Trojan.win32.BHO.abo Résolu/Fermé

Question

Bonjour,

J'ai un cheval de troie impossible à réparer ! voilà trois jours que je galère sur les forum pour trouver une solution mais je ne suis qu'une novice et je n'arrive pas à trouver une solution !!!!!

Merci de m'aider !!!!!!

_Sh4rK_ · Answer

Bonjour!

As-tu un antivirus ?! 
Sinon passe par : http://www.secuser.com/antivirus/ > tu installe le plugins xscan(xx).cab > et tu suis la procedure!

Tiens nous au courant

mariell47 · Answer

OUi, j'ai kapersky, mais il me dit que la réparation est impossible, merci de ta réponse

_Sh4rK_ · Answer

Si la reparation est impossible c'est parceque ca doit etre un processus deja en route ... et on sais tous que windows ne sait pas killé un processus pour le supprime O_o! 

Le mieux a faire , c'est de telecharger avast antivirus et de lui planifier un scan au demarrage , car enfaite il va scanné ton disque dur avant meme qu'il se lance .. du coup il a une meilleur de gestion des fichiers et donc il pourra le supprimer sans probleme.

mariell47 · Answer

comment télécharger avast ?

_Sh4rK_ · Answer

Veuillez me suivre je vous pris :) : https://www.clubic.com/telecharger-fiche11113-avast-antivirus-gratuit.html

mariell47 · Answer

je n'arrive pas à le télécharger lorsque je clique sur le telechargement rien ne se passe

mariell47 · Answer

j'ai réussi !

_Sh4rK_ · Answer

Quand tu appuie sur telecharger , ca te dirige vers une page ou il te propose de choisir ton serveur de telechargement. tu clique dessus et normalement le telechargement se lance.

mariell47 · Answer

j'ai installé le logiciel, il a scanné les fichier, suprimé certains mais j'ai toujours un cheval de troie sur fichier windows\system32\ciod.dll/PE_UPX/UPX.....en plus plusieurs fenetres d'erreur s'affichent :
- interface not supported
-erreur de chargement windows /system32/gzmrt.dll

je ne parle pas anglais, je suis donc super embêtée !!!!

_Sh4rK_ · Answer

Tu as fait un scan au demarrage ?! ou depuis ton bureau ?!

mariell47 · Answer

avar m'a demandé de redemarrer, je l'ai fait.

_Sh4rK_ · Answer

Erf , et il ne veut pas du tout le supprimé?! c'est bizarre ca quand meme! 

Sinon passe par : http://www.secuser.com/antivirus/ > tu installe le plugins xscan(xx).cab > et tu suis la procedure!

mariell47 · Answer

est ce que je doit suspendre la protection kapersky pendant le scan ?

_Sh4rK_ · Answer

Oui c'est preferable ... !

mariell47 · Answer

la page que tu me donne met ce message :
 Either the browser does not support the Object element or an error occurred while downloading the object. Unable to loading HouseCall ActiveX Control.
qu'est ce que ça signifie ?

_Sh4rK_ · Answer

Voici la procedure detaille : http://www.secuser.com/outils/antivirus_installation.htm

mariell47 · Answer

l'explicatif m'indique que cet antivirus ne fonctionne pas avec firefox. Je n'ai plus explorer car il n'a jamais fonctionné correctement, j'ai était obligé d'installer firefox pour le remplacer car le navigateur orange ne démarre plus correctement non plus, bref, je suis vraiment embêter

_Sh4rK_ · Answer

Oula... Mais votre XP est légal ?

mariell47 · Answer

completement, je l'ai acheté en hyper mais je n'ai que des ennuis et cette fois je ne trouve pas de solution au virus

_Sh4rK_ · Answer

Je ne vois pas comment faire non plus .. je n'ai pas d'autre idée que celle proposé! attendez d'autres reponses pour savoir...

mariell47 · Answer

merci quand même, je vais reessayer le scan, et attendre une autre réponse, merci

Lyonnais92 · Answer

Bonjour, 

déjà voir ce qui se passe :

Clique sur ce lien 
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe 
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.  

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là : 
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
              http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

Lyonnais92 · Answer

RE,

Hijackthis ne va pas me donner toutes les infos dont j'ai besoin.

fais aussi ça :

télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

mariell47 · Answer

je colle le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:28, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TWINTO~1\MouseElf.EXE
C:\windows\system32lvknlg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TwinTouch LuxeMate\EMouse.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SCREEN~1.SCR
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll (file missing)
O2 - BHO: (no name) - {1EFFA925-340F-4A36-9581-2B109A661ACC} - C:\WINDOWS\system32\ciod.dll
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32
st1CB.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar	oolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32lvknlg.exe -boot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [PlantTycoonSetup.exe] C:\DOCUME~1\bureau\MESDOC~1\BAESEL~1\PLANTT~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3e2893a619834314a31bc6f32058cea4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3e2893a619834314a31bc6f32058cea4
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\bureau\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.119.254:12500/activex/AxisCamControl.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameShell/online/fr/chuzzle/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE0759A-D5F0-4132-8699-0E45057EF6E7}: NameServer = 192.168.1.1,80.10.246.2
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

mariell47 · Answer

rapport combofix 10 ème essais, je déconnecte tout le temps..... ComboFix 07-12-18.1 - bureau 2007-12-18 12:54:08.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.58 [GMT 1:00] Running from: C:\Documents and Settings\bureau\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32 st1CB.dll C:\WINDOWS\system32\NTSVC.ocx C:\WINDOWS\system32 k.bin C:\WINDOWS\system32 lls.dll C:\WINDOWS\system32 lvknlg.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))))))) . 2007-12-18 11:12 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-18 11:12 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-18 11:12 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-18 11:12 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-18 11:12 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-18 11:12 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-18 11:12 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-18 11:12 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-18 11:12 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-18 11:11 . 2007-12-18 11:11 d-------- C:\Program Files\Alwil Software 2007-12-17 21:16 . 2007-12-17 21:16 d-------- C:\Program Files\Trend Micro 2007-12-17 18:57 . 2007-12-17 18:57 d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-12-17 18:56 . 2007-12-17 19:02 d-------- C:\Documents and Settings\bureau\Application Data\PrevxCSI 2007-12-17 15:05 . 2007-12-17 15:05 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-17 14:52 . 19,456 C:\WINDOWS\system32\drivers\qmusnshc.dat 2007-12-17 14:03 . 2006-06-22 06:13 84,992 --a------ C:\WINDOWS\system32\ciod.dll 2007-12-07 14:48 . 2007-12-07 14:48 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-06 21:46 . 2007-12-17 15:17 d-------- C:\Program Files\Norton Security Scan 2007-12-05 13:01 . 2007-12-05 13:01 d-------- C:\Program Files\MaxiMemo 2007-12-05 13:01 . 2007-12-05 13:01 d-------- C:\Program Files\Fichiers communs\Oberon Media 2007-12-05 13:01 . 2007-12-05 13:04 d-------- C:\Documents and Settings\bureau\Application Data\MaxiMemo 2007-12-01 15:17 . 2007-12-01 15:17 d-------- C:\Documents and Settings\bureau\Application Data\Balloon Express 2007-11-30 19:55 . 2007-12-17 12:11 d-------- C:\Documents and Settings\All Users\Application Data\Friends Games 2007-11-30 19:54 . 2005-09-27 14:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2007-11-30 19:54 . 2005-09-27 14:11 499,712 --a------ C:\WINDOWS\system32\Msvcp71.dll 2007-11-30 19:54 . 2006-11-10 10:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll 2007-11-30 19:54 . 2005-03-11 17:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll 2007-11-30 18:42 . 2007-11-30 18:42 253,952 --------- C:\WINDOWS\Setup1.exe 2007-11-30 18:42 . 2007-11-30 18:42 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-11-30 18:02 . 2007-12-17 20:49 d-------- C:\Program Files\Atelier du Joueur 2007-11-30 14:33 . 2007-11-30 14:33 d-------- C:\Documents and Settings\bureau\Application Data\MysteryStudio 2007-11-28 14:34 . 2007-12-05 12:00 d-------- C:\Program Files\Boonty 2007-11-28 13:42 . 2007-11-28 13:42 d-------- C:\Documents and Settings\bureau\Application Data\Souptoys 2007-11-28 09:10 . 2007-11-28 09:10 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-11-27 16:59 . 2007-11-27 17:29 534 --a------ C:\WINDOWS\eReg.dat 2007-11-27 13:33 . 2007-11-27 13:33 d-------- C:\Program Files\Adssite Games Collection 2007-11-27 13:33 . 2007-11-27 13:33 79,875 --a------ C:\WINDOWS\system32\adssite-remove.exe 2007-11-27 13:33 . 2007-12-17 14:03 40,737 --a------ C:\WINDOWS\system32 ightonadz-uninst.exe 2007-11-27 13:11 . 2007-12-18 11:27 d-------- C:\Program Files\PlayMP3z 2007-11-23 18:00 . 2007-12-16 10:14 d-------- C:\Program Files\Zylom Games 2007-11-23 18:00 . 2007-12-17 12:11 d-------- C:\Documents and Settings\bureau\Application Data\Zylom 2007-11-23 18:00 . 2007-11-23 18:00 d-------- C:\Documents and Settings\bureau\Application Data\Jane s Hotel 2007-11-23 18:00 . 2007-11-23 18:00 d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2007-11-22 12:26 . 2007-12-18 11:23 d-------- C:\Program Files\ContextTool 2007-11-18 13:41 . 2007-11-27 17:46 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-18 11:59 31,168,288 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-18 11:58 1,085,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-18 10:49 --------- d-----w C:\Program Files\Wanadoo 2007-12-18 10:46 418,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-18 10:46 103,664 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-17 14:09 --------- d-----w C:\Program Files\DivX 2007-12-17 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft 2007-12-17 11:10 --------- d-----w C:\Program Files\BoontyGames 2007-12-16 09:07 --------- d-----w C:\Program Files\PlayFirst 2007-12-15 20:16 --------- d-----w C:\Documents and Settings\bureau\Application Data\PlayFirst 2007-12-12 10:37 --------- d-----w C:\Documents and Settings\bureau\Application Data\LimeWire 2007-12-05 12:01 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-04 08:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-30 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-11-27 16:50 --------- d-----w C:\Program Files\GamesBar 2007-11-27 15:52 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-27 12:33 --------- d-----w C:\Documents and Settings\bureau\Application Data\Adssite Advanced Toolbar 2007-11-26 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-11-18 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear 2007-11-17 21:17 --------- d-----w C:\Program Files\Google 2007-11-10 18:25 --------- d-----w C:\Program Files\Gamenext 2007-11-10 16:24 --------- d-----w C:\Documents and Settings\bureau\Application Data\Super-Cow 2007-11-09 20:04 --------- d-----w C:\Program Files\IndustryGiant 2 2007-11-03 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-03 14:05 --------- d-----w C:\Program Files\Eidos Interactive 2007-11-03 13:24 --------- d-----w C:\Program Files\Trymedia 2007-11-03 13:23 --------- d-----w C:\Program Files\Hexacto Games 2007-10-30 07:28 --------- d-----w C:\Program Files\DK 2007-10-25 11:20 --------- d-----w C:\Program Files\TwinTouch LuxeMate 2007-10-23 13:54 --------- d-----w C:\Program Files\Picasa2 2007-10-21 10:58 --------- d-----w C:\Documents and Settings\bureau\Application Data\Gaijin Ent 2007-10-20 10:33 --------- d-----w C:\Documents and Settings\bureau\Application Data\My Games 2007-10-15 13:59 118,478 ------w C:\WINDOWS\Fonts\christmas_cheer.zip 2007-10-15 13:58 319,728 ------w C:\WINDOWS\Fonts\elfabet.zip 2007-10-15 13:56 86,111 ------w C:\WINDOWS\Fonts\fantasy_clipart2.zip 2007-10-15 13:55 28,630 ------w C:\WINDOWS\Fonts unes.zip 2007-10-15 13:54 7,963 ------w C:\WINDOWS\Fonts\alphabet_of_magi.zip 2007-10-15 13:52 140,222 ------w C:\WINDOWS\Fonts\perroquet.zip 2007-10-15 13:46 75,839 ------w C:\WINDOWS\Fonts\alpha_fitness.zip 2007-10-15 13:45 138,853 ------w C:\WINDOWS\Fonts\kingthings_whizzban.zip 2007-10-15 13:44 49,886 ------w C:\WINDOWS\Fonts azzle_dazzle.zip 2007-10-15 13:44 164,574 ------w C:\WINDOWS\Fonts\blossom.zip 2007-10-15 13:42 118,897 ------w C:\WINDOWS\Fonts\cheese_and_mouse.zip 2007-10-15 13:41 60,224 ------w C:\WINDOWS\Fonts\caricature.zip 2007-10-15 13:39 58,728 ------w C:\WINDOWS\Fonts\scriptina.zip 2007-10-15 13:38 33,681 ------w C:\WINDOWS\Fonts\ardenwood.zip 2007-10-15 13:37 653,980 ------w C:\WINDOWS\Fonts\saraband.zip 2007-10-15 13:35 332,082 ------w C:\WINDOWS\Fonts\mysterious_voyage.zip 2007-10-15 13:34 151,043 ------w C:\WINDOWS\Fonts\victorian_initials_.zip 2007-10-15 13:33 38,601 ------w C:\WINDOWS\Fonts\zallman_caps.zip 2007-10-15 13:33 211,946 ------w C:\WINDOWS\Fonts\acorn_initials.zip 2007-10-15 13:31 117,664 ------w C:\WINDOWS\Fonts\popstars.zip 2007-10-15 13:30 58,642 ------w C:\WINDOWS\Fonts\groovalicious_tweak.zip 2007-10-15 13:27 47,501 ------w C:\WINDOWS\Fonts\lms_hippy_chick.zip 2007-10-15 13:23 20,723 ------w C:\WINDOWS\Fonts oady_roadrunner.zip 2007-10-15 13:22 39,945 ------w C:\WINDOWS\Fonts\brown_bear_funk.zip 2007-10-15 13:20 12,075 ------w C:\WINDOWS\Fonts\eyesis.zip 2007-10-15 13:16 45,360 ------w C:\WINDOWS\Fonts\decapitated.zip 2007-09-30 12:48 28,672 ----a-w C:\WINDOWS\system32\qttask.exe 2007-09-23 10:50 606,848 -c--a-w C:\WINDOWS\flashax.exe 2007-09-23 10:50 503,808 ----a-w C:\WINDOWS\screenB_1024_768.scr 2007-09-23 10:50 12,288 -c--a-w C:\WINDOWS\impborl.dll 2007-09-22 02:36 120 ----a-w C:\drmHeader.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}] C:\WINDOWS\system32\gzmrt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EFFA925-340F-4A36-9581-2B109A661ACC}] 2006-06-22 06:13 84992 --a------ C:\WINDOWS\system32\ciod.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}] C:\WINDOWS\system32\gzmrotate.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}] C:\WINDOWS\system32 st1CB.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {41C29B07-6F91-4966-91BE-2E2841643C83} {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}] [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1] [HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}] [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50] "PlantTycoonSetup.exe"="C:\DOCUME~1\bureau\MESDOC~1\BAESEL~1\PLANTT~1.exe" [] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 18:09] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-11 11:58] "mouseElf"="C:\PROGRA~1\TWINTO~1\MouseElf.EXE" [2004-08-26 00:45] "RelevantKnowledge"="C:\windows\system32 lvknlg.exe" [] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55] "postSetupCheck"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-05 13:00] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 00:20:58] Lotus SmartCenter.lnk - C:\lotus\smartctr\smartctr.exe [1999-07-08 02:23:00] Lotus SuiteStart.lnk - C:\lotus\smartctr\suitest.exe [1999-07-08 02:23:00] MaxiMemo.lnk - C:\Program Files\MaxiMemo\MaxiMemo.exe [2007-10-26 08:59:32] officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 00:21:30] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-09-07 10:35:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R0 fngxrepg;fngxrepg;C:\WINDOWS\system32\drivers\qmusnshc.dat [] R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 06:01] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-17 16:46] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-17 13:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-14 09:20:17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1189497898.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2007-12-14 14:05:17 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2007-12-18 11:33:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 13:00:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-18 13:01:37 . 2007-12-18 08:01:14 --- E O F ---

Lyonnais92 · Answer

Re,

tu es très infectée.

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes 

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll (file missing)
  O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll (file missing) 
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\bureau\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

=======================

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
fngxrepg

Registry::
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1EFFA925-340F-4A36-9581-2B109A661ACC}] 

File::
C:\WINDOWS\system32\drivers\qmusnshc.dat 
C:\WINDOWS\system32\ciod.dll
C:\windows\system32\rlvknlg.exe 

Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe . Clique sur l'icône du fichier, conserve le doigt enfoncé et fais glisser la souris pour faire recouvrir l'icône de combofix. Relache le doigt. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu,.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

==============

Télécharge ceci: (by Moe) : 

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe 

Double clic sur Lopxpsetup.exe pour lancer l'installation 
Au menu, choisir l'option 1 
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer ! 
Une rapport sera alors crée, à copie/colle en entier sur le forum. 

==================

Tu as volontairement téléchargé ces fichiers :

2007-10-15 13:59 118,478 ------w C:\WINDOWS\Fonts\christmas_cheer.zip 
2007-10-15 13:58 319,728 ------w C:\WINDOWS\Fonts\elfabet.zip 
2007-10-15 13:56 86,111 ------w C:\WINDOWS\Fonts\fantasy_clipart2.zip 
2007-10-15 13:55 28,630 ------w C:\WINDOWS\Fonts\runes.zip 
2007-10-15 13:54 7,963 ------w C:\WINDOWS\Fonts\alphabet_of_magi.zip 
2007-10-15 13:52 140,222 ------w C:\WINDOWS\Fonts\perroquet.zip 
2007-10-15 13:46 75,839 ------w C:\WINDOWS\Fonts\alpha_fitness.zip 
2007-10-15 13:45 138,853 ------w C:\WINDOWS\Fonts\kingthings_whizzban.zip 
2007-10-15 13:44 49,886 ------w C:\WINDOWS\Fonts\razzle_dazzle.zip 
2007-10-15 13:44 164,574 ------w C:\WINDOWS\Fonts\blossom.zip 
2007-10-15 13:42 118,897 ------w C:\WINDOWS\Fonts\cheese_and_mouse.zip 
2007-10-15 13:41 60,224 ------w C:\WINDOWS\Fonts\caricature.zip 
2007-10-15 13:39 58,728 ------w C:\WINDOWS\Fonts\scriptina.zip 
2007-10-15 13:38 33,681 ------w C:\WINDOWS\Fonts\ardenwood.zip 
2007-10-15 13:37 653,980 ------w C:\WINDOWS\Fonts\saraband.zip 
2007-10-15 13:35 332,082 ------w C:\WINDOWS\Fonts\mysterious_voyage.zip 
2007-10-15 13:34 151,043 ------w C:\WINDOWS\Fonts\victorian_initials_.zip 
2007-10-15 13:33 38,601 ------w C:\WINDOWS\Fonts\zallman_caps.zip 
2007-10-15 13:33 211,946 ------w C:\WINDOWS\Fonts\acorn_initials.zip 
2007-10-15 13:31 117,664 ------w C:\WINDOWS\Fonts\popstars.zip 
2007-10-15 13:30 58,642 ------w C:\WINDOWS\Fonts\groovalicious_tweak.zip 
2007-10-15 13:27 47,501 ------w C:\WINDOWS\Fonts\lms_hippy_chick.zip 
2007-10-15 13:23 20,723 ------w C:\WINDOWS\Fonts\roady_roadrunner.zip 
2007-10-15 13:22 39,945 ------w C:\WINDOWS\Fonts\brown_bear_funk.zip 
2007-10-15 13:20 12,075 ------w C:\WINDOWS\Fonts\eyesis.zip 
2007-10-15 13:16 45,360 ------w C:\WINDOWS\Fonts\decapitated.zip 

Bon courage.
 --

@+
N'acceptez jamais une désinfection par mp.

mariell47 · Answer

je n'ai pas la ligne /

 04 HKLM \...\RUN : ...etc ...

mariell47 · Answer

j'effectue ces opérations sans cette ligne et je reviens, merci

mariell47 · Answer

j'ai effectué la premiere phase je poste le rapport et telecharge ce que tu m'as demandé ComboFix 07-12-18.1 - bureau 2007-12-18 14:27:31.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.127 [GMT 1:00] Running from: C:\Documents and Settings\bureau\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\bureau\Bureau\CFscript.txt * Created a new restore point FILE C:\WINDOWS\system32\ciod.dll C:\WINDOWS\system32\drivers\qmusnshc.dat C:\windows\system32\rlvknlg.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ciod.dll C:\WINDOWS\system32\drivers\qmusnshc.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FNGXREPG -------\fngxrepg ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))))))) . 2007-12-18 11:12 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-18 11:12 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-18 11:12 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-18 11:12 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-18 11:12 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-18 11:12 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-18 11:12 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-18 11:12 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-18 11:12 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-18 11:11 . 2007-12-18 11:11 d-------- C:\Program Files\Alwil Software 2007-12-17 21:16 . 2007-12-17 21:16 d-------- C:\Program Files\Trend Micro 2007-12-17 18:57 . 2007-12-17 18:57 d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-12-17 18:56 . 2007-12-17 19:02 d-------- C:\Documents and Settings\bureau\Application Data\PrevxCSI 2007-12-17 15:05 . 2007-12-17 15:05 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-07 14:48 . 2007-12-07 14:48 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-06 21:46 . 2007-12-17 15:17 d-------- C:\Program Files\Norton Security Scan 2007-12-05 13:01 . 2007-12-05 13:01 d-------- C:\Program Files\MaxiMemo 2007-12-05 13:01 . 2007-12-05 13:01 d-------- C:\Program Files\Fichiers communs\Oberon Media 2007-12-05 13:01 . 2007-12-05 13:04 d-------- C:\Documents and Settings\bureau\Application Data\MaxiMemo 2007-12-01 15:17 . 2007-12-01 15:17 d-------- C:\Documents and Settings\bureau\Application Data\Balloon Express 2007-11-30 19:55 . 2007-12-17 12:11 d-------- C:\Documents and Settings\All Users\Application Data\Friends Games 2007-11-30 19:54 . 2005-09-27 14:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2007-11-30 19:54 . 2005-09-27 14:11 499,712 --a------ C:\WINDOWS\system32\Msvcp71.dll 2007-11-30 19:54 . 2006-11-10 10:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll 2007-11-30 19:54 . 2005-03-11 17:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll 2007-11-30 18:42 . 2007-11-30 18:42 253,952 --------- C:\WINDOWS\Setup1.exe 2007-11-30 18:42 . 2007-11-30 18:42 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-11-30 18:02 . 2007-12-17 20:49 d-------- C:\Program Files\Atelier du Joueur 2007-11-30 14:33 . 2007-11-30 14:33 d-------- C:\Documents and Settings\bureau\Application Data\MysteryStudio 2007-11-28 14:34 . 2007-12-05 12:00 d-------- C:\Program Files\Boonty 2007-11-28 13:42 . 2007-11-28 13:42 d-------- C:\Documents and Settings\bureau\Application Data\Souptoys 2007-11-28 09:10 . 2007-11-28 09:10 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-11-27 16:59 . 2007-11-27 17:29 534 --a------ C:\WINDOWS\eReg.dat 2007-11-27 13:33 . 2007-11-27 13:33 d-------- C:\Program Files\Adssite Games Collection 2007-11-27 13:33 . 2007-11-27 13:33 79,875 --a------ C:\WINDOWS\system32\adssite-remove.exe 2007-11-27 13:33 . 2007-12-17 14:03 40,737 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe 2007-11-27 13:11 . 2007-12-18 11:27 d-------- C:\Program Files\PlayMP3z 2007-11-23 18:00 . 2007-12-16 10:14 d-------- C:\Program Files\Zylom Games 2007-11-23 18:00 . 2007-12-17 12:11 d-------- C:\Documents and Settings\bureau\Application Data\Zylom 2007-11-23 18:00 . 2007-11-23 18:00 d-------- C:\Documents and Settings\bureau\Application Data\Jane s Hotel 2007-11-23 18:00 . 2007-11-23 18:00 d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2007-11-22 12:26 . 2007-12-18 11:23 d-------- C:\Program Files\ContextTool 2007-11-18 13:41 . 2007-11-27 17:46 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-18 13:32 --------- d-----w C:\Program Files\Wanadoo 2007-12-18 13:31 31,274,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-18 13:31 1,087,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-18 13:30 420,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-18 13:30 104,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-17 14:09 --------- d-----w C:\Program Files\DivX 2007-12-17 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft 2007-12-17 11:10 --------- d-----w C:\Program Files\BoontyGames 2007-12-16 09:07 --------- d-----w C:\Program Files\PlayFirst 2007-12-15 20:16 --------- d-----w C:\Documents and Settings\bureau\Application Data\PlayFirst 2007-12-12 10:37 --------- d-----w C:\Documents and Settings\bureau\Application Data\LimeWire 2007-12-05 12:01 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-04 08:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-30 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-11-27 16:50 --------- d-----w C:\Program Files\GamesBar 2007-11-27 15:52 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-27 12:33 --------- d-----w C:\Documents and Settings\bureau\Application Data\Adssite Advanced Toolbar 2007-11-26 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-11-18 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear 2007-11-17 21:17 --------- d-----w C:\Program Files\Google 2007-11-10 18:25 --------- d-----w C:\Program Files\Gamenext 2007-11-10 16:24 --------- d-----w C:\Documents and Settings\bureau\Application Data\Super-Cow 2007-11-09 20:04 --------- d-----w C:\Program Files\IndustryGiant 2 2007-11-03 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-03 14:05 --------- d-----w C:\Program Files\Eidos Interactive 2007-11-03 13:24 --------- d-----w C:\Program Files\Trymedia 2007-11-03 13:23 --------- d-----w C:\Program Files\Hexacto Games 2007-10-30 07:28 --------- d-----w C:\Program Files\DK 2007-10-25 11:20 --------- d-----w C:\Program Files\TwinTouch LuxeMate 2007-10-23 13:54 --------- d-----w C:\Program Files\Picasa2 2007-10-21 10:58 --------- d-----w C:\Documents and Settings\bureau\Application Data\Gaijin Ent 2007-10-20 10:33 --------- d-----w C:\Documents and Settings\bureau\Application Data\My Games 2007-10-15 13:59 118,478 ------w C:\WINDOWS\Fonts\christmas_cheer.zip 2007-10-15 13:58 319,728 ------w C:\WINDOWS\Fonts\elfabet.zip 2007-10-15 13:56 86,111 ------w C:\WINDOWS\Fonts\fantasy_clipart2.zip 2007-10-15 13:55 28,630 ------w C:\WINDOWS\Fonts\runes.zip 2007-10-15 13:54 7,963 ------w C:\WINDOWS\Fonts\alphabet_of_magi.zip 2007-10-15 13:52 140,222 ------w C:\WINDOWS\Fonts\perroquet.zip 2007-10-15 13:46 75,839 ------w C:\WINDOWS\Fonts\alpha_fitness.zip 2007-10-15 13:45 138,853 ------w C:\WINDOWS\Fonts\kingthings_whizzban.zip 2007-10-15 13:44 49,886 ------w C:\WINDOWS\Fonts\razzle_dazzle.zip 2007-10-15 13:44 164,574 ------w C:\WINDOWS\Fonts\blossom.zip 2007-10-15 13:42 118,897 ------w C:\WINDOWS\Fonts\cheese_and_mouse.zip 2007-10-15 13:41 60,224 ------w C:\WINDOWS\Fonts\caricature.zip 2007-10-15 13:39 58,728 ------w C:\WINDOWS\Fonts\scriptina.zip 2007-10-15 13:38 33,681 ------w C:\WINDOWS\Fonts\ardenwood.zip 2007-10-15 13:37 653,980 ------w C:\WINDOWS\Fonts\saraband.zip 2007-10-15 13:35 332,082 ------w C:\WINDOWS\Fonts\mysterious_voyage.zip 2007-10-15 13:34 151,043 ------w C:\WINDOWS\Fonts\victorian_initials_.zip 2007-10-15 13:33 38,601 ------w C:\WINDOWS\Fonts\zallman_caps.zip 2007-10-15 13:33 211,946 ------w C:\WINDOWS\Fonts\acorn_initials.zip 2007-10-15 13:31 117,664 ------w C:\WINDOWS\Fonts\popstars.zip 2007-10-15 13:30 58,642 ------w C:\WINDOWS\Fonts\groovalicious_tweak.zip 2007-10-15 13:27 47,501 ------w C:\WINDOWS\Fonts\lms_hippy_chick.zip 2007-10-15 13:23 20,723 ------w C:\WINDOWS\Fonts\roady_roadrunner.zip 2007-10-15 13:22 39,945 ------w C:\WINDOWS\Fonts\brown_bear_funk.zip 2007-10-15 13:20 12,075 ------w C:\WINDOWS\Fonts\eyesis.zip 2007-10-15 13:16 45,360 ------w C:\WINDOWS\Fonts\decapitated.zip 2007-09-23 10:50 606,848 -c--a-w C:\WINDOWS\flashax.exe 2007-09-23 10:50 503,808 ----a-w C:\WINDOWS\screenB_1024_768.scr 2007-09-23 10:50 12,288 -c--a-w C:\WINDOWS\impborl.dll 2007-09-22 02:36 120 ----a-w C:\drmHeader.bin . ((((((((((((((((((((((((((((( snapshot@2007-12-18_13.00.20,28 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2007-12-18 13:31:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {41C29B07-6F91-4966-91BE-2E2841643C83} {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}] [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1] [HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}] [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50] "PlantTycoonSetup.exe"="C:\DOCUME~1\bureau\MESDOC~1\BAESEL~1\PLANTT~1.exe" [] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 18:09] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-11 11:58] "mouseElf"="C:\PROGRA~1\TWINTO~1\MouseElf.EXE" [2004-08-26 00:45] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55] "postSetupCheck"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-05 13:00] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 06:01] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-17 16:46] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-17 13:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-14 09:20:17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1189497898.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2007-12-14 14:05:17 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2007-12-18 12:33:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 14:31:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\WhoRU.dll . Completion time: 2007-12-18 14:33:08 - machine was rebooted C:\ComboFix2.txt ... 2007-12-18 13:01 . 2007-12-18 08:01:14 --- E O F ---

mariell47 · Answer

voici le dernier rapport lopxpsetup :



Rapport Lopxp fait le 18/12/2007 à 14:38:51
Exécuté dans : C:\Program Files\Lopxp


Liste des processus actifs :

PID : 532 C:\WINDOWS\System32\smss.exe
PID : 616 C:\WINDOWS\system32\csrss.exe
PID : 640 C:\WINDOWS\system32\winlogon.exe
PID : 684 C:\WINDOWS\system32\services.exe
PID : 696 C:\WINDOWS\system32\lsass.exe
PID : 840 C:\WINDOWS\system32\svchost.exe
PID : 904 C:\WINDOWS\system32\svchost.exe
PID : 968 C:\WINDOWS\System32\svchost.exe
PID : 1044 C:\WINDOWS\system32\svchost.exe
PID : 1136 C:\WINDOWS\system32\svchost.exe
PID : 1284 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID : 1332 C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID : 1416 C:\WINDOWS\Explorer.EXE
PID : 1608 C:\WINDOWS\system32\spoolsv.exe
PID : 572 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
PID : 852 C:\WINDOWS\System32\FTRTSVC.exe
PID : 1836 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
PID : 1868 C:\Program Files\QuickTime\qttask.exe
PID : 1876 C:\PROGRA~1\TWINTO~1\MouseElf.EXE
PID : 1936 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID : 1956 C:\WINDOWS\system32\ctfmon.exe
PID : 1996 C:\Program Files\MSN Messenger\MsnMsgr.Exe
PID : 2024 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
PID : 140 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PID : 2040 C:\WINDOWS\system32\svchost.exe
PID : 256 C:\lotus\smartctr\smartctr.exe
PID : 444 C:\lotus\smartctr\suitest.exe
PID : 472 C:\Program Files\MaxiMemo\MaxiMemo.exe
PID : 1012 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PID : 1268 C:\WINDOWS\system32\sistray.exe
PID : 2368 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PID : 2580 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID : 2692 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID : 2764 C:\Program Files\TwinTouch LuxeMate\EMouse.exe
PID : 2784 C:\WINDOWS\system32\wscntfy.exe
PID : 3068 C:\WINDOWS\system32\HPZipm12.exe
PID : 3368 C:\WINDOWS\System32\alg.exe
PID : 1500 C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
PID : 1376 C:\Program Files\MSN Messenger\usnsvc.exe
PID : 2100 C:\WINDOWS\system32\wuauclt.exe
PID : 3212 C:\WINDOWS\system32
otepad.exe
PID : 3964 C:\Program Files\Mozilla Firefox\firefox.exe
PID : 3456 C:\WINDOWS\system32\cmd.exe
PID : 900 C:\Program Files\Lopxp	ools\pv.exe



___________________________________________________________________________

[Tâches planifiées]


C:\WINDOWS	asks\AppleSoftwareUpdate.job 

Cr : 08/09/2007 à 19:08
Mo : 17/12/2007 à 14:24
Fichier exécuté : C\Program Files\Apple Software Update\SoftwareUpdate.exe -task

C:\WINDOWS	asks\FRU Task #Hewlett-Packard#hp psc 2100 series#1189497898.job 

Cr : 11/09/2007 à 09:05
Mo : 14/12/2007 à 10:20
Fichier exécuté : C\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 2100 series#1189497898"

C:\WINDOWS	asks\Norton Security Scan.job 

Cr : 06/12/2007 à 21:46
Mo : 14/12/2007 à 15:05
Fichier exécuté : C\Program Files\Norton Security Scan\Nss.exe /scan-full /scheduled

C:\WINDOWS	asks\Vérifier les mises à jour de Windows Live Toolbar.job 

Fichier exécuté : C\Program Files\Windows Live Toolbar\MSNTBUP.EXE 


___________________________________________________________________________

[Listing des dossiers Application Data]


cr: Date Création | mo: Date Modification -=- Nom Long -= Nom Court (8.3)


+- C:\Documents and Settings\All Users\Application Data

cr: 13/09/2007 10:38:22 | mo: 04/12/2007 09:44:21 -=- Adobe ----= Adobe
cr: 13/09/2007 10:39:25 | mo: 13/09/2007 10:39:25 -=- ADOBES~1 -= Adobe Systems
cr: 17/09/2007 16:47:23 | mo: 23/09/2007 17:16:57 -=- ALIASW~1 -= Aliasworlds
cr: 08/09/2007 19:08:38 | mo: 08/09/2007 19:08:38 -=- Apple ----= Apple
cr: 08/09/2007 19:12:01 | mo: 11/10/2007 11:55:57 -=- APPLEC~1 -= Apple Computer
cr: 17/09/2007 16:46:58 | mo: 17/09/2007 16:46:58 -=- BOONTY ---= BOONTY
cr: 30/11/2007 19:55:35 | mo: 17/12/2007 12:11:00 -=- FRIEND~1 -= Friends Games
cr: 18/11/2007 13:41:03 | mo: 27/11/2007 17:46:09 -=- Fugazo ---= Fugazo
cr: 14/09/2007 14:17:46 | mo: 14/09/2007 14:17:55 -=- Google ---= Google
cr: 16/11/2007 14:14:25 | mo: 17/12/2007 12:11:00 -=- HipSoft --= HipSoft
cr: 12/09/2007 20:16:27 | mo: 18/11/2007 13:30:26 -=- JOLLYB~1 -= JollyBear
cr: 07/09/2007 09:12:00 | mo: 07/09/2007 09:12:00 -=- KASPER~1 -= Kaspersky Lab
cr: 14/10/2007 17:02:51 | mo: 14/10/2007 17:02:51 -=- LEGACY~1 -= Legacy Interactive
cr: 05/09/2007 15:50:20 | mo: 15/10/2007 08:45:28 -=- MICROS~1 -= Microsoft
cr: 08/09/2007 11:53:58 | mo: 08/09/2007 11:53:58 -=- Mozilla --= Mozilla
cr: 07/12/2007 14:48:35 | mo: 07/12/2007 14:48:35 -=- MUMBOJ~1 -= MumboJumbo
cr: 28/09/2007 19:39:11 | mo: 28/09/2007 19:39:11 -=- NANNYM~1 -= NannyMania
cr: 08/09/2007 19:56:46 | mo: 10/09/2007 09:39:04 -=- OBERON~1 -= Oberon Games
cr: 12/09/2007 19:52:33 | mo: 30/11/2007 21:01:47 -=- PLAYFI~1 -= PlayFirst
cr: 20/09/2007 19:29:22 | mo: 20/09/2007 19:29:22 -=- PopCap ---= PopCap
cr: 17/12/2007 18:57:02 | mo: 17/12/2007 18:57:02 -=- Prevx ----= Prevx
cr: 30/09/2007 13:49:00 | mo: 30/09/2007 13:49:00 -=- QUICKT~1 -= QuickTime
cr: 15/09/2007 19:14:30 | mo: 26/11/2007 21:33:13 -=- SANDLO~1 -= Sandlot Games
cr: 17/12/2007 15:05:31 | mo: 17/12/2007 15:05:33 -=- TEMP -----= TEMP
cr: 15/09/2007 09:51:34 | mo: 15/09/2007 09:51:35 -=- Trymedia -= Trymedia
cr: 20/09/2007 14:25:24 | mo: 20/09/2007 14:25:24 -=- WINDOW~2 -= Windows Genuine Advantage
cr: 07/09/2007 10:28:42 | mo: 07/09/2007 10:28:42 -=- WINDOW~1 -= Windows Live Toolbar
cr: 23/11/2007 18:00:47 | mo: 23/11/2007 18:00:47 -=- Zylom ----= Zylom

+- C:\Documents and Settings\bureau\Application Data

cr: 07/09/2007 12:23:47 | mo: 04/12/2007 09:44:44 -=- Adobe ----= Adobe
cr: 15/09/2007 13:45:45 | mo: 27/11/2007 13:33:30 -=- ADSSIT~1 -= Adssite Advanced Toolbar
cr: 08/09/2007 19:17:04 | mo: 12/10/2007 13:17:17 -=- APPLEC~1 -= Apple Computer
cr: 01/12/2007 15:17:07 | mo: 01/12/2007 15:17:08 -=- BALLOO~1 -= Balloon Express
cr: 13/09/2007 11:56:23 | mo: 15/09/2007 11:38:06 -=- BIGFIS~1 -= Big Fish Games
cr: 08/09/2007 11:55:38 | mo: 08/09/2007 12:38:05 -=- DivX -----= DivX
cr: 20/09/2007 13:57:16 | mo: 20/09/2007 14:53:48 -=- EoRezo ---= EoRezo
cr: 21/10/2007 11:58:46 | mo: 21/10/2007 11:58:46 -=- GAIJIN~1 -= Gaijin Ent
cr: 14/09/2007 14:44:29 | mo: 17/11/2007 22:18:06 -=- Google ---= Google
cr: 21/09/2007 16:02:59 | mo: 21/09/2007 16:02:59 -=- Help -----= Help
cr: 05/09/2007 14:15:34 | mo: 15/12/2007 20:14:20 -=- IDENTI~1 -= Identities
cr: 05/09/2007 15:39:55 | mo: 05/09/2007 15:39:55 -=- INTERT~1 -= InterTrust
cr: 20/09/2007 13:58:38 | mo: 20/09/2007 13:58:38 -=- ItsLabel -= ItsLabel
cr: 23/11/2007 18:00:59 | mo: 23/11/2007 18:00:59 -=- JANESH~1 -= Jane s Hotel
cr: 08/09/2007 11:42:14 | mo: 12/12/2007 11:37:24 -=- LimeWire -= LimeWire
cr: 07/09/2007 10:33:25 | mo: 06/12/2007 21:46:51 -=- MACROM~1 -= Macromedia
cr: 05/12/2007 13:01:02 | mo: 05/12/2007 13:04:45 -=- MaxiMemo -= MaxiMemo
cr: 08/09/2007 12:38:02 | mo: 08/09/2007 12:38:11 -=- MEDIAP~1 -= Media Player Classic
cr: 11/10/2007 19:48:52 | mo: 11/10/2007 19:48:52 -=- MICROA~1 -= Micro Application
cr: 05/09/2007 14:15:26 | mo: 11/10/2007 11:57:12 -=- MICROS~1 -= Microsoft
cr: 08/09/2007 11:54:20 | mo: 08/09/2007 11:54:20 -=- Mozilla --= Mozilla
cr: 07/09/2007 10:18:53 | mo: 07/09/2007 10:18:56 -=- MSNINS~1 -= MSNInstaller
cr: 20/10/2007 11:33:42 | mo: 20/10/2007 11:33:42 -=- MYGAME~1 -= My Games
cr: 30/11/2007 14:33:55 | mo: 30/11/2007 14:33:55 -=- MYSTER~1 -= MysteryStudio
cr: 13/09/2007 11:37:12 | mo: 13/09/2007 11:37:12 -=- Opera ----= Opera
cr: 12/09/2007 19:52:33 | mo: 15/12/2007 21:16:48 -=- PLAYFI~1 -= PlayFirst
cr: 17/12/2007 18:56:08 | mo: 17/12/2007 19:02:26 -=- PrevxCSI -= PrevxCSI
cr: 28/11/2007 13:42:42 | mo: 28/11/2007 13:42:42 -=- Souptoys -= Souptoys
cr: 09/09/2007 15:45:49 | mo: 09/09/2007 15:45:49 -=- Sun ------= Sun
cr: 10/11/2007 17:19:21 | mo: 10/11/2007 17:24:24 -=- SUPER-~1 -= Super-Cow
cr: 08/09/2007 11:54:36 | mo: 08/09/2007 11:54:36 -=- Talkback -= Talkback
cr: 20/09/2007 13:57:33 | mo: 20/09/2007 13:57:33 -=- URUSoft --= URUSoft
cr: 07/09/2007 10:47:16 | mo: 07/09/2007 10:47:16 -=- vlc ------= vlc
cr: 05/09/2007 15:41:39 | mo: 10/09/2007 09:36:11 -=- Webshots -= Webshots
cr: 23/11/2007 18:00:52 | mo: 17/12/2007 12:11:00 -=- Zylom ----= Zylom

+- C:\Documents and Settings\bureau\Local Settings\Application Data

cr: 13/09/2007 10:42:58 | mo: 13/09/2007 11:08:42 -=- Adobe ----= Adobe
cr: 08/09/2007 19:08:51 | mo: 08/09/2007 19:08:51 -=- Apple ----= Apple
cr: 08/09/2007 19:08:06 | mo: 12/10/2007 13:17:07 -=- APPLEC~1 -= Apple Computer
cr: 07/09/2007 10:43:36 | mo: 17/11/2007 22:18:06 -=- Google ---= Google
cr: 21/09/2007 16:02:59 | mo: 21/09/2007 16:02:59 -=- Help -----= Help
cr: 07/09/2007 14:27:55 | mo: 11/10/2007 10:41:57 -=- IDENTI~1 -= Identities
cr: 07/09/2007 11:04:26 | mo: 07/09/2007 11:06:29 -=- IM -------= IM
cr: 12/09/2007 20:16:27 | mo: 18/11/2007 13:30:34 -=- JOLLYB~1 -= JollyBear
cr: 05/12/2007 22:09:41 | mo: 05/12/2007 22:09:41 -=- king.com -= king.com
cr: 05/09/2007 14:15:26 | mo: 06/12/2007 21:18:25 -=- MICROS~1 -= Microsoft
cr: 08/09/2007 11:54:20 | mo: 08/09/2007 11:54:20 -=- Mozilla --= Mozilla
cr: 17/12/2007 12:11:00 | mo: 17/12/2007 12:11:00 -=- OBERON~1 -= Oberon Media
cr: 02/12/2007 16:33:05 | mo: 02/12/2007 16:33:35 -=- SPOOKY~1 -= SpookyManor
cr: 20/09/2007 10:39:30 | mo: 20/09/2007 10:39:30 -=- WMTOOL~1 -= WMTools Downloaded Files

___________________________________________________________________________

[Listing du dossier Program Files]

+- C:\Program Files

cr: 05/09/2007 15:39:55 | mo: 05/12/2007 13:01:29 -=- Adobe ----= Adobe
cr: 15/09/2007 13:45:45 | mo: 15/09/2007 13:45:51 -=- ADSSIT~2 -= Adssite Advanced Toolbar
cr: 27/11/2007 13:33:24 | mo: 27/11/2007 13:33:27 -=- ADSSIT~1 -= Adssite Games Collection
cr: 18/12/2007 11:11:56 | mo: 18/12/2007 11:11:56 -=- ALWILS~1 -= Alwil Software
cr: 08/09/2007 19:08:38 | mo: 08/09/2007 19:08:40 -=- APPLES~1 -= Apple Software Update
cr: 30/11/2007 18:02:43 | mo: 17/12/2007 20:49:09 -=- ATELIE~1 -= Atelier du Joueur
cr: 10/09/2007 14:27:11 | mo: 10/09/2007 14:27:35 -=- BITDOW~1 -= BitDownload
cr: 28/11/2007 14:34:35 | mo: 05/12/2007 12:00:50 -=- Boonty ---= Boonty
cr: 17/09/2007 16:46:23 | mo: 17/12/2007 12:10:58 -=- BOONTY~1 -= BoontyGames
cr: 20/09/2007 12:21:14 | mo: 20/09/2007 12:21:14 -=- Coktel ---= Coktel
cr: 05/09/2007 14:00:10 | mo: 05/09/2007 14:00:10 -=- COMPLU~1 -= ComPlus Applications
cr: 22/11/2007 12:26:44 | mo: 18/12/2007 11:23:42 -=- CONTEX~1 -= ContextTool
cr: 08/09/2007 11:53:00 | mo: 17/12/2007 15:09:05 -=- DivX -----= DivX
cr: 11/10/2007 11:46:14 | mo: 30/10/2007 08:28:26 -=- DK -------= DK
cr: 03/11/2007 15:05:28 | mo: 03/11/2007 15:05:28 -=- EIDOSI~1 -= Eidos Interactive
cr: 20/09/2007 13:57:14 | mo: 20/09/2007 14:53:49 -=- eoRezo ---= eoRezo
cr: 05/09/2007 15:51:05 | mo: 30/11/2007 14:32:07 -=- FICHIE~1 -= Fichiers communs
cr: 26/10/2007 19:49:45 | mo: 10/11/2007 19:25:23 -=- Gamenext -= Gamenext
cr: 22/09/2007 07:57:45 | mo: 27/11/2007 17:50:20 -=- GamesBar -= GamesBar
cr: 14/09/2007 14:17:46 | mo: 17/11/2007 22:17:25 -=- Google ---= Google
cr: 11/09/2007 08:30:02 | mo: 11/09/2007 08:59:38 -=- HEWLET~1 -= Hewlett-Packard
cr: 03/11/2007 14:23:49 | mo: 03/11/2007 14:23:49 -=- HEXACT~1 -= Hexacto Games
cr: 05/09/2007 15:33:55 | mo: 05/09/2007 15:33:55 -=- HP -------= HP
cr: 09/11/2007 16:52:08 | mo: 09/11/2007 21:04:38 -=- INDUST~1 -= IndustryGiant 2
cr: 17/09/2007 08:52:13 | mo: 17/09/2007 08:52:15 -=- INFORAD --= INFORAD
cr: 17/09/2007 08:52:14 | mo: 17/09/2007 08:52:15 -=- INFORA~1 -= INFORAD_DRIVERS
cr: 05/09/2007 16:08:16 | mo: 03/11/2007 15:05:34 -=- INSTAL~1 -= InstallShield Installation Information
cr: 05/09/2007 14:00:23 | mo: 11/10/2007 19:35:13 -=- INTERN~1 -= Internet Explorer
cr: 20/09/2007 13:57:43 | mo: 20/09/2007 14:57:59 -=- ItsLabel -= ItsLabel
cr: 14/09/2007 14:17:10 | mo: 14/09/2007 14:17:36 -=- Java -----= Java
cr: 14/09/2007 13:04:47 | mo: 14/09/2007 13:04:47 -=- JavaSoft -= JavaSoft
cr: 08/09/2007 12:35:51 | mo: 08/09/2007 12:36:00 -=- K-LITE~1 -= K-Lite Codec Pack
cr: 07/09/2007 09:12:00 | mo: 16/09/2007 14:54:36 -=- KASPER~1 -= Kaspersky Lab
cr: 08/09/2007 11:40:25 | mo: 18/09/2007 12:39:13 -=- LimeWire -= LimeWire
cr: 18/12/2007 14:37:08 | mo: 18/12/2007 14:38:54 -=- Lopxp ----= Lopxp
cr: 14/09/2007 10:56:38 | mo: 14/09/2007 13:07:06 -=- LotusSAP -= LotusSAP
cr: 05/12/2007 13:01:02 | mo: 05/12/2007 13:01:02 -=- MaxiMemo -= MaxiMemo
cr: 05/09/2007 13:59:28 | mo: 18/09/2007 12:39:13 -=- MESSEN~1 -= Messenger
cr: 05/09/2007 14:03:22 | mo: 05/09/2007 14:03:22 -=- MICROS~1 -= microsoft frontpage
cr: 11/09/2007 09:43:32 | mo: 20/09/2007 17:43:50 -=- MICROS~2 -= Microsoft Picture It! PhotoPub
cr: 14/09/2007 13:37:03 | mo: 14/09/2007 13:37:06 -=- MICROS~3 -= Microsoft Works
cr: 05/09/2007 14:00:49 | mo: 05/09/2007 14:00:52 -=- MOVIEM~1 -= Movie Maker
cr: 08/09/2007 11:54:10 | mo: 18/12/2007 14:33:37 -=- MOZILL~1 -= Mozilla Firefox
cr: 05/09/2007 13:58:48 | mo: 05/12/2007 13:15:59 -=- MSN ------= MSN
cr: 05/09/2007 13:59:24 | mo: 05/09/2007 13:59:24 -=- MSNGAM~1 -= MSN Gaming Zone
cr: 07/09/2007 10:26:40 | mo: 07/09/2007 10:26:43 -=- MSNMES~1 -= MSN Messenger
cr: 18/09/2007 13:17:50 | mo: 18/09/2007 13:17:52 -=- NET-IT~1 -= Net-It Now! Starter Edition
cr: 05/09/2007 14:00:37 | mo: 05/09/2007 14:01:07 -=- NETMEE~1 -= NetMeeting
cr: 06/12/2007 21:46:34 | mo: 17/12/2007 15:17:57 -=- NORTON~1 -= Norton Security Scan
cr: 07/09/2007 20:24:32 | mo: 07/09/2007 20:24:32 -=- orange ---= orange
cr: 05/09/2007 14:00:34 | mo: 25/10/2007 09:41:21 -=- OUTLOO~1 -= Outlook Express
cr: 07/09/2007 10:43:13 | mo: 23/10/2007 14:54:49 -=- Picasa2 --= Picasa2
cr: 09/11/2007 17:28:10 | mo: 16/12/2007 10:07:55 -=- PLAYFI~1 -= PlayFirst
cr: 27/11/2007 13:11:46 | mo: 18/12/2007 11:27:33 -=- PlayMP3z -= PlayMP3z
cr: 16/09/2007 20:04:22 | mo: 11/10/2007 11:58:58 -=- QUICKT~1 -= QuickTime
cr: 11/09/2007 08:39:10 | mo: 18/09/2007 12:39:15 -=- ReadIris -= ReadIris
cr: 20/09/2007 08:27:36 | mo: 20/09/2007 08:27:36 -=- SAGEM ----= SAGEM
cr: 20/09/2007 08:26:43 | mo: 20/09/2007 08:26:43 -=- SECURI~1 -= Securitoo
cr: 05/09/2007 14:01:55 | mo: 05/09/2007 14:01:55 -=- SERVIC~1 -= Services en ligne
cr: 07/09/2007 10:35:22 | mo: 07/09/2007 10:36:14 -=- SISVGA~1.65 -= SiS VGA Utilities V3.65
cr: 17/12/2007 21:16:20 | mo: 17/12/2007 21:16:20 -=- TRENDM~1 -= Trend Micro
cr: 03/11/2007 14:24:12 | mo: 03/11/2007 14:24:12 -=- Trymedia -= Trymedia
cr: 25/10/2007 12:20:14 | mo: 25/10/2007 12:20:15 -=- TWINTO~1 -= TwinTouch LuxeMate
cr: 05/09/2007 14:15:32 | mo: 05/09/2007 14:15:32 -=- UNINST~1 -= Uninstall Information
cr: 20/09/2007 13:57:29 | mo: 20/09/2007 13:57:29 -=- URUSoft --= URUSoft
cr: 05/09/2007 15:39:37 | mo: 05/09/2007 15:39:37 -=- VideoLAN -= VideoLAN
cr: 20/09/2007 08:29:40 | mo: 18/12/2007 14:33:34 -=- Wanadoo --= Wanadoo
cr: 15/10/2007 08:45:28 | mo: 15/10/2007 08:45:28 -=- WI48FA~1 -= Windows Live Favorites
cr: 07/09/2007 10:27:38 | mo: 05/12/2007 13:01:42 -=- WINDOW~4 -= Windows Live Toolbar
cr: 05/09/2007 13:59:32 | mo: 05/09/2007 14:03:13 -=- WINDOW~2 -= Windows Media Player
cr: 05/09/2007 13:58:46 | mo: 17/12/2007 20:46:30 -=- WINDOW~1 -= Windows NT
cr: 05/09/2007 14:01:58 | mo: 05/09/2007 14:01:58 -=- WINDOW~3 -= WindowsUpdate
cr: 05/09/2007 15:41:50 | mo: 05/09/2007 15:41:53 -=- WinRAR ---= WinRAR
cr: 08/09/2007 09:21:46 | mo: 08/09/2007 11:30:17 -=- WWWFIL~1 -= WWW File Share Pro
cr: 05/09/2007 14:03:22 | mo: 05/09/2007 14:03:22 -=- xerox ----= xerox
cr: 09/09/2007 16:00:32 | mo: 18/09/2007 12:39:15 -=- Xvid -----= Xvid
cr: 23/11/2007 18:00:16 | mo: 16/12/2007 10:14:11 -=- ZYLOMG~1 -= Zylom Games

___________________________________________________________________________

[Recherche programmes connus, liés à CiD]


C:\Program Files\BitDownload


___________________________________________________________________________

[Clés registre de démarrage]


___________________________________________________________________________

[Popups autorisés]


[-] Internet Explorer :

*.zylom.com
PopupMgr

[-] Mozilla Firefox


[-] Suite Mozilla / SeaMonkey


___________________________________________________________________________

[Suggestion nettoyage registre] 

- Aucune suggestion.


- Fin du rapport -

mariell47 · Answer

les fichiers que tu me dit avoir téléchargé volontairement sont des polices de caractères, en quoi cela est dangeureux ? dois-je les supprimer ?

Lyonnais92 · Answer

Re,

cherche, apr l'explorateur Windows, ces 2 fichiers :

C:\WINDOWS\system32\adssite-remove.exe 
 C:\WINDOWS\system32\rightonadz-uninst.exe 

Si tu les trouves, double clique-dessus et suis les instructions de désinstallation.

redémarre l'ordi et remets un rapport  Hijackthis.

mariell47 · Answer

j'ai effectuer les démarche de desinstallaztion je poste le rapport :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:17, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TWINTO~1\MouseElf.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\lotus\smartctr\smartctr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\TwinTouch LuxeMate\EMouse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar	oolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [PlantTycoonSetup.exe] C:\DOCUME~1\bureau\MESDOC~1\BAESEL~1\PLANTT~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3e2893a619834314a31bc6f32058cea4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3e2893a619834314a31bc6f32058cea4
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.119.254:12500/activex/AxisCamControl.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameShell/online/fr/chuzzle/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE0759A-D5F0-4132-8699-0E45057EF6E7}: NameServer = 192.168.1.1,80.10.246.2
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Lyonnais92 · Answer

Bonsoir,

j'espère que tu es consciente des risques que tu fais courir à ton ordi avec PlantTycoonSetup, Boonty et quelques autres.

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar	oolbar.dll

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Program Files\Adssite Advanced Toolbar	oolbar.dll
C:\Program Files\Adssite Advanced Toolbar

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Remets un rapport Hijackthis

mariell47 · Answer

Ma fille adore les jeux genre plant tycoon, ils sont proposés par orange, je ne pensais pas que cela m'était l'ordi en danger !
je poste le 1er rapport :

C:\Program Files\Adssite Advanced Toolbar	oolbar.dll unregistered successfully.
C:\Program Files\Adssite Advanced Toolbar	oolbar.dll moved successfully.
C:\Program Files\Adssite Advanced Toolbar moved successfully.
 
Created on 12/19/2007 01:14:09

mariell47 · Answer

voilà le rapport suivant :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:47, on 19/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\PROGRA~1\TWINTO~1\MouseElf.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TwinTouch LuxeMate\EMouse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [PlantTycoonSetup.exe] C:\DOCUME~1\bureau\MESDOC~1\BAESEL~1\PLANTT~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3e2893a619834314a31bc6f32058cea4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3e2893a619834314a31bc6f32058cea4
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.119.254:12500/activex/AxisCamControl.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameShell/online/fr/chuzzle/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE0759A-D5F0-4132-8699-0E45057EF6E7}: NameServer = 192.168.1.1,80.10.246.2
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

mariell47 · Answer

il faut quand même que je dorme un peu, çà fait trois jours que j'essais de trouver des solutions, là je suis claquée !!! je reviens demain, voire si tu as répondu. J'ai plusieurs fenetres d'erreurs qui se mettent au demarrage, le navigateur exploreur fonctionné, mais plus depuis que j'ai désinstallé avast. Je l'ai supprimé car il contenait un virus : cheval de troie trojan.win32.gorshok.a, d'ailleurs kapersky l'a supprimé, bonne nuit !!!

Lyonnais92 · Answer

Bonjour,

tu n'avais aucune chance avec ton BHO.abo !

Pour les risques, pas seulement de tycoon, mais limewire, bitdownload, ...

D'ailleurs, ton infection en est la conséquence.

C'est quoi les fenêtres au démarrage maintenant ?


Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\flashax.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

mariell47 · Answer

Bonjour !!!!
je vois que tu t'es levé tôt, merci de penser à mon problème! ,


Kapersky me dit que le virus est maintenent introuvable, est ce bon ???
les fenetre sont :
1/  boontybox
error : no compatible patner file in available, please reinstall your boontybox
2/ maxi memo
interface not supported

que dois-je faire ???

je t'envoie ce que tu m'as demandé :



MD5:  	a16126510106990df3e4445191adead8
Date 	2007.04.23 00:05:12 (CET) [>240D]
Résultats 	2/31


 Impression des résultats  Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email: 	
	
Antivirus 	Version 	Dernière mise à jour 	Résultat
AhnLab-V3	-	-	-
AntiVir	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	-
BitDefender	-	-	-
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
DrWeb	-	-	-
eSafe	-	-	-
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	No threat detected
Fortinet	-	-	suspicious
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
Panda	-	-	-
Prevx1	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	-
VirusBuster	-	-	-
Webwasher-Gateway	-	-	-
Information additionnelle
MD5: a16126510106990df3e4445191adead8

mariell47 · Answer

.....suite de la page 2...contenant le dernier rapport.....

J'ai aussi des problemes pour ouvrir certaines fenetre comme "rechercher" dans le menu demarrer, et l'impossibilité de supprimé certains jeux de la liste des programmes à désinstaller, c'est pas  trop génant, à moins que cela n'endommage l'ordi ...

Lyonnais92 · Answer

Bonsoir,

c'est quoi maxi memo ?

désinstalle boontybox.

Quels sont les jeux que tu ne peux pas ésonstaller ?

Ils sont dans la liste quand tu fais Démarrer, panneau de configuration, ajout/suppression de programme ?

mariell47 · Answer

bonjour,
je viens de voir ta réponse, je n'était pas sur le site hier soir, merci de me répondre.

maxi memo est un compteur de point pour des réduction sur maximail, mais je ne l'utilise jamais, c'est une installation qui se fait lorsque tu t'inscrit.
effectivement les jeux sont dans ajout/suppression de programme, il y a boontybox, balloon express, cathy's caribbean club, dr daisy pet vet fr, fashion fit et magic shop, impossible de supprimer ou désinstaller.Une fenetre me dit que le fichier n'existe pas et donc qu'il est impossible a désinstaller.

comment dois je faire pour qu'explorer et orange fonctionnent à nouveau ?

Lyonnais92 · Answer

Bonjour,

pour IE et Orange, ce soir, il faut que je regarde.

Pour les jeux, ils ont une icône de lancement ? Si oui, tu fais propriétés et rechercher la cible.

Tu me donnes pour chacun le nom de la cible (un xxxxxxxx.exe)

mariell47 · Answer

Il n'y a aucun icone pour les jeux, je ne sais pas trop ou trouver le fichier, mais je vais regarder.

mariell47 · Answer

En faisant rechercher, j'ai trouvé les fichiers des jeux, est ce que je dois tout supprimer ou il y a une autre méthode ?

j'ai essayé d'en remettre un sous forme d'icone mais lorsque je fais "rechercher la cible", rien ne se passe.

philjm59400 · Answer

depuis hier soir lorsque je veux ouvrir n'importe quel site j'ai un message qui me dit que mon ordi et infecte par   worm.wim32.sorbe j'ai essaye avest spyware doctor mais rien ni fait  et de plus je debut "bonjours les degats " qui peut me venir en aide merci d'avance et de tres bonne fetes de fin d'annee

Lyonnais92 · Answer

Re,

donne moi la lsite ds noms des fichiers .exe des jeux.

Je te dirai ce qu'il faut faire après.

mariell47 · Answer

coucou,

voici ce que j'ai trouvé dans les fichier, je ne sais pas si c'est ce que tu demande :

pour baloon express :
Files\orange\jeux\Balloon Express\Launch.exe"

pour boonty box :
"C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot /nosplash

pour cathy's :
"C:\Program Files\orange\jeux\Cathys Caribbean Club\Launch.exe"

pour fashion fits :
"C:\Program Files\orange\jeux\Fashion Fits\Launch.exe"

pour daisy pet vet :
DRDAISYPETVET.EXE-29970D56

 pour maxi memo:
"C:\Program Files\MaxiMemo\MaxiMemo.exe"

en revanche pour magic shop, je n'ai pas trouvé de fichier finisant par exe, mais un document texte, j'espere que ça ira

--------------------------------------------------
Magic Shop v.1.0 build 2007.07.25
powered by j_engine v.2.29 build 45.2007.08.16
(c) 2007 Anton Saburov. All Rights Reserved.
--------------------------------------------------


{00:00:00:000} [ :) ] J_MAIN.J_Open: userdata directory is "C:\Documents and Settings\bureau\Mes documents\My Games\JaiboGames\MagicShop"
HGE Started..

HGE version: 1.60
Date: 28.11.2007, 14:36:29

Application: Magic Shop
OS: Windows 5.1.2600
Memory: 457456K total, 113816K free

D3D Driver: SiSGRV.dll
Description: SiS 651_661FX_741_760_760GX_M661FX_M661MX_M741_M760_M760GX
Version: 6.14.10.3650
Mode: 800 x 600 x R5G6B5

Init done.

{00:00:00:000} [ :) ] J_VID.VID_LoadTexture: texture "particles"[0] has been loaded, used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_0"[0] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_1"[1] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_2"[2] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_3"[3] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_4"[4] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_5"[5] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_6"[6] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_7"[7] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_8"[8] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_9"[9] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_10"[10] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_11"[11] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_12"[12] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_13"[13] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_14"[14] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "particle_15"[15] has been created using texture "particles"[0], used videomem = 65536
{00:00:00:000} [ :) ] J_VID_PS.VID_InitPS: 16 ps sprites has been loaded
{00:00:00:000} [ :) ] J_VID_PS.VID_InitPS: 99 source ps has been loaded
{00:00:00:000} [ :) ] J_VID_PS.VID_InitPS: 133 ps has been loaded
{00:00:00:000} [ :) ] J_VID.VID_LoadTexture: texture "cursors"[1] has been loaded, used videomem = 131072
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "mouse_cursor_bonus"[16] has been created using texture "cursors"[1], used videomem = 131072
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "mouse_cursor_menu"[17] has been created using texture "cursors"[1], used videomem = 131072
{00:00:00:000} [ :) ] J_CUR.CUR_Init: 2 mouse cursors has been loaded
{00:00:00:000} [ :) ] J_SND.SND_Init: sound system was successfully initialized - device 1 from 2 devices, 44100Hz, stereo, 16 bits
{00:00:00:000} [ :) ] J_SND.SND_Init: 85 sounds has been found
{00:00:00:000} [ :) ] J_GUI_BUTTON.GUI_BUTTON_Init: 31 gui buttons has been loaded
{00:00:00:000} [ :) ] J_GUI_BUTTON.GUI_BUTTON_Init: 82 gui local buttons has been loaded
{00:00:00:000} [ :) ] J_GUI_CHECK.GUI_CHECK_Init: 1 gui checks has been loaded
{00:00:00:000} [ :) ] J_GUI_CHECK.GUI_CHECK_Init: 1 gui local checks has been loaded
{00:00:00:000} [ :) ] J_GUI_SLIDER.GUI_SLIDER_Init: 1 gui sliders has been loaded
{00:00:00:000} [ :) ] J_GUI_SLIDER.GUI_SLIDER_Init: 2 gui local sliders has been loaded
{00:00:00:000} [ :) ] J_GUI_LIST.GUI_LIST_Init: 1 gui lists has been loaded
{00:00:00:000} [ :) ] J_GUI_LIST.GUI_LIST_Init: 4 gui local lists has been loaded
{00:00:00:000} [ :) ] J_GUI_EDIT.GUI_EDIT_Init: 2 gui edits has been loaded
{00:00:00:000} [ :) ] J_GUI_EDIT.GUI_EDIT_Init: 3 gui local edits has been loaded
{00:00:00:000} [ :) ] J_GUI_STATIC.GUI_STATIC_Init: 0 (0 different) simple gui static texts has been loaded
{00:00:00:000} [ :) ] J_GUI_STATIC.GUI_STATIC_Init: 0 (0 different) gui static longs has been loaded
{00:00:00:000} [ :) ] J_GUI_STATIC.GUI_STATIC_Init: 0 (0 different) gui static doubles has been loaded
{00:00:00:000} [ :) ] J_VID.VID_CreateSprite: sprite [18] has been created without texture
{00:00:00:000} [ :) ] J_VID.VID_CreateSprite: sprite [19] has been created without texture
{00:00:00:000} [ :) ] J_VID.VID_LoadTexture: texture "screen_sprite"[2] has been loaded, used videomem = 1179648
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "screen_sprite"[20] has been created using texture "screen_sprite"[2], used videomem = 1179648
{00:00:00:000} [ :) ] J_WINDOW.WIN_Init: 3 res windows has been loaded
{00:00:00:000} [ :) ] J_WINDOW.WIN_Init: 22 sd windows has been loaded
{00:00:00:000} [ :) ] J_VID.VID_LoadTexture: texture "intro_back"[3] has been loaded, used videomem = 5373952
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "intro_back"[21] has been created using texture "intro_back"[3], used videomem = 5373952
{00:00:00:000} [ :) ] J_VID.VID_LoadTexture: texture "intro_progress"[4] has been loaded, used videomem = 5439488
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "intro_progress_bar"[22] has been created using texture "intro_progress"[4], used videomem = 5439488
{00:00:00:000} [ :) ] J_VID.VID_LoadTexture: texture "logo_1"[5] has been loaded, used videomem = 9633792
{00:00:00:000} [ :) ] J_VID.VID_LoadSprite: sprite "logo_1"[23] has been created using texture "logo_1"[5], used videomem = 9633792
{00:00:02:106} [ :) ] J_VID.VID_DeleteSprite: sprite "logo_1"[23] has been deleted using texture "logo_1"[5], used videomem = 9633792
{00:00:02:106} [ :) ] J_VID.VID_DeleteTexture: texture "logo_1"[5] has been deleted, used videomem = 5439488
{00:00:02:106} [ ERROR :( ] J_VID.VID_Draw: wrong sprite [23]
{00:00:02:123} [ :) ] J_VID.VID_LoadTexture: texture "logo_2"[5] has been loaded, used videomem = 9633792
{00:00:02:123} [ :) ] J_VID.VID_LoadSprite: sprite "logo_2"[23] has been created using texture "logo_2"[5], used videomem = 9633792
{00:00:03:990} [ :) ] J_VID.VID_DeleteSprite: sprite "logo_2"[23] has been deleted using texture "logo_2"[5], used videomem = 9633792
{00:00:03:990} [ :) ] J_VID.VID_DeleteTexture: texture "logo_2"[5] has been deleted, used videomem = 5439488
{00:00:03:990} [ ERROR :( ] J_VID.VID_Draw: wrong sprite [23]
{00:00:04:007} [ :) ] J_VID.VID_LoadTexture: texture "logo_3"[5] has been loaded, used videomem = 9633792
{00:00:04:007} [ :) ] J_VID.VID_LoadSprite: sprite "logo_3"[23] has been created using texture "logo_3"[5], used videomem = 9633792
{00:00:05:984} [ :) ] J_VID.VID_DeleteSprite: sprite "logo_3"[23] has been deleted using texture "logo_3"[5], used videomem = 9633792
{00:00:05:984} [ :) ] J_VID.VID_DeleteTexture: texture "logo_3"[5] has been deleted, used videomem = 5439488
{00:00:05:984} [ ERROR :( ] J_VID.VID_Draw: wrong sprite [23]
Can't load resource: lang_data\english\graphics\logo\logo_4.jpg
{00:00:06:001} [ ERROR :( ] J_VID.VID_LoadTexture: texture "logo_4" invalid
{00:00:06:001} [ ERROR :( ] J_VID.VID_LoadSprite: texture "logo_4" invalid
{00:00:06:018} [ :) ] J_VID.VID_LoadTexture: texture "fonts_2"[5] has been loaded, used videomem = 6488064
{00:00:06:018} [ :) ] J_VID.VID_LoadSprite: sprite "font_header"[23] has been created using texture "fonts_2"[5], used videomem = 6488064
{00:00:07:072} [ :) ] J_SND.SND_LoadAll: all sounds successfully loaded
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "mainmenu_1"[6] has been loaded, used videomem = 10682368
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_sun"[24] has been created using texture "mainmenu_1"[6], used videomem = 10682368
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_moon"[25] has been created using texture "mainmenu_1"[6], used videomem = 10682368
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_star"[26] has been created using texture "mainmenu_1"[6], used videomem = 10682368
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_glow"[27] has been created using texture "mainmenu_1"[6], used videomem = 10682368
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_moonlight"[28] has been created using texture "mainmenu_1"[6], used videomem = 10682368
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_window"[29] has been created using texture "mainmenu_1"[6], used videomem = 10682368
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "mainmenu_2"[7] has been loaded, used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guib_play"[30] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guibdown_play"[31] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guib_trophy"[32] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guibdown_trophy"[33] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guib_options"[34] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guibdown_options"[35] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guib_high"[36] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guibdown_high"[37] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guib_exit"[38] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guibdown_exit"[39] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guib_help"[40] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guibdown_help"[41] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guib_player"[42] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_guibdown_player"[43] has been created using texture "mainmenu_2"[7], used videomem = 14876672
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "window_main"[8] has been loaded, used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_0"[44] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_1"[45] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_2"[46] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_3"[47] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_tile_0"[48] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_right_0"[49] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_left_0"[50] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_0"[51] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_1"[52] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_2"[53] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_3"[54] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_0"[55] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_1"[56] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_2"[57] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_3"[58] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_4"[59] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_0"[60] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_1"[61] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_2"[62] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_3"[63] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_0"[64] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_1"[65] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_2"[66] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_3"[67] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_down_0"[68] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_up_0"[69] has been created using texture "window_main"[8], used videomem = 15925248
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "controls1"[9] has been loaded, used videomem = 16187392
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "button_medium"[70] has been created using texture "controls1"[9], used videomem = 16187392
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "button_down_medium"[71] has been created using texture "controls1"[9], used videomem = 16187392
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "help"[10] has been loaded, used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_slider_mainmenu_1"[72] has been created using texture "help"[10], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_slider_mainmenu_point_1"[73] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_list_menu_left_1"[74] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_list_menu_left_down_1"[75] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_list_menu_right_1"[76] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_list_menu_right_down_1"[77] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_list_menu_back_1"[78] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "button_big"[79] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "button_down_big"[80] has been created using texture "controls1"[9], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "win_profiles_highlight"[81] has been created using texture "mainmenu_2"[7], used videomem = 17235968
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "controls2"[11] has been loaded, used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_edit_player_add"[82] has been created using texture "controls2"[11], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_edit_cursor_input"[83] has been created using texture "window_main"[8], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "avatar_np_male"[84] has been created using texture "mainmenu_2"[7], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "avatar_np_female"[85] has been created using texture "mainmenu_2"[7], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "avatar_np_ramka"[86] has been created using texture "mainmenu_2"[7], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "avatar_np_highlight"[87] has been created using texture "mainmenu_2"[7], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_edit_high"[88] has been created using texture "window_main"[8], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_edit_cursor_high"[89] has been created using texture "window_main"[8], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_element_1"[90] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_element_2"[91] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_timer"[92] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_potion"[93] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_back_3"[94] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_back_4_1"[95] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_back_4_2"[96] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_back_4_3"[97] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_back_1"[98] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_ind_1"[99] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_ind_2"[100] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_cursor"[101] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_back_2"[102] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wh_potions"[103] has been created using texture "help"[10], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_check_shorthelp_0"[104] has been created using texture "controls1"[9], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_check_down_shorthelp_0"[105] has been created using texture "controls1"[9], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_check_shorthelp_1"[106] has been created using texture "controls1"[9], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "gui_check_down_shorthelp_1"[107] has been created using texture "controls1"[9], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back"[108] has been created using texture "mainmenu_2"[7], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back_1"[109] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_4"[110] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_5"[111] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_6"[112] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_2"[113] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_1"[114] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_3"[115] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back_7"[116] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_7"[117] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_leafs_8"[118] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back_2"[119] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back_4"[120] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back_3"[121] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back_6"[122] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_back_5"[123] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_cloud"[124] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_stone_light"[125] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_stone_aura"[126] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_light"[127] has been created using texture "mainmenu_1"[6], used videomem = 17498112
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "flare"[12] has been loaded, used videomem = 17760256
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wisp_aura"[128] has been created using texture "flare"[12], used videomem = 17760256
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_wisp_1"[129] has been created using texture "mainmenu_1"[6], used videomem = 17760256
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_wisp_2"[130] has been created using texture "mainmenu_1"[6], used videomem = 17760256
{00:00:07:633} [ :) ] J_VID.VID_LoadTexture: texture "flare2"[13] has been loaded, used videomem = 18022400
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "wisp_aura2"[131] has been created using texture "flare2"[13], used videomem = 18022400
{00:00:07:633} [ :) ] J_VID.VID_LoadSprite: sprite "mm_wisp_3"[132] has been created using texture "mainmenu_1"[6], used videomem = 18022400
{00:00:11:607} [ :) ] J_VID.VID_DeleteSprite: sprite "intro_progress_bar"[22] has been deleted using texture "intro_progress"[4], used videomem = 18022400
{00:00:11:607} [ :) ] J_VID.VID_DeleteTexture: texture "intro_progress"[4] has been deleted, used videomem = 17956864
{00:00:11:607} [ :) ] J_VID.VID_DeleteSprite: sprite "intro_back"[21] has been deleted using texture "intro_back"[3], used videomem = 17956864
{00:00:11:607} [ :) ] J_VID.VID_DeleteTexture: texture "intro_back"[3] has been deleted, used videomem = 13762560
{00:00:11:607} [ :) ] J_VID.VID_LoadTexture: texture "fonts_3"[3] has been loaded, used videomem = 14811136
{00:00:11:607} [ :) ] J_VID.VID_LoadSprite: sprite "font_button_blue"[21] has been created using texture "fonts_3"[3], used videomem = 14811136
{00:00:11:607} [ :) ] J_VID.VID_LoadSprite: sprite "font_text_red"[22] has been created using texture "fonts_2"[5], used videomem = 14811136
{00:00:12:743} [ :) ] J_VID.VID_LoadSprite: sprite "font_text_white"[133] has been created using texture "fonts_3"[3], used videomem = 14811136
{00:00:13:389} [ :) ] J_VID.VID_LoadSprite: sprite "font_button_white"[134] has been created using texture "fonts_3"[3], used videomem = 14811136
{00:00:29:023} [ :) ] J_VID.VID_LoadSprite: sprite "wh_click"[135] has been created using texture "help"[10], used videomem = 14811136
{00:00:29:513} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_click"[135] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:31:311} [ :) ] J_VID.VID_LoadSprite: sprite "wh_click"[135] has been created using texture "help"[10], used videomem = 14811136
{00:00:31:807} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_click"[135] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_potion"[93] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_timer"[92] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_potions"[103] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_back_2"[102] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_cursor"[101] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_element_2"[91] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_element_1"[90] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_ind_2"[100] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_ind_1"[99] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_back_1"[98] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_back_4_3"[97] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_back_4_2"[96] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_back_4_1"[95] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wh_back_3"[94] has been deleted using texture "help"[10], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "avatar_np_highlight"[87] has been deleted using texture "mainmenu_2"[7], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "avatar_np_ramka"[86] has been deleted using texture "mainmenu_2"[7], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "avatar_np_female"[85] has been deleted using texture "mainmenu_2"[7], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "avatar_np_male"[84] has been deleted using texture "mainmenu_2"[7], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_profiles_highlight"[81] has been deleted using texture "mainmenu_2"[7], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_0"[44] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_1"[45] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_2"[46] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_3"[47] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_tile_0"[48] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_right_0"[49] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_left_0"[50] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_0"[51] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_1"[52] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_2"[53] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_3"[54] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_0"[55] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_1"[56] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_2"[57] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_3"[58] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_4"[59] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_0"[60] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_1"[61] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_2"[62] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_3"[63] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_0"[64] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_1"[65] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_2"[66] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_3"[67] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_down_0"[68] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_up_0"[69] has been deleted using texture "window_main"[8], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_wisp_3"[132] has been deleted using texture "mainmenu_1"[6], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wisp_aura2"[131] has been deleted using texture "flare2"[13], used videomem = 14811136
{00:00:32:867} [ :) ] J_VID.VID_DeleteTexture: texture "flare2"[13] has been deleted, used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_wisp_2"[130] has been deleted using texture "mainmenu_1"[6], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_wisp_1"[129] has been deleted using texture "mainmenu_1"[6], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "wisp_aura"[128] has been deleted using texture "flare"[12], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_DeleteTexture: texture "flare"[12] has been deleted, used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_light"[127] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_stone_aura"[126] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_stone_light"[125] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back_5"[123] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back_6"[122] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back_3"[121] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back_4"[120] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back_2"[119] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_8"[118] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_7"[117] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back_7"[116] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_3"[115] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_1"[114] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_2"[113] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_6"[112] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_5"[111] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_leafs_4"[110] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back_1"[109] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_cloud"[124] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_back"[108] has been deleted using texture "mainmenu_2"[7], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_window"[29] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_moonlight"[28] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_glow"[27] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_star"[26] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_moon"[25] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteSprite: sprite "mm_sun"[24] has been deleted using texture "mainmenu_1"[6], used videomem = 14286848
{00:00:32:867} [ :) ] J_VID.VID_DeleteTexture: texture "mainmenu_1"[6] has been deleted, used videomem = 10092544
{00:00:32:867} [ :) ] J_VID.VID_LoadTexture: texture "controls3"[4] has been loaded, used videomem = 10354688
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "comics_button_next"[24] has been created using texture "controls3"[4], used videomem = 10354688
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "comics_button_next_down"[25] has been created using texture "controls3"[4], used videomem = 10354688
{00:00:32:867} [ :) ] J_VID.VID_LoadTexture: texture "comics_f_1"[6] has been loaded, used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "comics_1f"[26] has been created using texture "comics_f_1"[6], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_0"[27] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_1"[28] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_2"[29] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftdown_3"[44] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_tile_0"[45] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_right_0"[46] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_left_0"[47] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_0"[48] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_1"[49] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_2"[50] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightdown_3"[51] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_0"[52] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_1"[53] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_2"[54] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_3"[55] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_other_4"[56] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_0"[57] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_1"[58] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_2"[59] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_rightup_3"[60] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_0"[61] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_1"[62] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_2"[63] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_leftup_3"[64] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_down_0"[65] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:32:867} [ :) ] J_VID.VID_LoadSprite: sprite "win_main_up_0"[66] has been created using texture "window_main"[8], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "comics_1f"[26] has been deleted using texture "comics_f_1"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_DeleteTexture: texture "comics_f_1"[6] has been deleted, used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_0"[27] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_1"[28] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_2"[29] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftdown_3"[44] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_tile_0"[45] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_right_0"[46] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_left_0"[47] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_0"[48] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_1"[49] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_2"[50] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightdown_3"[51] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_0"[52] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_1"[53] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_2"[54] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_3"[55] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_other_4"[56] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_0"[57] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_1"[58] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_2"[59] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_rightup_3"[60] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_0"[61] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_1"[62] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_2"[63] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_leftup_3"[64] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_down_0"[65] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_DeleteSprite: sprite "win_main_up_0"[66] has been deleted using texture "window_main"[8], used videomem = 10354688
{00:00:35:502} [ :) ] J_VID.VID_LoadTexture: texture "interface"[6] has been loaded, used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_1"[26] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_1_active"[27] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_2"[28] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_2_active"[29] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_3"[44] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_3_active"[45] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_menu"[46] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_menu_active"[47] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_bonus"[48] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_bonus_active"[49] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_shuffle"[50] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_shuffle_active"[51] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_destroyer"[52] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_destroyer_active"[53] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_3"[54] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_3_active"[55] has been created using texture "interface"[6], used videomem = 14548992
{00:00:35:502} [ :) ] J_VID.VID_LoadTexture: texture "emerald"[12] has been loaded, used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "game_interface_coin"[56] has been created using texture "emerald"[12], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_1"[57] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_2"[58] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_3"[59] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_4"[60] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_5"[61] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_6"[62] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_7"[63] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_8"[64] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_9"[65] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "interface_10"[66] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "leaf_1"[67] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "leaf_3"[68] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "leaf_2"[69] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "leaf_4"[81] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "leaf_5"[84] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_shuffle_disabled"[85] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_destroyer_disabled"[86] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_3_disabled"[87] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_1_disabled"[90] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_2_disabled"[91] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "button_potion_3_disabled"[92] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "collected_bonus_light_1"[93] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "collected_bonus_light_2"[94] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "collected_bonus_appear_effect"[95] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_black"[96] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_done"[97] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_fill_0"[98] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_bright_0"[99] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_collect_0"[100] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_fill_1"[101] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_bright_1"[102] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_collect_1"[103] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_fill_2"[108] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_bright_2"[109] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_collect_2"[110] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_fill_3"[111] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_bright_3"[112] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_collect_3"[113] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_fill_4"[114] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_bright_4"[115] has been created using texture "interface"[6], used videomem = 14811136
{00:00:35:502} [ :) ] J_VID.VID_LoadSprite: sprite "task_indicator_collect_4"[116] has been created using texture "interface"[6], used videomem =

Lyonnais92 · Answer

Re,

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.

Redémarre en mode sans échec.

Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter. 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5).

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Documents and Settings\bureau\Mes documents\My Games\JaiboGames\MagicShop
C:\Program Files\orange\jeux\Balloon Express\Launch.exe 
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe 
C:\Program Files\orange\jeux\Cathys Caribbean Club\Launch.exe 
C:\Program Files\orange\jeux\Fashion Fits\Launch.exe 
C:\Program Files\DRDAISYPETVET.EXE-29970D56 
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\Program Files\orange\jeux\Balloon Express
C:\Program Files\Boonty\BoontyBox
C:\Program Files\orange\jeux\Cathys Caribbean Club 
C:\Program Files\orange\jeux\Fashion Fits 
C:\Program Files\MaxiMemo

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
Tu posteras  le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

Redémarre en mode normal

*Ccleaner (gratuit) 
Téléchargement : 
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto : 
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php 

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo ! 

¤ Lance CCleaner. 

Suppression des fichiers temporaires 

Va dans la section "Options" situé dans la marge gauche. Décoche Avancé. Retourne ensuite dans la section "Nettoyeur" 
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système) 
• Clique sur Analyse 
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois. 
• Une fois le scan terminé, clique sur Lancer le Nettoyage 

Suppression des incohérence du registre 

• Clique sur l'icône Erreurs situés dans la marge à gauche. 
• Puis clique sur Analyser les erreurs 
• Patiente pendant que CCleaner scan ton registre. 
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée. 
• Tu peux cliquer ensuite sur Corriger les erreurs. 

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement 

Remets un rapport Hijackthis

mariell47 · Answer

je poste le rapport,


C:\Documents and Settings\bureau\Mes documents\My Games\JaiboGames\MagicShop moved successfully.
C:\Program Files\orange\jeux\Balloon Express\Launch.exe moved successfully.
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe moved successfully.
C:\Program Files\orange\jeux\Cathys Caribbean Club\Launch.exe moved successfully.
C:\Program Files\orange\jeux\Fashion Fits\Launch.exe moved successfully.
File/Folder C:\Program Files\DRDAISYPETVET.EXE-29970D56 not found.
C:\Program Files\MaxiMemo\MaxiMemo.exe moved successfully.
C:\Program Files\orange\jeux\Balloon Express\omdata\images moved successfully.
C:\Program Files\orange\jeux\Balloon Express\omdata moved successfully.
C:\Program Files\orange\jeux\Balloon Express\Balloon Express moved successfully.
C:\Program Files\orange\jeux\Balloon Express moved successfully.
C:\Program Files\Boonty\BoontyBox\Temp moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins\Silver moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins\Dark moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins\Classic moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins moved successfully.
C:\Program Files\Boonty\BoontyBox\Medias moved successfully.
C:\Program Files\Boonty\BoontyBox\Languages moved successfully.
C:\Program Files\Boonty\BoontyBox\Html moved successfully.
C:\Program Files\Boonty\BoontyBox\Data moved successfully.
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell moved successfully.
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell moved successfully.
C:\Program Files\Boonty\BoontyBox\CsaFiles moved successfully.
C:\Program Files\Boonty\BoontyBox moved successfully.
C:\Program Files\orange\jeux\Cathys Caribbean Club\omdata\images moved successfully.
C:\Program Files\orange\jeux\Cathys Caribbean Club\omdata moved successfully.
C:\Program Files\orange\jeux\Cathys Caribbean Club\3rdparty moved successfully.
C:\Program Files\orange\jeux\Cathys Caribbean Club moved successfully.
C:\Program Files\orange\jeux\Fashion Fits\omdata\images moved successfully.
C:\Program Files\orange\jeux\Fashion Fits\omdata moved successfully.
C:\Program Files\orange\jeux\Fashion Fits moved successfully.
C:\Program Files\MaxiMemo moved successfully.
 
Created on 12/20/2007 16:36:55

Lyonnais92 · Answer

Re,

tu as fait passer ccleaner ?

Un problème pour pet machin, j'ai inventé le nom et j'ai eu tout faux. il faudrait que tu me le redonnes;

Est ce que quelque chose de nouveau dysfonctionne depuis ces suppressions ?

Pour Orange, que voudrais tu ? On peut très bien fonctionner sans le package orange (y compris sous Firefox) tout en ayant accès au site de orange et à ses fonctionalités.

Pour IE, fais ça :

Ouvre ce lien, télécharge zeb-restore, installe le et exécute le (toutes les possibilités).

Du mieux ?

mariell47 · Answer

je poste hijackthis aprés avoir fais cclaener :
pour orange, le problème c'est que je ne peut plus accéder à mes fonction de jeux où ma fille est abonnée, c'est pas grave je verrais avec eux, en plus je trouve pas firefox aussi bien qu'explorer, enfin j'ai pas l'habitude. Je redemarre et je vois ce qui cloche, mais je crois que ça va mieux, je reviens.................


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:35, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TWINTO~1\MouseElf.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\TwinTouch LuxeMate\EMouse.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3e2893a619834314a31bc6f32058cea4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3e2893a619834314a31bc6f32058cea4
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.119.254:12500/activex/AxisCamControl.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Documents and Settings\bureau\Local Settings\Application Data\Oberon Media\Oberon Games Host\swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameShell/online/fr/chuzzle/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE0759A-D5F0-4132-8699-0E45057EF6E7}: NameServer = 192.168.1.1,80.10.246.2
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

mariell47 · Answer

SSSSSSSSSSSUUUUUUUUUUUUPPPPPPPPPPEEEEEEEEEERRRRRRRRRRRR

MERCI, le navigateur orange fonctionne, je n'ai plus de virus, les jeux sont supprimés (en dehors de Dr daisy pet vet), j'ai juste IE qui ne fonctionne plus mais quand meme c'est vraiment mieux!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

mariell47 · Answer

le lien que tu m'as donné pour IE ne marche pas peus tu me le redonner ?

Lyonnais92 · Answer

Re,

voila le lien (resté dans la souris) :

http://telechargement.zebulon.fr/zeb-restore.html

redonne moi le nom pour Dr DaisY ....

mariell47 · Answer

j'ai téléchargé "zeb" mais IE ne fonctionne toujours pas (impossibled'afficher la page), c'est bizard lorsque j'avais installé "avast", il marchait et plus rien depuis que je l'ai désinstallé. Peut il y avoir un conflit avec les autres navigateurs ?

voila le fichier texte que j'ai trouvé pour le jeux qui pose probleme DR. daisy pet vet :

Sat Dec 15 13:43:12 2007: Dr. Daisy Pet Vet, version 1.0.0.0.
Sat Dec 15 13:43:12 2007:  ##### : Missing string for label 'app_title'
Sat Dec 15 13:43:14 2007: Created screen at 32 bpp.
Sat Dec 15 13:43:19 2007: Device identifier:  
  Driver: 'SiSGRV.dll'
  Description: 'SiS 651_661FX_741_760_760GX_M661FX_M661MX_M741_M760_M760GX'
  Version: 0:0
  Vendor ID: 1039 (4153)
  Device ID: 6330 (25392)
  SubSys:  : e0121631 (-535685583)
  Revision:  0 (0)
  GUID:      d7b71ed9:11cf2070:c0127581:35cdc2af

Sat Dec 15 13:43:20 2007:  ##### : Missing string for label 'app_title'

et cà c'est le nom d'une page apparement :

DRDAISYPETVET.EXE-29970D56

Lyonnais92 · Answer

Re

clic droit sur démarrer, rechercher.

Tu cherches : DRDAISYPETVET.* sur tout le poste de travail et tu me donnes le nom complet.

Pour internet explorer, vérifie que ton parefeu l'autorise à aller sur le Net.

mariell47 · Answer

re coucou,

la fonction rechercher ne fonctionne pas dans le menu demarrer j'utilise la fenetre poste de travail pour obtenir la recherche,
le nom complet est  Dr Daisy Pet Vet mais je n'est pas de fichier exe, j'ai 6 fichiers, pour obtenir ces infos je fais un clic droit et propriete :

1/ Dr Daisy Pet Vet            dans                 C:\Program Files\BoontyGames
2/drdaisypetvet                  dans               C:\Program Files\BoontyGames
3/DRDAISYPETVET.EXE-29970D56     dans            C:\WINDOWS\Prefetch
4/"C:\Documents and Settings\bureau\Application Data\PlayFirst\Dr. Daisy Pet Vet"
5/Dr. Daisy Pet Vet                 dans          C:\Documents and Settings\All Users\Application D
6/ Dr. Daisy Pet Vet          dans               C:\Documents and Settings\bureau\Application Data\PlayFirst


je verifie mon pare feu, si j'arrive à le trouver..........

mariell47 · Answer

j'ai été dans le pare feu Windows, j'ai ajouter le fichier IEXPLORE dans les exeption mais rien ne se passe, la page ne s'affiche pas.
ensuite, j'ai désactivé le pare feu windows mais le résultat est le meme !
En ce qui concerne mon anti virus, Kapersky, je comprend pas trop les configuration et fonctions, alors je n'ose pas touché, le niveau de protection est réglé en mode "recommandé par Lab"

mariell47 · Answer

j'ai a nouveau supprimé un cheval de troie, comment se fait il que j'en ai autant qui arrivent ?

supprimé : cheval de Troie Trojan.Win32.BHO.abo	Le fichier: C:\Program Files\Trend Micro\HijackThis\backups\backup-20071218-142642-377.dll/PE_Patch.UPX/UPX

Lyonnais92 · Answer

Bonjour,

désolé, pbs de connexion

Le dernier cheval de troie, c'est un backup.

No souci.

Pour le parefeu, laisse désactivé celui de Windows.

c'est dans Kaspersky que tu as un parefeu, mais je ne connais pas l'interface.

Il faut que tu ailles voir (juster voir, rien modifier).

Tu peux faire la liste des dysfonctionnementss (Internet explorer, ..)

Tu es configurée comment (pour Internet ) : une box, un routeur, un modem, ...

mariell47 · Answer

Je te remercie pour ton aide, je pense que les problemes avec IE sont liés à kapersky, je vais régler le probleme avec le service client, je te souhaite de bonnes fêtes et encore milles mercis. Mary

Lyonnais92 · Answer

Re,

bonnes fêtes à toi aussi.

De rien pour l'aide.

N'hésite pas si nécessaire (mais ça risque d'attendre jeudi).

Si tu as une urgence, ouvre un nouveau post (gros risque que personne ne vienen voir celui-ci).t.

poupouss · Answer

Bravo a toi Lyonnais92!!

Lyonnais92 · Answer

Bonjour,

merci.

Trojan.win32.BHO.abo

65 réponses

Discussions similaires