\jade\docbook\docbook-dsssl-1.79.zip
    C:\Program Files\SYS\jade\docbook\docbook.dcl
    C:\Program Files\SYS\jade\docbook\dtd\30chg.txt
    C:\Program Files\SYS\jade\docbook\dtd\31chg.txt
    C:\Program Files\SYS\jade\docbook\dtd\40chg.txt
    C:\Program Files\SYS\jade\docbook\dtd\40issues.txt
    C:\Program Files\SYS\jade\docbook\dtd\50issues.txt
    C:\Program Files\SYS\jade\docbook\dtd\announce.txt
    C:\Program Files\SYS\jade\docbook\dtd\cals-tbl.dtd
    C:\Program Files\SYS\jade\docbook\dtd\ChangeLog
    C:\Program Files\SYS\jade\docbook\dtd\dbcent.mod
    C:\Program Files\SYS\jade\docbook\dtd\dbgenent.mod
    C:\Program Files\SYS\jade\docbook\dtd\dbhier.mod
    C:\Program Files\SYS\jade\docbook\dtd\dbnotn.mod
    C:\Program Files\SYS\jade\docbook\dtd\dbpool.mod
    C:\Program Files\SYS\jade\docbook\dtd\docbook-old.cat
    C:\Program Files\SYS\jade\docbook\dtd\docbook.cat
    C:\Program Files\SYS\jade\docbook\dtd\docbook.dcl
    C:\Program Files\SYS\jade\docbook\dtd\docbook.dtd
    C:\Program Files\SYS\jade\docbook\dtd\readme.txt
    C:\Program Files\SYS\jade\docbook\dtd
    C:\Program Files\SYS\jade\docbook\dtds\dbdsssl\ChangeLog
    C:\Program Files\SYS\jade\docbook\dtds\dbdsssl\dbdsssl.dtd
    C:\Program Files\SYS\jade\docbook\dtds\dbdsssl
    C:\Program Files\SYS\jade\docbook\dtds\decls\ChangeLog
    C:\Program Files\SYS\jade\docbook\dtds\decls\docbook.dcl
    C:\Program Files\SYS\jade\docbook\dtds\decls\xml.dcl
    C:\Program Files\SYS\jade\docbook\dtds\decls
    C:\Program Files\SYS\jade\docbook
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    post un nouveau rapport rsit.a++
    0
    1. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      Cette fois-ci il n'y a plus qu'un seul rapport,le voici:

      log.txt

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by dany at 2010-01-25 06:44:09
      Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
      System drive C: has 5 GB (6%) free of 85 GB
      Total RAM: 1790 MB (43% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 06:44:19, on 25/01/2010
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v8.00 (8.00.6001.18882)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Windows\WindowsMobile\wmdSync.exe
      c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
      C:\Program Files\VMware\VMware Workstation\hqtray.exe
      C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\wuauclt.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Windows\system32\wermgr.exe
      C:\Users\dany\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\wuauclt.exe
      C:\Windows\explorer.exe
      D:\telechargements\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\dany.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
      O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [OA004Cfg.exe] OA004Cfg.exe
      O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
      O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
      O4 - HKLM\..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Google Update] "C:\Users\dany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{86BB3648-3355-4386-8553-A45C10CBD218}: NameServer = 213.166.201.1,213.166.201.2
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Update Service (gupdate1c9b29d9527f0b3) (gupdate1c9b29d9527f0b3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
      O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
      O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
      O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
      O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  7. Utilisateur anonyme
     
    • Bonjour

    • Télécharge et installe : Malwarebyte’s Anti-Malware
    • (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes
    • Poste le rapport de scan après la suppression ici.(poste le rapport, même si rien n'est détecté.)
    • Si tu as besoin d’aide regarde ce tutorial
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      Salut! j'ai fait ce que tu m'as demandé de faire et voici le rapport avec Malwarebytes,il a notamment trouvé 7 trucs infectés que j'ai supprimé:

      Malwarebytes' Anti-Malware 1.44
      Version de la base de données: 3633
      Windows 6.0.6001 Service Pack 1
      Internet Explorer 8.0.6001.18882

      25/01/2010 17:32:24
      mbam-log-2010-01-25 (17-32-24).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 539178
      Temps écoulé: 3 hour(s), 38 minute(s), 10 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 3
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 4

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Program Files\iMesh Applications\iMesh\Skins\PS.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
      C:\Users\dany\AppData\Local\Temp\Kvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      0
  8. Utilisateur anonyme
     
    Cette fois tu tes débarrassé de ce renos.

    Pour vérifier post un nouveau rapport rsit.a++
    0
    1. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      ah je l'espère bien..En tout cas je te remercie beaucoup de m'avoir aidé !!! voici le nouveau rapport:


      Logfile of random's system information tool 1.06 (written by random/random)
      Run by dany at 2010-01-25 18:27:29
      Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
      System drive C: has 5 GB (6%) free of 85 GB
      Total RAM: 1790 MB (41% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:27:48, on 25/01/2010
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v8.00 (8.00.6001.18882)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Windows\WindowsMobile\wmdSync.exe
      c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
      C:\Program Files\VMware\VMware Workstation\hqtray.exe
      C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Users\dany\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
      C:\Windows\system32\wuauclt.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      D:\telechargements\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\dany.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
      O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [OA004Cfg.exe] OA004Cfg.exe
      O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
      O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
      O4 - HKLM\..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Google Update] "C:\Users\dany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{86BB3648-3355-4386-8553-A45C10CBD218}: NameServer = 213.166.201.1,213.166.201.2
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Update Service (gupdate1c9b29d9527f0b3) (gupdate1c9b29d9527f0b3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
      O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
      O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
      O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
      O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  9. Utilisateur anonyme
     
    Il reste encore des infections.On va utiliser un autre tool.
    • Télécharge et enregistre le fichier d installation sur ton bureau :
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
    ou
    https://www.androidworld.fr/
    • Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
    • Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
    * Sous XP : double-cliquez sur l'icône pour lancer l'outil.
    * Si tu es sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
    • Au menu principal choisi l'option "L" et tape sur [entrée] .
    • Laisse travailler l'outil et ne touche à rien ...
    • Poste le rapport qui apparait à la fin.
    • ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    • Note :
    Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis
    entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
    de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
    antivirus.

    0
    1. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      ouh ça doit être un bon vieux trojan super expérimenté! voici le rapport :


      .
      ======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
      .
      Mis à jour par C_XX le 24.01.2010 à 14:33
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 19:47:20, 25/01/2010 | Mode Normal | Option: CLEAN
      Exécuté de: C:\Ad-Remover\
      Système d'exploitation: Microsoft® Windows Vista™ HomeBasic Service Pack 2 v6.0.6001
      Nom du PC: PC-DE-DANY | Utilisateur actuel: dany
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .

      C:\Users\dany\AppData\Roaming\Mozilla\FireFox\Profiles\tmyc5ah0.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
      C:\Users\dany\AppData\Roaming\Mozilla\FireFox\Profiles\tmyc5ah0.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      C:\Users\dany\AppData\Roaming\Mozilla\FireFox\Profiles\tmyc5ah0.default\iMeshMediabarTb
      C:\Users\dany\AppData\Roaming\Mozilla\FireFox\Profiles\tmyc5ah0.default\searchplugins\iMeshWebSearch.xml
      C:\Users\dany\AppData\Roaming\Mozilla\FireFox\Profiles\tmyc5ah0.default\searchplugins\sweetim.xml
      C:\Users\dany\AppData\Roaming\Mozilla\FireFox\Profiles\tmyc5ah0.default\SweetIMToolbarData
      C:\Users\dany\Music\Imesh - ... [b]ERREUR SUPPRESSION !!/b
      C:\Users\dany\DOCUME~1\Imesh
      C:\Program Files\Mozilla FireFox\extensions\linkcontent@iminent
      C:\Program Files\Mozilla FireFox\searchplugins\iMeshWebSearch.xml
      C:\Users\dany\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\imesh.lnk
      C:\Users\dany\AppData\Local\Temp\iMesh user license agreement.txt
      C:\Users\dany\AppData\Local\Temp\iMeshInstaller
      C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\iMesh
      C:\Program Files\DaemonTools_WhenUSave_Installer
      C:\Program Files\iMesh Applications
      C:\Program Files\Iminent
      C:\Program Files\Kiwee Toolbar
      C:\Program Files\SweetIM
      C:\Program Files\Viewpoint
      C:\Users\dany\AppData\Roaming\EoRezo
      C:\Users\dany\AppData\Local\iMesh
      C:\Users\dany\AppData\Local\Iminent
      C:\Users\dany\AppData\LocalLow\imeshmediabartb
      C:\Users\dany\AppData\LocalLow\Kiwee Toolbar
      C:\Users\dany\AppData\LocalLow\SweetIM
      C:\ProgramData\SweetIM
      C:\ProgramData\Viewpoint
      C:\Windows\Installer\207310.msi
      C:\Windows\Installer\207316.msi
      C:\Windows\system32\config\systemprofile\AppData\Roaming\agi
      C:\Users\Public\Desktop\iMesh.lnk

      (!) -- Fichiers temporaires supprimés.

      .
      HKCU\software\AGI
      HKCU\software\EoRezo
      HKCU\software\iMesh
      HKCU\software\Iminent
      HKCU\software\LanConfig
      HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-286427491-102743630-1157507676-1000\Software\Sweetim
      HKCU\software\microsoft\internet explorer\searchscopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKCU\software\SweetIM
      HKLM\software\classes\AG.MediaPlayerCOM
      HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
      HKLM\software\classes\appid\EoRezoBHO.DLL
      HKLM\Software\Classes\Applications\iMesh.exe
      HKLM\software\classes\AxMetaStream.MetaStreamCtl
      HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
      HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
      HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
      HKLM\Software\Classes\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}
      HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
      HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
      HKLM\Software\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}
      HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
      HKLM\Software\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
      HKLM\Software\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
      HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
      HKLM\Software\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
      HKLM\Software\Classes\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
      HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
      HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
      HKLM\Software\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
      HKLM\Software\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
      HKLM\Software\Classes\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}
      HKLM\Software\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
      HKLM\Software\Classes\CLSID\{696E3174-4F6C-4777-7834-654C4A705677}
      HKLM\Software\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
      HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
      HKLM\Software\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
      HKLM\Software\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
      HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
      HKLM\Software\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
      HKLM\Software\Classes\CLSID\{87CD3140-EEC0-463F-8872-6E564D9DEDE5}
      HKLM\Software\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}
      HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
      HKLM\Software\Classes\CLSID\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}
      HKLM\Software\Classes\CLSID\{B0639356-335C-4E47-B63C-12531A7A5206}
      HKLM\Software\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}
      HKLM\Software\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
      HKLM\Software\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
      HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
      HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
      HKLM\Software\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}
      HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\CLSID\{EFDE11A9-FE0B-4548-B876-5EAC0A6CE86E}
      HKLM\Software\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
      HKLM\Software\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}
      HKLM\software\classes\DiscoveryHelper.iMesh6Discovery
      HKLM\software\classes\DiscoveryHelper.iMesh6Discovery.1
      HKLM\software\classes\EoRezoBHO.EoBHO
      HKLM\software\classes\EoRezoBHO.EoBHO.1
      HKLM\software\classes\iMesh.AudioCD
      HKLM\software\classes\iMesh.Device
      HKLM\software\classes\iMesh.file
      HKLM\software\classes\iMeshIEHelper.UrlHelper
      HKLM\software\classes\iMeshIEHelper.UrlHelper.1
      HKLM\Software\Classes\Interface\{0CA97EEE-C8C4-4B10-A332-10AF1FBEB534}
      HKLM\Software\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
      HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
      HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
      HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
      HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
      HKLM\software\classes\KiweeIEToolbar.KiweeToolbar
      HKLM\software\classes\KiweeIEToolbar.KiweeToolbar.1
      HKLM\software\classes\KiweeIEToolbar.ToolbarInfo
      HKLM\software\classes\KiweeIEToolbar.ToolbarInfo.1
      HKLM\software\classes\MediaPlayer.GraphicsUtils
      HKLM\software\classes\MediaPlayer.GraphicsUtils.1
      HKLM\software\classes\MgMediaPlayer.GifAnimator
      HKLM\software\classes\MgMediaPlayer.GifAnimator.1
      HKLM\software\classes\SWEETIE.IEToolbar
      HKLM\software\classes\SWEETIE.IEToolbar.1
      HKLM\software\classes\SWEETIE.SWEETIE
      HKLM\software\classes\SWEETIE.SWEETIE.3
      HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
      HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
      HKLM\software\classes\Toolbar3.SWEETIE
      HKLM\software\classes\Toolbar3.SWEETIE.1
      HKLM\Software\Classes\TypeLib\{2C6674DB-EFB5-464A-A715-3E770B9C8A94}
      HKLM\Software\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
      HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
      HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
      HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
      HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
      HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
      HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
      HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
      HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
      HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
      HKLM\Software\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
      HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
      HKLM\Software\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
      HKLM\Software\Classes\TypeLib\{ADEA3C4E-2184-40A2-9556-488456427E80}
      HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
      HKLM\Software\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
      HKLM\Software\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
      HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
      HKLM\software\iMesh
      HKLM\software\Iminent
      HKLM\software\MetaStream
      HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
      HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}
      HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28D35620-51D9-11DE-9D13-2DB156D89593}
      HKLM\software\microsoft\internet explorer\searchscopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
      HKLM\software\microsoft\windows\currentversion\uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
      HKLM\software\microsoft\windows\currentversion\uninstall\iMesh
      HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
      HKLM\software\SweetIM
      HKLM\software\Viewpoint
      .
      ============== Scan additionnel ==============
      .
      .
      * Mozilla FireFox Version 3.5.7 [fr] *
      .
      Nom du profil: tmyc5ah0.default (dany)
      .
      (dany, prefs.js) Browser.download.dir, D:\telechargements
      (dany, prefs.js) Browser.download.lastDir, C:\Users\dany\Pictures
      (dany, prefs.js) Browser.search.defaultenginename, iMesh Web Search
      (dany, prefs.js) Browser.search.selectedEngine, iMesh Web Search
      (dany, prefs.js) Browser.startup.homepage, hxxp://search.imesh.com/
      (dany, prefs.js) Extensions.enabledItems, piclens@cooliris.com:1.11.6a,DTToolbar@toolbarnet.com:1.0.0.5,{c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8,{1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19,{000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{20a82645-c095-46ed-80e3-08825760534b}:1.1,support@pdfcreator-toolbar.org:1.0,{64161300-e22b-11db-8314-0800200c9a66}:0.9.1,{EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8,unplug@compunach:2.024,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{28D35620-51D9-11DE-9D13-2DB156D89593}:3.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
      (dany, prefs.js) Keyword.URL, hxxp://search.imesh.com/webResults.html?src=ffb&q=
      (dany, prefs.js) Sweetim.toolbar.previous.keyword.URL, hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
      .
      (dany, prefs.js) EFFACE - Browser.search.defaultenginename, iMesh Web Search
      (dany, prefs.js) EFFACE - Browser.search.order.1, iMesh Web Search
      (dany, prefs.js) EFFACE - Browser.search.selectedEngine, iMesh Web Search
      (dany, prefs.js) EFFACE - Sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0
      (dany, prefs.js) EFFACE - Sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7
      (dany, prefs.js) EFFACE - Sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log
      (dany, prefs.js) EFFACE - Sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000
      (dany, prefs.js) EFFACE - Sweetim.toolbar.logger.FileHandler.MinReportLevel, 7
      (dany, prefs.js) EFFACE - Sweetim.toolbar.mode.debug, false
      (dany, prefs.js) EFFACE - Sweetim.toolbar.previous.keyword.URL, hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
      (dany, prefs.js) EFFACE - Sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://search.yahoo.com/*\ param=\p=\ /><EXTERNAL_SEARCH engine=\hxxp://search.sweetim.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://*.live.*/*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://*youtube.com/\ param=\search_query=\ /><EXTERNAL_SEARCH engine=\hxxp://*.ebay.*/search/*\ param=\satitle=\ /><EXTERNAL_SEARCH engine=\hxxp://*.amazon.com/s/*\ param=\field-keywords=\ /></TOOLBAR>
      (dany, prefs.js) EFFACE - Sweetim.toolbar.search.history.capacity, 10
      (dany, prefs.js) EFFACE - Sweetim.toolbar.simapp_id, {DCD792E8-EFBF-11DD-BF18-001D7276DAF2}
      (dany, prefs.js) EFFACE - Sweetim.toolbar.version, 1.0.0.8
      .
      .
      .
      * Internet Explorer Version 8.0.6001.18882 *
      .
      [HKEY_CURRENT_USER\..\Internet Explorer\Main]
      .
      Start Page: hxxp://fr.msn.com/
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Do404Search: 01000000
      Local Page: C:\Windows\system32\blank.htm
      Show_ToolBar: yes
      Enable Browser Extensions: yes
      Use Custom Search URL: 1 (0x1)
      Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Use Search Asst: no
      Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
      .
      Start Page: hxxp://fr.msn.com/
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Delete_Temp_Files_On_Exit: yes
      Local Page: C:\Windows\System32\blank.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      .
      ============== Suspect (Cracks, Serials, ...) ==============
      .
      C:\Users\dany\AppData\Local\Temp\Saf22D9.tmp\((Demonoid.com))-Boson_Netsim_7_0_for_CCNP_Crack_1632690.0622.torrent
      C:\Users\dany\AppData\Local\Temp\Saf7EA4.tmp\Papycools_NEW_PATCH_PES_28.rar
      C:\Users\dany\AppData\Local\Temp\SafE097.tmp\O-Demonoid.com-O_PES_2009_1_20_Patch_EXTRA_STUFF_1632690.0622.torrent
      C:\Users\dany\Documents\crack_pes2009\reloaded.nfo
      C:\Users\dany\Downloads\Vmware_Workstation_6.0.5.109488\keygen.exe
      C:\Users\dany\Videos\Downloads\Patch PRO-EVO 2009 v1.00 - Part Commentaires.exe
      .
      ===================================
      .
      21860 Octet(s) - C:\Ad-Report-CLEAN[1].log
      .
      29969 Fichier(s) - C:\Users\dany\AppData\Local\Temp
      106 Fichier(s) - C:\Windows\Temp
      0 Fichier(s) - C:\Windows\Prefetch
      .
      20 Fichier(s) - C:\Ad-Remover\BACKUP
      1486 Fichier(s) - C:\Ad-Remover\QUARANTINE
      .
      Fin à: 20:14:24 | 25/01/2010 - CLEAN[1]
      .
      ============== E.O.F ==============
      .
      0
  10. Utilisateur anonyme
     
    Vires tes cracks et keygen sources de tes ennuis.
    Ad Remover a fait un sacré beaucoup.;)

    pour vérification post un nouveau rapport rsit.
    0
    1. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      oui apparemment il est efficace, j'ai viré toutes les saletés et voici le nouveau rapport rsit:


      Logfile of random's system information tool 1.06 (written by random/random)
      Run by dany at 2010-01-26 01:40:58
      Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
      System drive C: has 16 GB (19%) free of 85 GB
      Total RAM: 1790 MB (36% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:41:15, on 26/01/2010
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v8.00 (8.00.6001.18882)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\conime.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Windows\WindowsMobile\wmdSync.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
      C:\Program Files\VMware\VMware Workstation\hqtray.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Users\dany\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
      C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Windows\explorer.exe
      C:\Program Files\QuickTime\QuickTimePlayer.exe
      D:\telechargements\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\dany.exe
      C:\Windows\system32\rundll32.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
      O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
      O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
      O4 - HKLM\..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Google Update] "C:\Users\dany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{86BB3648-3355-4386-8553-A45C10CBD218}: NameServer = 213.166.201.1,213.166.201.2
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Update Service (gupdate1c9b29d9527f0b3) (gupdate1c9b29d9527f0b3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
      O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
      O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
      O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
      O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  11. Utilisateur anonyme
     
    * Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
    * Double-clique sur OTMoveIt.exe pour le lancer.
    * copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


    :processes
    explorer.exe

    :services

    :drivers

    :files
    C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

    :reg
    [-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-

    :commands
    [emptytemp]
    [purity]
    [start explorer]
    [reboot]


    -----------------------------

    * clique sur MoveIt! pour lancer la suppression.
    * Le résultat apparaitra dans le cadre "Results".
    * Clique sur Exit pour fermer.
    * Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
    * Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

    ***************************************************************************
    • Télécharge CCleaner : https://www.ccleaner.com/ccleaner/download
    • Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
    • Lors de l'installation choisis bien "français" en langue .
    • avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.
    • Un tuto ( aide ): http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
    • Utilisation:
    • ! déconnecte toi et ferme toutes applications en cours !
    • va dans "nettoyeur" : fais -analyse- puis -nettoyage
    • va dans "registre": fais -chercher les erreurs- et -réparer toutes les erreurs-
    ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .
    • ( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ...)
    0
  12. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
     
    Après le scan,j'ai eu un rapport qui a été généré automatiquement..je ne sais pas si c'est de celui là que tu parles, car je n'ai pas trouvé le chemin C:\_OTMoveIt\MovedFiles

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== SERVICES/DRIVERS ==========
    Error: Unable to interpret <:drivers> in the current context!
    ========== FILES ==========
    LoadLibrary failed for C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: dany
    ->Temp folder emptied: 1600928098 bytes
    ->Temporary Internet Files folder emptied: 10264462 bytes
    ->Java cache emptied: 70201821 bytes
    ->FireFox cache emptied: 85307970 bytes
    ->Google Chrome cache emptied: 219954675 bytes
    ->Apple Safari cache emptied: 129480183 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 429106878 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 183339 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 7619310 bytes
    RecycleBin emptied: 6554308 bytes

    Total Files Cleaned = 2 441,00 mb

    OTM by OldTimer - Version 3.1.6.0 log created on 01262010_122529

    Files moved on Reboot...
    File C:\Windows\temp\JET88EE.tmp not found!
    C:\Windows\temp\vmware-vmount.log moved successfully.

    Registry entries deleted on Reboot...
    0
  13. Utilisateur anonyme
     
    Nickel

    Post un nouveau rapport rsit.a++
    0
  14. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
     
    ok voici le rapport rsit:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by dany at 2010-01-26 19:23:33
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
    System drive C: has 19 GB (23%) free of 85 GB
    Total RAM: 1790 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:25:05, on 26/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\VMware\VMware Workstation\hqtray.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\dany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\dany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Users\dany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\dany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\dany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conime.exe
    C:\Users\dany\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\dany\AppData\Local\Google\Chrome\Application\chrome.exe
    D:\telechargements\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\dany.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\msfeedssync.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
    O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Google Update] "C:\Users\dany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\dany\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{86BB3648-3355-4386-8553-A45C10CBD218}: NameServer = 213.166.201.1,213.166.201.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9b29d9527f0b3) (gupdate1c9b29d9527f0b3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  15. Utilisateur anonyme
     
    Vires ce programme.Il est vérolés.

    C:\Program Files\DAEMON Tools Toolbar

    ***********************************************************
    télécharge et installes vista SP2

    ***********************************************************
    • Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur firefox Une fois que c'est fait, lance le et installe l’ extension de sécurité suivantes : adblock plus
    pour bloquer les publicités ;

    • WOT - Extension pour ton navigateur internet :
    Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC :
    Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
    Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
    -------------------------------------------------------------------------------------------------------------------------

     Je conseille de mettre a jour internet explorer même si vous ne l’utilisé jamais. Les MAJ systéme se font par le biais de IE. Par conséquent on évite les failles de sécurité.
    • Télécharger IE8 : ici

    • Si Java n'est pas à jour, c'est une faille de sécurité.
    • Télécharge : JavaRa.zip
    • Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    • Double-clique sur le répertoire JavaRa obtenu.
    • Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)• Clique sur SearchFor Updates.
    • Sélectionne Update Using jucheck.exe puis clique sur Search.
    • Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    • Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    • Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    • Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    * Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

    • Si Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version. https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    • Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : Update Checker https://www.commentcamarche.net/faq/9908-filehippo-app-manager-vos-logiciels-sont-ils-a-jour
    Installe le avec les paramètres par défaut en cliquant chaques fois sur Suivant.

    Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.

    Double-cliques sur l'icône pour être redirrigé sur le site de téléchargement des mises à jour.

    * Un conseil : n'installe pas les BETA
    ====================================================
    Pour éliminer les programmes de desinfections.

    • Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
    http://pc-system.fr/
    • Clique sur Recherche et laisse le scan se terminer.
    • Clique, sur Suppression pour finaliser.
    • Tu peux, si tu le souhaites, te servir des Options facultatives.
    • Clique sur Quitter, pour que le rapport puisse se créer.
    • Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
    ------------------------------------------------------------------------------------------------------------------------------
    ------------------------------------------------------------------------------------------------------
    Désactiver/Réactiver la restauration système de Vista
    • Après une désinfection, il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés.
    • Cliquez sur le bouton Vista, faîtes un clic droit sur "Ordinateur" puis cliquez sur "Propriétés" .
    • Cliquez ensuite sur "Protection du système" .
    • Décochez la case du ou des disque(s) pour lesquels vous souhaitez désactiver la restauration du système .
    • Une confirmation est nécessaire et vous informe que les points de restaurations existants vont être supprimés sans possibilité de retour en arrière .
    • Pour réactiver la restauration système, il suffit de cocher à nouveau les cases.
    • Pensé a vider la corbeille.
    -----------------------------------------------------------------------------------------------------

    Tu peux mettre ton problème résolu !!Comment mettre résolu ??

    0
    1. glover68 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      ok j'ai fait tout ce que tu m'as dit et voici le rapport avec Toolscleaner. je te remercie beaucoup de ton aide.@+++

      [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

      --> Recherche:

      C:\VundoFix.txt: trouvé !
      C:\Vundofix backups: trouvé !
      C:\Rsit: trouvé !
      C:\Ad-remover: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
      C:\Users\dany\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Users\dany\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
      C:\Users\dany\Desktop\HijackThis.lnk: trouvé !
      0
  16. Utilisateur anonyme
     
    Clique, sur Suppression pour finaliser.
    0