Virus je pense car ordi tres lent
Fermé
svignan
Messages postés
51
Date d'inscription
mercredi 8 octobre 2008
Statut
Membre
Dernière intervention
12 avril 2012
-
20 mars 2009 à 14:19
svignan Messages postés 51 Date d'inscription mercredi 8 octobre 2008 Statut Membre Dernière intervention 12 avril 2012 - 3 déc. 2009 à 14:09
svignan Messages postés 51 Date d'inscription mercredi 8 octobre 2008 Statut Membre Dernière intervention 12 avril 2012 - 3 déc. 2009 à 14:09
A voir également:
- Virus je pense car ordi tres lent
- Pc tres lent - Guide
- Comment reinitialiser un ordi - Guide
- Mon mac est lent comment le nettoyer - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Youtu.be virus - Accueil - Guide virus
7 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mars 2009 à 14:25
20 mars 2009 à 14:25
Salut,
--> Désinstalle EoEngine.
● Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
● Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
● Au menu principal, choisis l'option A.
● Poste le rapport généré (C:\Ad-report(date).log).
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
--> Désinstalle EoEngine.
● Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
● Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
● Au menu principal, choisis l'option A.
● Poste le rapport généré (C:\Ad-report(date).log).
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mars 2009 à 14:53
20 mars 2009 à 14:53
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
● Coche "A" à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG
● Puis choisis S, le programme va travailler.
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\
● Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
● Coche "A" à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG
● Puis choisis S, le programme va travailler.
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\
voici le rapport
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:07:10 | Ven 20/03/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: SN104682350313 | USER: BEST ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 49 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
/!\ NOT DELETED -"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
/!\ NOT DELETED - [20/03/2009 14:31|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo
/!\ NOT DELETED - [20/03/2009 15:07|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1
/!\ NOT DELETED - [09/12/2008 10:13|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA~2.EXE
/!\ NOT DELETED - [15/03/2009 18:22|--a------] C:\WINDOWS\Prefetch\EOENGI~1.PF
[20/03/2009 14:31|--a------] D:\DOCUME~1\BESTSN~1.007\Cookies\BEST@E~1.TXT
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
.
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ *************
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
Second run ...
DELETED ! - ""HKEY_CURRENT_USER\SOFTWARE\EoRezo""
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate"
"D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe"
"C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf"
Second run ...
RESIST ! - "D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate"
RESIST ! - "D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe"
RESIST ! - "C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\9q52pmhu.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.7 ~~~~
+--+ +--+ +--+ +--+
.
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
Neuf Media Center REG_SZ "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
+--[HKEY_LOCAL_MACHINE\..\Run]
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan REG_SZ SOUNDMAN.EXE
ATIPTA REG_SZ "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
Ulead AutoDetector v2 REG_SZ C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
snpstd3 REG_SZ C:\WINDOWS\vsnpstd3.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PAC7302_Monitor REG_SZ C:\WINDOWS\PixArt\PAC7302\Monitor.exe
SoftwareHelper REG_SZ D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-12.02.2009.log" (~5497 bytes)
- "C:\AD-report-Clean-20.03.2009.log" (~6532 bytes)
- "C:\AD-report-Clean-30.12.2008.log" (~5550 bytes)
- "C:\AD-report-Scan-12.02.2009.log" (~5047 bytes)
- "C:\AD-report-Scan-20.03.2009.log" (~7740 bytes)
- "C:\AD-report-Scan-30.12.2008.log" (~5432 bytes)
# END at: 15:08:46 | 20/03/2009 - Time elapsed: 96.2 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 134 lines ]
+---------------------------------------------------------------------------+
merci
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:07:10 | Ven 20/03/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: SN104682350313 | USER: BEST ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 49 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
/!\ NOT DELETED -"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
/!\ NOT DELETED - [20/03/2009 14:31|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo
/!\ NOT DELETED - [20/03/2009 15:07|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1
/!\ NOT DELETED - [09/12/2008 10:13|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA~2.EXE
/!\ NOT DELETED - [15/03/2009 18:22|--a------] C:\WINDOWS\Prefetch\EOENGI~1.PF
[20/03/2009 14:31|--a------] D:\DOCUME~1\BESTSN~1.007\Cookies\BEST@E~1.TXT
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
.
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ *************
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
Second run ...
DELETED ! - ""HKEY_CURRENT_USER\SOFTWARE\EoRezo""
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate"
"D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe"
"C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf"
Second run ...
RESIST ! - "D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate"
RESIST ! - "D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe"
RESIST ! - "C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\9q52pmhu.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.7 ~~~~
+--+ +--+ +--+ +--+
.
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
Neuf Media Center REG_SZ "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
+--[HKEY_LOCAL_MACHINE\..\Run]
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan REG_SZ SOUNDMAN.EXE
ATIPTA REG_SZ "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
Ulead AutoDetector v2 REG_SZ C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
snpstd3 REG_SZ C:\WINDOWS\vsnpstd3.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PAC7302_Monitor REG_SZ C:\WINDOWS\PixArt\PAC7302\Monitor.exe
SoftwareHelper REG_SZ D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-12.02.2009.log" (~5497 bytes)
- "C:\AD-report-Clean-20.03.2009.log" (~6532 bytes)
- "C:\AD-report-Clean-30.12.2008.log" (~5550 bytes)
- "C:\AD-report-Scan-12.02.2009.log" (~5047 bytes)
- "C:\AD-report-Scan-20.03.2009.log" (~7740 bytes)
- "C:\AD-report-Scan-30.12.2008.log" (~5432 bytes)
# END at: 15:08:46 | 20/03/2009 - Time elapsed: 96.2 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 134 lines ]
+---------------------------------------------------------------------------+
merci
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mars 2009 à 15:52
20 mars 2009 à 15:52
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
voici le log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by BEST at 2009-03-20 15:56:30
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 24 GB (63%) free of 39 GB
Total RAM: 959 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:42, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\BEST.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SoftwareHelper] D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; .NET CLR 2.0.50727; .NET CLR 1.1.4322)" -"http://www8.agame.com/..."
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://fr.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by BEST at 2009-03-20 15:56:30
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 24 GB (63%) free of 39 GB
Total RAM: 959 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:42, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\BEST.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SoftwareHelper] D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; .NET CLR 2.0.50727; .NET CLR 1.1.4322)" -"http://www8.agame.com/..."
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://fr.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mars 2009 à 16:19
20 mars 2009 à 16:19
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\WINDOWS\system32\f71e05e8-.txt
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo
C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf
:commands
[purity]
[emptytemp]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\WINDOWS\system32\f71e05e8-.txt
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo
C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf
:commands
[purity]
[emptytemp]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\f71e05e8-.txt moved successfully.
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate moved successfully.
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo moved successfully.
C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf moved successfully.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\50cc[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\81751-debrider-derbi-2008-a[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\profile[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\redirectiframe[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\tpp[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\SB65KDIB\10[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\SB65KDIB\profile[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\SB65KDIB\profile[2].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\blank[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\eutcode[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\history_manager[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\history_manager[4].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\01[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\CAGB6XK7.com scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\CAIRST6N.com scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\CAP1PNQU.com scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\FT01_fr-fr_R10[1].cab scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\InboxLight[1].aspx scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\profile[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\search[1] scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF44AF.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF44C3.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF528E.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF52CE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03202009_170626
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\f71e05e8-.txt moved successfully.
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo\SoftwareUpdate moved successfully.
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\EoRezo moved successfully.
C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf moved successfully.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\50cc[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\81751-debrider-derbi-2008-a[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\profile[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\redirectiframe[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WNA1IJ2N\tpp[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\SB65KDIB\10[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\SB65KDIB\profile[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\SB65KDIB\profile[2].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\blank[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\eutcode[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\history_manager[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\history_manager[4].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QTU1W1U3\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\01[1].htm scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\CAGB6XK7.com scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\CAIRST6N.com scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\CAP1PNQU.com scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\FT01_fr-fr_R10[1].cab scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\InboxLight[1].aspx scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\profile[1].php scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\E1GZS1IH\search[1] scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF44AF.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF44C3.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF528E.tmp scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\BESTSN~1.007\LOCALS~1\Temp\~DF52CE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03202009_170626
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mars 2009 à 19:10
20 mars 2009 à 19:10
Ton PC va mieux ?
svignan
Messages postés
51
Date d'inscription
mercredi 8 octobre 2008
Statut
Membre
Dernière intervention
12 avril 2012
3 déc. 2009 à 14:09
3 déc. 2009 à 14:09
bonjour voici un rapport hijack pouvez vous me dire si j'ai un virus ou pas car mon ordi ne demarre pas du premier coup et est tres lent merci d'vance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:29, on 03/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\6QMDPIPA\HiJackThis[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\ie_banner_deny.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\MICROA~1\SCURIT~1\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Securite Internet 2009 (AVP) - Micro Application - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:29, on 03/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\6QMDPIPA\HiJackThis[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\ie_banner_deny.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\MICROA~1\SCURIT~1\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Securite Internet 2009 (AVP) - Micro Application - C:\Program Files\Micro Application\Sécurité Internet 2009 Edition 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
20 mars 2009 à 14:52
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
# START at: 14:50:34 | Ven 20/03/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: SN104682350313 | USER: BEST ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 48 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[20/03/2009 14:31|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo
[20/03/2009 14:31|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\cache
[14/02/2009 20:39|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\cmhost.cyp
[20/03/2009 13:37|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\CONFME~1.CYP
[24/02/2009 09:18|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\db
[20/03/2009 13:37|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\EODESK~1
[20/03/2009 14:22|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\eoStats
[14/02/2009 20:39|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\host.cyp
[20/03/2009 14:40|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1
[20/03/2009 14:31|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\user.cyp
[24/02/2009 09:18|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\db\cat.cyp
[20/03/2009 13:37|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\EODESK~1\config.xml
[20/03/2009 13:37|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[20/03/2009 13:37|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[20/03/2009 14:30|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\eoStats\eoStats.txt
[24/02/2009 18:20|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\Download
[24/02/2009 18:20|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\Software
[09/12/2008 10:12|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA~1.EXE
[09/12/2008 10:13|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA~2.EXE
[14/02/2009 20:38|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\unins000.dat
[14/02/2009 20:38|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\unins000.exe
[20/03/2009 14:40|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\USER_C~1.CYP
[14/02/2009 20:41|--a------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\USER_P~1.CYP
[24/02/2009 18:20|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\Software\eoengine
[24/02/2009 19:19|d--------] D:\DOCUME~1\BESTSN~1.007\APPLIC~1\EoRezo\SOFTWA~1\Software\eoengine\910~1.0
[15/03/2009 18:22|--a------] C:\WINDOWS\Prefetch\EOENGI~1.PF
[20/03/2009 14:31|--a------] D:\DOCUME~1\BESTSN~1.007\Cookies\BEST@E~1.TXT
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
.
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\9q52pmhu.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.7 ~~~~
+--+ +--+ +--+ +--+
.
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
Neuf Media Center REG_SZ "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
+--[HKEY_LOCAL_MACHINE\..\Run]
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan REG_SZ SOUNDMAN.EXE
ATIPTA REG_SZ "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
Ulead AutoDetector v2 REG_SZ C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
snpstd3 REG_SZ C:\WINDOWS\vsnpstd3.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PAC7302_Monitor REG_SZ C:\WINDOWS\PixArt\PAC7302\Monitor.exe
EoEngine REG_SZ
SoftwareHelper REG_SZ D:\Documents and Settings\BEST.SN104682350313.007\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.neufportail.fr/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-12.02.2009.log" (~5497 bytes)
- "C:\AD-report-Clean-30.12.2008.log" (~5550 bytes)
- "C:\AD-report-Scan-12.02.2009.log" (~5047 bytes)
- "C:\AD-report-Scan-20.03.2009.log" (~7351 bytes)
- "C:\AD-report-Scan-30.12.2008.log" (~5432 bytes)
# END at: 14:50:54 | 20/03/2009 - Time elapsed: 19.8 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 133 lines ]
+---------------------------------------------------------------------------+
merci