Sujet Précédent Sujet Suivant

Epasskey toujours la malgre vos conseils

Résolu
ewondy Messages postés 110 Statut Membre -  
 green day -
Bonjour à tous et toutes
AU SECOURS ! hier, nous avions tordu le cou de tous ces spywares et les revoila aujourd'hui.
En fait dès que j'ouvre ma messagerie wanadoo, ils réapparaissent, il y a un problème.
Scan avast : rien trouvé, ewido: rien trouvé, scan en ligne : rien trouvé.

Merci de vos réponses.
Ewondy

151 réponses

Précédent
Réponse 61 / 151
ewondy Messages postés 110 Statut Membre
 
régis, c'est revenu de plus belle.
C'est donc bien lié au démarrage.

J'ai des alertes firewall, je dois répondre oui sinon je ne peux pas me connecter aux differents sites, que faire ?

De plus, le pc rame, j'ai trop de programmes téléchargés, que puis je désinstaller ?
hitman pro
spyware blaster
ccleaner
hijackthis
lopxp
smithfraudfix

merci de ta réponse, je perds le moral
0
Réponse 62 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Perds pas le moral, on va trouver une soluce. Ca serait plutot a moi de perdre le moral lol Positive, on essai de t aider, c est le principal non?

Tu peux desinstaller ceci:
lopxp
smithfraudfix

1- Lance un scan avec spyware blaster
2- Donne le rapport de bitdefender, refais un scan si tu as le temps sinon c est pas grave.
3- Ce que je veux, c est ces alertes firewall, dis moi des infos sur ca. Qu est ce qui veut se connecter? Un processus? un nom?
4- Redonne un silent runner
5- Va dans demarer < executer < tape msconfig
Onglet demarrage, decoche tous les programmes qui sont inutiles au demarrage et ne laisse que ton antivirus et ton pare feu.
6- Remet un silent runner (oui un deuxieme apres avoir fait le 5)
7- Dis moi dans msconfig < demarrage < ce qui est coché et donc qui se lance au demarrage du pc
8- demarrer < tous les programmes < demarrage, c est vide?
9- As tu clean up 40?

;-)

A+
0
Réponse 63 / 151
ewondy Messages postés 110 Statut Membre
 
désolée pour cette petite baisse de forme, mais ca fait 6 jours que nous sommes dessus et je crains d'avoir à reformater .

j'ai fait un scan avec spyware blaster
je ne peux pas t'envoyer le raport bitdefender, trop lourd
quant aux alertes spyware au démarrage :
esapce client
chemin:C:/program files/wanadoo/espace wanadoo.exe

apres : IP 127.0.0.1 (localhoste) remote port 1703
apres : IP 193.252.19.189 remote port 80 (http)

enfin il a trouvé dans document.1/joachim 1/locals /temp/icd1/tmp/rgaccess
dialer.Egroupdial
Action bitdefender : bloqué virus, pc non infecté

de plus, j'ai désinstallé google, car j'ai vu sur le net que google avait racheté "lastsoftwares" qui est l'un des site de pub sauvage que je recois, au cas ou j'aurais chopé quelque chose lors d'une mise à jour, mais les pubs sont toujours là.

Une précision lorsque l'alerte virus est apparue j'avais déjà les pub epasskey à l'écran
je m'occupe de silent runner, à +
0
Réponse 64 / 151
ewondy Messages postés 110 Statut Membre
 
silent runner
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"(Default)" = (empty string)
"EPSON Stylus Photo RX700 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"" ["SEIKO EPSON CORPORATION"]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" ["acer Inc."]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"BDMCon" = ""C:\Program Files\Softwin\BitDefender9\bdmcon.exe"" ["SOFTWIN S.R.L."]
"BDOESRV" = ""C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"]
"BDNewsAgent" = ""C:\Program Files\Softwin\BitDefender9\bdnagent.exe"" ["SOFTWIN S.R.L"]
"BDSwitchAgent" = ""C:\Program Files\Softwin\BitDefender9\bdswitch.exe"" [null data]
"(Default)" = """ = (data in unrecognized format!)" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

tu me fais la suite? lol

et apres je te repondrais

a+
0
Réponse 66 / 151
ewondy Messages postés 110 Statut Membre
 
ouh la la, ca se complique phase 5
etant donné que tout ce qui est coché est du chinois pour moi, comment je repère l'antivirus et le pare feu ?

IMJPMIG
IMSCINST
TINTSEPT
TINSEPT
NICPL
NWIZ
NCMCTRAY
MONITOR
DAEMON
BDMCON
BDOESRY
BDNAGENT
BSSWITCH
SKYPE
MSMSGS
CTFMON
MSNMSGR

BITDEFENDER A REPOUSSE UNE 2 EME TTAQUE DE dialer.Egroupdial

merci de ta réponse
0
Réponse 67 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

Ceci correspond a bitdefender :
BDMCON
BDOESRY
BDNAGENT
BSSWITCH

Regarde sur la droite, tu dois avoir le nom des programmes.

a+
0
Réponse 68 / 151
ewondy Messages postés 110 Statut Membre
 
il me fait une alerte registre
utilitaire config system/chemin c/windows pchealth/helpctr/binaries, le reste pas eu le temps de noter , il me demande de redemarrer le systeme
0
Réponse 69 / 151
ewondy Messages postés 110 Statut Membre
 
2eme silent runner
Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"EPSON Stylus Photo RX700 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"" ["SEIKO EPSON CORPORATION"]
"BDMCon" = ""C:\Program Files\Softwin\BitDefender9\bdmcon.exe"" ["SOFTWIN S.R.L."]
"BDOESRV" = ""C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"]
"BDNewsAgent" = ""c:\program files\softwin\bitdefender9\bdnagent.exe"" ["SOFTWIN S.R.L"]
"BDSwitchAgent" = ""c:\program files\softwin\bitdefender9\bdswitch.exe"" [null data]
"(Default)" = """ = (data in unrecognized format!)" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
0
Réponse 70 / 151
ewondy Messages postés 110 Statut Membre
 
régis, dans ms config, démarrage, ce qui est coché:
7 -bdmcon, bdoesry, bdnagent, bdswitch

8 -démarrer, tous les programmes : vide

9-pas de clean up 40 à l'horizon
0
Réponse 71 / 151
ewondy Messages postés 110 Statut Membre
 
nouvelles adresses de ces pubs :
http://fg.gat.networks.com : videozapping:wanadoo
http://access.rapid-pass.net: spotalert: wanadoo

3eme attaque de dialer.Egroupdial arreté par bitdefender
0
Réponse 72 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
re

telecharge et execute ceci

Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34).
http://pageperso.aol.fr/balltrap34/democleanup.htm

PS: elles sont chaudes tes pubs lol

a+
0
Réponse 73 / 151
ewondy Messages postés 110 Statut Membre
 
JE TE promets d'en rire si tu m'en débarrasses

résultat de clean up
CleanUp! started on 07/01/06 15:15:02.
...
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\WINDOWS\temp\JET901A.tmp - deleted
C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat - deleted
C:\WINDOWS\temp\JET8E26.tmp - deleted
C:\WINDOWS\temp\JET8F4F.tmp - deleted
C:\WINDOWS\temp\1559921.htm - deleted
C:\WINDOWS\temp\1622546.htm - deleted
C:\WINDOWS\temp\JET951B.tmp - deleted
C:\WINDOWS\temp\JET94ED.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\JET8220.tmp - deleted
C:\WINDOWS\temp\JET98C5.tmp - deleted
C:\WINDOWS\temp\Perflib_Perfdata_668.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\tmp00000e7f\tmp00005f06 - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00005f07 - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp000069ea - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp000069e9 - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a0e - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a1c - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a31 - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a3a - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a46 - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a57 - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a62 - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a7d - deleted
C:\WINDOWS\temp\tmp00000e7f\tmp00006a97 - deleted
C:\WINDOWS\temp\tmp00000e7f\ - deleted
C:\WINDOWS\temp\tmp00002ca1\tmp00000000 - deleted
C:\WINDOWS\temp\tmp00002ca1\ - deleted
C:\WINDOWS\temp\tmp00003259\tmp00000000 currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\IXP001.TMP\ - deleted
C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\locals~1\tempor~1\Content.IE5\KHUFKL2V\ - deleted
C:\Documents and Settings\Administrateur\locals~1\tempor~1\Content.IE5\A7S7FIUV\ - deleted
C:\Documents and Settings\Administrateur\locals~1\tempor~1\Content.IE5\RVOWNI26\ - deleted
C:\Documents and Settings\Administrateur\locals~1\tempor~1\Content.IE5\ET0BCNQP\ - deleted
C:\Documents and Settings\Administrateur\locals~1\tempor~1\Content.IE5\ - deleted
C:\Documents and Settings\JOACHIM Sandra\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\locals~1\tempor~1\Content.IE5\VE0JEFMZ\affich-2289302-epasskey-toujours-la-malgre-vos-conseils[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Temporary Internet Files\Content.IE5\VE0JEFMZ\affich-2289302-epasskey-toujours-la-malgre-vos-conseils[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\ - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80A.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF804.pf - deleted
C:\WINDOWS\Prefetch\F-SECURE.EXE-0B2A98FF.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80C.pf - deleted
C:\WINDOWS\Prefetch\DIVXCODECUPDATECHECKER.EXE-046062D4.pf - deleted
C:\WINDOWS\Prefetch\EWIDO.EXE-0A84FA31.pf - deleted
C:\WINDOWS\Prefetch\IEDW.EXE-0F1DF43F.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted
C:\WINDOWS\Prefetch\TOASTER.EXE-0FF378FB.pf - deleted
C:\WINDOWS\Prefetch\ALERTM~1.EXE-367242B4.pf - deleted
C:\WINDOWS\Prefetch\VERSION TRADUITE ORIGINALE.EX-358D63C5.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf - deleted
C:\WINDOWS\Prefetch\MMC.EXE-3B59A269.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf - deleted
C:\WINDOWS\Prefetch\E_FAMT9IE.EXE-25C3EB61.pf - deleted
C:\WINDOWS\Prefetch\E_FARN9IE.EXE-2DF15C28.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D479208.pf - deleted
C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf - deleted
C:\WINDOWS\Prefetch\ASHWEBSV.EXE-3530B302.pf - deleted
C:\WINDOWS\Prefetch\HITMANPRO2.EXE-1B49D449.pf - deleted
C:\WINDOWS\Prefetch\PACRYPT.EXE-04829B62.pf - deleted
C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-0BDC03E6.pf - deleted
C:\WINDOWS\Prefetch\SPYSWEEPER.EXE-21849179.pf - deleted
C:\WINDOWS\Prefetch\WRSSSDK.EXE-035FF48F.pf - deleted
C:\WINDOWS\Prefetch\SWDOCTOR.EXE-038959C6.pf - deleted
C:\WINDOWS\Prefetch\CWSHREDDER.EXE-1EA972E4.pf - deleted
C:\WINDOWS\Prefetch\DIVXSM.EXE-052AE590.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf - deleted
C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-12DBC93E.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE.EXE-31CD1CB8.pf - deleted
C:\WINDOWS\Prefetch\PAEXT.EXE-0EAECDE7.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf - deleted
C:\WINDOWS\Prefetch\ASHAVAST.EXE-1EA93A67.pf - deleted
C:\WINDOWS\Prefetch\ASHSIMPL.EXE-20AB57BA.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted
C:\WINDOWS\Prefetch\CLEANMGR.EXE-31B430FE.pf - deleted
C:\WINDOWS\Prefetch\OSE.EXE-2D1D1CBE.pf - deleted
C:\WINDOWS\Prefetch\WANADOO MESSAGER.EXE-33EED804.pf - deleted
C:\WINDOWS\Prefetch\WINZIP32.EXE-12D769E6.pf - deleted
C:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf - deleted
C:\WINDOWS\Prefetch\CSCRIPT.EXE-0A13A05C.pf - deleted
C:\WINDOWS\Prefetch\SRCHSTS.EXE-255B6C87.pf - deleted
C:\WINDOWS\Prefetch\FINDSTR.EXE-1A4FC238.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-2DAE2DE6.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6DF739B2.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-2055DCA9.pf - deleted
C:\WINDOWS\Prefetch\AD-WATCH.EXE-2EF7E54F.pf - deleted
C:\WINDOWS\Prefetch\SPYBOT-SEARCH-DESTROY_SPYBOT_-14DCD194.pf - deleted
C:\WINDOWS\Prefetch\IS-G3L58.TMP-25CCF4C7.pf - deleted
C:\WINDOWS\Prefetch\IS-RIH01.TMP-20EC89FF.pf - deleted
C:\WINDOWS\Prefetch\IS-VAJ4O.TMP-22C202B2.pf - deleted
C:\WINDOWS\Prefetch\IS-M2UBC.TMP-00E959AC.pf - deleted
C:\WINDOWS\Prefetch\IS-87QA2.TMP-2923BB79.pf - deleted
C:\WINDOWS\Prefetch\CMDTSF.EXE-2A23827D.pf - deleted
C:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf - deleted
C:\WINDOWS\Prefetch\ASHMAISV.EXE-072F6A23.pf - deleted
C:\WINDOWS\Prefetch\BITDEFENDER_PROF_V9.EXE-0333D62D.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-1CB9AC69.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf - deleted
C:\WINDOWS\Prefetch\MSI5.TMP-3278458F.pf - deleted
C:\WINDOWS\Prefetch\BDC.EXE-1256542C.pf - deleted
C:\WINDOWS\Prefetch\VSSERV.EXE-1433F491.pf - deleted
C:\WINDOWS\Prefetch\BDSS.EXE-1E243F30.pf - deleted
C:\WINDOWS\Prefetch\XCOMMSVR.EXE-0FC6EA09.pf - deleted
C:\WINDOWS\Prefetch\BDNAGENT.EXE-2043CAE2.pf - deleted
C:\WINDOWS\Prefetch\LIVESRV.EXE-33286A42.pf - deleted
C:\WINDOWS\Prefetch\BDSWITCH.EXE-2708003A.pf - deleted
C:\WINDOWS\Prefetch\BDMCON.EXE-1495F711.pf - deleted
C:\WINDOWS\Prefetch\BDOESRV.EXE-2BD9492B.pf - deleted
C:\WINDOWS\Prefetch\BDNEWS.EXE-383D5537.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf - deleted
C:\WINDOWS\Prefetch\UPGREPL.EXE-042AED65.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted
C:\WINDOWS\Prefetch\ASYPATCH.EXE-223E61E5.pf - deleted
C:\WINDOWS\Prefetch\PATCH_~1.EXE-26F86895.pf - deleted
C:\WINDOWS\Prefetch\BDFSRS.EXE-02438888.pf - deleted
C:\WINDOWS\Prefetch\UPDATE~2.EXE-3673261F.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\UPDPTCHAS2.EXE-34B8EEA4.pf - deleted
C:\WINDOWS\Prefetch\RAPIMGR.EXE-389C630D.pf - deleted
C:\WINDOWS\Prefetch\WCESCOMM.EXE-2D7B0821.pf - deleted
C:\WINDOWS\Prefetch\SRCHSTS.EXE-24F2DB0C.pf - deleted
C:\WINDOWS\Prefetch\HH.EXE-104606B2.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf - deleted
C:\WINDOWS\Prefetch\MSCONFIG.EXE-1EF1EA0F.pf - deleted
C:\WINDOWS\Prefetch\SBAUTOUPDATE.EXE-277B23CD.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-33AEA629.pf - deleted
C:\WINDOWS\Prefetch\MOVIEMK.EXE-14341DD5.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-0222FDFC.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP40[1].EXE-1C48E5AF.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted
C:\WINDOWS\Prefetch\SHELL.EXE-19BFD49C.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf - deleted
C:\WINDOWS\Prefetch\POWERPNT.EXE-2EEF88AA.pf - deleted
C:\WINDOWS\Prefetch\AVAST.SETUP-295443AF.pf - deleted
C:\WINDOWS\Prefetch\SETUP.OVR-1ABDA79A.pf - deleted
C:\WINDOWS\Prefetch\GESTMAJ.EXE-35850777.pf - deleted
C:\WINDOWS\Prefetch\ESPACEWANADOO.EXE-23FD54AB.pf - deleted
C:\WINDOWS\Prefetch\COMCOMP.EXE-26762E36.pf - deleted
C:\WINDOWS\Prefetch\INACTIVITY.EXE-36EA1B28.pf - deleted
C:\WINDOWS\Prefetch\POLLINGMODULE.EXE-11839BD0.pf - deleted
C:\WINDOWS\Prefetch\WATCH.EXE-27B8EEDC.pf - deleted
C:\WINDOWS\Prefetch\MOBSYNC.EXE-0EFADB79.pf - deleted
C:\WINDOWS\Prefetch\ASHQUICK.EXE-1E522D9F.pf - deleted
C:\temp\extract.tmp - deleted
C:\drv\vga0\SETUP.SKIN - deleted
C:\WINDOWS\WindowsShell.Manifest - deleted
C:\WINDOWS\system32\ncpa.cpl.manifest - deleted
C:\WINDOWS\system32\nwc.cpl.manifest - deleted
C:\WINDOWS\system32\sapi.cpl.manifest - deleted
C:\WINDOWS\system32\wuaucpl.cpl.manifest - deleted
C:\WINDOWS\system32\cdplayer.exe.manifest - deleted
C:\WINDOWS\system32\logonui.exe.manifest - deleted
C:\WINDOWS\system32\WindowsLogon.manifest - deleted
C:\WINDOWS\system32\CONFIG.TMP - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012006030620060307\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb - deleted
C:\WINDOWS\system32\config\systemprofile\SendTo\Dossier compressé.ZFSendToTarget - deleted
C:\WINDOWS\system32\config\systemprofile\SendTo\Bureau (créer un raccourci).DeskLink - deleted
C:\WINDOWS\system32\config\systemprofile\SendTo\Destinataire.MAPIMail - deleted
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - deleted
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\system32\usmt\migwiz.exe.manifest - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log.2005-01-23-12-09-50-0953-00 - deleted
C:\WINDOWS\system32\URTTemp\mscoree.dll.local - deleted
C:\WINDOWS\repair\system.bak - deleted
C:\WINDOWS\temp\JET94ED.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Resources\Themes\Luna\luna.msstyles - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest - deleted
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest - deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy - deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy - deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy - deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy - deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy - deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy - deleted
C:\WINDOWS\pchealth\helpctr\Config\Cache\Personal_32_1036.dat.bak - deleted
C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat - deleted
C:\WINDOWS\Installer\MSIA1.tmp - deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\machine.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\DefaultWsdlHelpGenerator.aspx - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_hightrust.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_lowtrust.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_hightrust.config.default - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_lowtrust.config.default - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_minimaltrust.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_minimaltrust.config.default - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_mediumtrust.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\web_mediumtrust.config.default - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config - deleted
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config - deleted
C:\Documents and Settings\Default User\SendTo\Destinataire.MAPIMail - deleted
C:\Documents and Settings\Default User\SendTo\Dossier compressé.ZFSendToTarget - deleted
C:\Documents and Settings\Default User\SendTo\Bureau (créer un raccourci).DeskLink - deleted
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb - deleted
C:\Documents and Settings\Default User\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\7.0\Replicate\Security\directories.acrodata - deleted
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate - deleted
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate - deleted
C:\Documents and Settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe - deleted
C:\Documents and Settings\All Users\DRM\DRMv1.bak - deleted
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\MSHist012006070120060702\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Historique\History.IE5\MSHist012006070120060702\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Application Data\IM\Identities\{87F01B6C-684C-45F3-B415-3994E60672F1}\EmoticonCenter\emoticons.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Application Data\IM\Identities\{87F01B6C-684C-45F3-B415-3994E60672F1}\Message Store\Folders.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Local Settings\Application Data\IM\Identities\{87F01B6C-684C-45F3-B415-3994E60672F1}\AddressBook\AddressBook.imb.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\JOACHIM Sandra\Application Data\Microsoft\Office\fbcED.tmp - deleted
C:\Documents and Settings\JOACHIM Sandra\Application Data\Microsoft\Office\Récent\index.dat - deleted
C:\Documents and Settings\JOACHIM Sandra\Application Data\Microsoft\Address Book\JOACHIM Sandra.wab~ - deleted
C:\Documents and Settings\JOACHIM Sandra\Application Data\Google\GoogleEarth\myplaces.kml.tmp - deleted
C:\Documents and Settings\JOACHIM Sandra\.limewire\fileurns.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\Incomplete\downloads.bak - deleted
C:\Documents and Settings\JOACHIM Sandra\UserData\index.dat - deleted
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdc.ini.bak - deleted
C:\Program Files\InstallShield Installation Information\{49D1F3E4-9E28-4DBE-BB7A-EDF87E8DC794}\setup.boot - deleted
C:\Program Files\InstallShield Installation Information\{4FAA62F6-AEC7-44FF-93CA-931D3978A215}\setup.skin - deleted
C:\Program Files\InstallShield Installation Information\{4FAA62F6-AEC7-44FF-93CA-931D3978A215}\setup.boot - deleted
C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.skin - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\picturetasks_ENU.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\en_US\SVGViewer.dict - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Hanko05.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Hanko04.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Hanko03.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Hanko02.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Hanko01.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Hanko.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign13.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign05.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Forms01.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review12.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review08.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo00.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Engineering07.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign07.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign11.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review18.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review19.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review16.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review14.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review11.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Forms02.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo02.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo06.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo03.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review05.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review06.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review04.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review03.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review01.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review02.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review07.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review09.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign09.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo01.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review13.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Forms.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo04.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo05.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo07.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\HowTo08.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review22.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review20.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review23.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign02.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review28.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign06.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Sign04.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review10.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review17.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Review21.html - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\en_US\license.html - deleted
C:\Program Files\CyberLink\PowerDVD\powerdvd.exe.manifest - deleted
C:\Program Files\Wanadoo\Config\sandra.joachimwanadoo.fr\Temp\DLM8A.tmp - deleted
C:\Program Files\Wanadoo\Config\sandra.joachimwanadoo.fr\Temp\DLM8D.tmp - deleted
C:\Program Files\Wanadoo\Config\sandra.joachimwanadoo.fr\Temp\DLM91.tmp - deleted
C:\Program Files\Wanadoo\Config\sandra.joachimwanadoo.fr\Temp\DLM3.tmp - deleted
C:\Program Files\eMule\downloads.bak - deleted
C:\Program Files\eMule\config\clients.met.bak - deleted
C:\Program Files\eMule\config\eMule Light.tmpl - deleted
C:\Program Files\eMule\config\eMule.tmpl - deleted
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak - deleted
C:\SEICEM\CAETEB\02\map00000.tmp - deleted
D:\Incomplete\downloads.bak - deleted
Emptied Recycle Bin on drive C:
Emptied Recycle Bin on drive D:
'Run MRU' list - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.0 recovered 56.8 MB of disk space from 1081 files.
CleanUp! finished on 07/01/06 15:17:03.
0
Réponse 74 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Redemarre ton PC et dis moi si il y a moins de pubs.

A+
0
Réponse 75 / 151
ewondy Messages postés 110 Statut Membre
 
il y a toujours les mêmes, en plus:
waypointcash.com : hollywoodprivate.com
4ème attaque de egroupdial

désespérant, snif...
0
Réponse 76 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re

va dans demarer < poste de travail < c < windows < systeme32 < drivers < etc < host

Ouvre le avec le bloc note, copie colle ce qu il y a dedans

a+
0
Réponse 77 / 151
ewondy Messages postés 110 Statut Membre
 
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x

127.0.0.1 localhost
0
Réponse 78 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Rien lol

Télécharge aussi DLLcompare ici:
http://www.downloads.subratam.org/DllCompare.exe

lance le et clique sur "Run locate.com"
Quand "completed the scan, click compare to continue" apparaît en bleu, clique sur le bouton COMPARE en bas à droite
Une fois le scan terminé clique sur "make a log of what was found"
Fait un copier coller du log sur le forum

Une fois executé, tu peux le supprimer de ton PC

a+
0
Réponse 79 / 151
ewondy Messages postés 110 Statut Membre
 
DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\nticdmk7.dll Sun 23 Jan 2005 12:11:42 ...HR 1 024 1,00 K
C:\WINDOWS\SYSTEM32\ntimpeg2.dll Sun 23 Jan 2005 12:11:42 ...HR 1 024 1,00 K
C:\WINDOWS\SYSTEM32\ntimp3.dll Sun 23 Jan 2005 12:11:42 ...HR 1 024 1,00 K
C:\WINDOWS\SYSTEM32\ntifcd3.dll Sun 23 Jan 2005 12:11:42 ...HR 1 024 1,00 K
C:\WINDOWS\SYSTEM32\ntibun4.dll Sun 23 Jan 2005 12:12:26 ...HR 1 024 1,00 K
________________________________________________

1 361 items found: 1 361 files (5 H/S), 0 directories.
Total of file sizes: 300 240 549 bytes 286,33 M

Administrator Account = True

AppInit_DLLs value = sockspy.dll (not hidden)
--------------------End log---------------------
0
Réponse 80 / 151
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

Humm j avais un espoir en voyant ce rapport mais bon...

C:\WINDOWS\SYSTEM32\nticdmk7.dll
C:\WINDOWS\SYSTEM32\ntimpeg2.dll
C:\WINDOWS\SYSTEM32\ntimp3.dll
C:\WINDOWS\SYSTEM32\ntifcd3.dll
C:\WINDOWS\SYSTEM32\ntibun4.dll

Scan ces 5 dll ici;
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Rechercheles
Clik send et colle les 5 rapports stp

A+
0