Sujet Précédent Sujet Suivant

Publicité

Résolu/Fermé
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 - 23 juil. 2009 à 00:11
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 - 24 juil. 2009 à 14:50
Bonjour,
depuis un ou deux mois, des fenetres de site de pub pour des logiciels ou des publicités s'ouvrent de temps en temps . Je ne sais pas d'ou cela vient ni comment m'en défaire????
Merci d'avance

10 réponses

Réponse 1 / 10
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
23 juil. 2009 à 00:15
Bonjour,

Ton PC est sûrement infecté.

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 1
23 juil. 2009 à 00:50
salut Destrio5,
merci pour l'aide je vais l'essaye mais j'ai une analyse Norton en cours. Je viens d'essayer Navilog1 et ca n'as p éradique mon pb..............
A+
0
Réponse 2 / 10
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 1
23 juil. 2009 à 01:03
Et re,alors la je dois etre fin nul mais comment poster le fchiers sur le forum???????????
Désolé
0
Réponse 3 / 10
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
23 juil. 2009 à 01:17
Par copier-coller.
0
Réponse 4 / 10
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 1
23 juil. 2009 à 01:20
Ben j'y avais pas penser, Merci et voila les résultats:
info.doc
info.txt logfile of random's system information tool 1.06 2009-07-23 00:54:45

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly
-->"c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Amazon MP3 Downloader 1.0.5-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Codec-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03146A27-65BB-48E6-9B3E-E071D3E9EC0B}\Setup.exe" -l0x9
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bookworm Deluxe-->"C:\Program Files\eMachines GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\eMachines GameZone\Bookworm Deluxe\install.log"
Bricks of Egypt-->"C:\Program Files\eMachines GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\eMachines GameZone\Bricks of Egypt\install.log"
Build-a-lot-->"C:\Program Files\eMachines GameZone\Build-a-lot\Uninstall.exe" "C:\Program Files\eMachines GameZone\Build-a-lot\install.log"
Cake Mania-->"C:\Program Files\eMachines GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\eMachines GameZone\Cake Mania\install.log"
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Chuzzle-->"C:\Program Files\eMachines GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\eMachines GameZone\Chuzzle\install.log"
CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE
Diner Dash-->"C:\Program Files\eMachines GameZone\Diner Dash\Uninstall.exe" "C:\Program Files\eMachines GameZone\Diner Dash\install.log"
Dream Day First Home-->"C:\Program Files\eMachines GameZone\Dream Day First Home\Uninstall.exe" "C:\Program Files\eMachines GameZone\Dream Day First Home\install.log"
eMachines Recovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly
eMachines ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
eMachines-->"C:\Program Files\Oberon Media\eMachines\Uninstall.exe" "C:\Program Files\Oberon Media\eMachines\install.log"
eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe"
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Farm Frenzy-->"C:\Program Files\eMachines GameZone\Farm Frenzy\Uninstall.exe" "C:\Program Files\eMachines GameZone\Farm Frenzy\install.log"
ffdshow [rev 1058+] [2007-03-22]-->"C:\Program Files\ffdshow\unins000.exe"
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Full Pack Office-->C:\Program Files\Full Pack Office\uninst.exe
Galapago-->"C:\Program Files\eMachines GameZone\Galapago\Uninstall.exe" "C:\Program Files\eMachines GameZone\Galapago\install.log"
GalaPlayer-->C:\Program Files\GalaPlayer\uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.37\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LeTraducteur-->C:\Windows\ST4UNST.EXE -n "C:\Language\Fran-Ang.5-2\ST4UNST.LOG"
LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logiciel Kodak EasyShare-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140002_734876\Setup.exe /APR-REMOVE
Luxor-->"C:\Program Files\eMachines GameZone\Luxor\Uninstall.exe" "C:\Program Files\eMachines GameZone\Luxor\install.log"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
MobileMe Control Panel-->MsiExec.exe /I{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Huntsville-->"C:\Program Files\eMachines GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\eMachines GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\eMachines GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\eMachines GameZone\Mystery Solitaire - Secret Island\install.log"
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-A098-TC9C-CZPE-8HE4-T757-014K-1C1T"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
P2P_Max_France Toolbar-->C:\PROGRA~1\P2P_MA~1\UNWISE.EXE /U C:\PROGRA~1\P2P_MA~1\INSTALL.LOG
P2Pcontrol 1.0-->C:\Program Files\P2Pcontrol\uninst.exe
Pepakura Designer 3-->"C:\Program Files\tamasoftware\pepakura3en\designer\epuninst.exe" /s
Pepakura Viewer 3-->"C:\Program Files\tamasoftware\pepakura3en\viewer\epuninst.exe" /s
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x40c anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SoftwareUpdate 1.0-->"C:\Users\Christophe\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
VirginMega DownloadManager-->"C:\Program Files\VirginMega\DownloadManager\Uninstall.exe" "C:\Program Files\VirginMega\DownloadManager\install.log"
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Zuma Deluxe-->"C:\Program Files\eMachines GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\eMachines GameZone\Zuma Deluxe\install.log"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-Chris
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 61107
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090722213057.163758-000
Event Type: Erreur
User:

Computer Name: PC-de-Chris
Event Code: 10010
Message: Le serveur {C2BFE331-6739-4270-86C9-493D9A04CD38} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 61229
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090722223654.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Chris
Event Code: 10002
Message: Le module d’extensibilité WLAN s’est arrêté.

Chemin d’accès du module : C:\Windows\System32\bcmihvsrv.dll

Record Number: 61246
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090722223709.458600-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Chris
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 61247
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090722223710.535000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Chris
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 61257
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090722223813.023969-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Chris
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksCal.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 18766
Source Name: SideBySide
Time Written: 20090722224331.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Chris
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 18767
Source Name: SideBySide
Time Written: 20090722224332.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Chris
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 18768
Source Name: SideBySide
Time Written: 20090722224332.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Chris
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 18769
Source Name: SideBySide
Time Written: 20090722224332.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Chris
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 18770
Source Name: SideBySide
Time Written: 20090722224332.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Chris
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13944
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090722225435.242169-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Chris
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13945
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090722225435.273369-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Chris
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13946
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090722225435.304569-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Chris
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13947
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090722225435.335769-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Chris
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13948
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090722225435.351369-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
log.doc
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-07-23 00:53:45
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 61 GB (43%) free of 142 GB
Total RAM: 1977 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:37, on 23/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Christophe\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\P2Pcontrol\p2control.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Christophe\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Users\Christophe\Desktop\RSIT.exe
C:\Program Files\trend micro\Christophe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer-group.com/selection.html?b=ACEW&l=040c&s=2&o=vb32&d=1108&m=e520
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P_.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P_.dll
O3 - Toolbar: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P_.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [P2Pcontrol] C:\Program Files\P2Pcontrol\p2control.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Christophe\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [ReminderCommander] C:\Program Files\Reminder Commander\ReminderCommander.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Lyad Messenger] C:\Program Files\Lyad Messenger\Lyad Messenger.exe -autostart
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S954D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [wayclock] "C:\ProgramData\Platformbonebone.z9quvn"
O4 - HKCU\..\Run: [Long Internet Team Stupid] "C:\ProgramData\Second poke dead.advp1c"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Christophe\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.807.15159 (GoogleDesktopManager-071508-051939) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9b627a36447a2) (gupdate1c9b627a36447a2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
23 juil. 2009 à 01:32
--> Désactive l'UAC le temps de la désinfection.

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).
0
chris57000
23 juil. 2009 à 01:51
ok voila le rappor lopR.txt

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU 575 @ 2.00GHz )
BIOS : InsydeH2O Version V1.06
USER : Christophe ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:59 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/07/2009| 1:40 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[22/02/2009|18:21] C:\Users\CHRIST~1\AppData\Local\Adobe
[25/04/2009|19:00] C:\Users\CHRIST~1\AppData\Local\Apple
[22/07/2009|11:34] C:\Users\CHRIST~1\AppData\Local\Apple Computer
[19/02/2009|16:39] C:\Users\CHRIST~1\AppData\Local\Application Data
[19/02/2009|18:17] C:\Users\CHRIST~1\AppData\Local\ArcSoft
[22/07/2009|18:10] C:\Users\CHRIST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[04/07/2009|09:58] C:\Users\CHRIST~1\AppData\Local\eMule
[06/06/2009|21:23] C:\Users\CHRIST~1\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\CHRIST~1\AppData\Local\gnc.exe
[25/04/2009|16:32] C:\Users\CHRIST~1\AppData\Local\Google
[19/02/2009|16:39] C:\Users\CHRIST~1\AppData\Local\Historique
[23/07/2009|01:34] C:\Users\CHRIST~1\AppData\Local\IconCache.db
[08/03/2009|19:15] C:\Users\CHRIST~1\AppData\Local\KodakGallery
[23/07/2009|00:40] C:\Users\CHRIST~1\AppData\Local\Microsoft
[23/07/2009|01:39] C:\Users\CHRIST~1\AppData\Local\Temp
[19/02/2009|16:39] C:\Users\CHRIST~1\AppData\Local\Temporary Internet Files
[12/05/2009|20:27] C:\Users\CHRIST~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[23/07/2009 01:28][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[23/07/2009 01:37][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[23/07/2009 01:39][--a------] C:\Windows\tasks\Google Software Updater.job
[22/07/2009 22:51][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{329D2D8B-9982-4D52-985C-81EBFE366492}.job
[14/06/2009 14:46][--a------] C:\Windows\tasks\EasyShare Registration Task.job
[23/07/2009 01:36][--ah-----] C:\Windows\tasks\SA.DAT
[23/07/2009 01:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[21/02/2009|20:23] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/06/2009|16:41] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[28/08/2008|09:55] C:\ProgramData\Acer
[08/03/2009|19:51] C:\ProgramData\Adobe
[25/04/2009|19:00] C:\ProgramData\Apple
[12/06/2009|16:40] C:\ProgramData\Apple Computer
[19/02/2009|16:41] C:\ProgramData\Application Data
[19/02/2009|18:17] C:\ProgramData\ArcSoft
[17/07/2009|19:58] C:\ProgramData\baserdrlite
[19/02/2009|16:31] C:\ProgramData\Bureau
[01/07/2009|20:54] C:\ProgramData\comp two long internet
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[26/02/2009|19:19] C:\ProgramData\Downloaded Installations
[22/07/2009|23:52] C:\ProgramData\DriverCure
[04/07/2009|09:58] C:\ProgramData\eMule
[12/05/2009|19:56] C:\ProgramData\EPSON
[19/02/2009|16:31] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[28/08/2008|09:48] C:\ProgramData\FloodLightGames
[26/02/2009|20:45] C:\ProgramData\Google
[22/07/2009|20:23] C:\ProgramData\Google Updater
[08/03/2009|16:02] C:\ProgramData\Kodak
[04/07/2009|18:09] C:\ProgramData\LuUninstall.LiveUpdate
[19/02/2009|16:31] C:\ProgramData\Menu D‚marrer
[21/02/2009|22:50] C:\ProgramData\Microsoft
[12/06/2009|16:12] C:\ProgramData\Microsoft Help
[19/02/2009|16:31] C:\ProgramData\ModŠles
[30/06/2009|10:19] C:\ProgramData\Nero
[22/07/2009|14:10] C:\ProgramData\ParetoLogic
[01/07/2009|20:53] C:\ProgramData\Platformbonebone.8hme7
[01/07/2009|20:53] C:\ProgramData\Platformbonebone.dqeuw
[17/07/2009|19:58] C:\ProgramData\Platformbonebone.z9quvn
[27/02/2009|11:57] C:\ProgramData\Seagate
[01/07/2009|20:54] C:\ProgramData\Second poke dead.advp1c
[02/11/2006|14:59] C:\ProgramData\Start Menu
[06/04/2009|21:58] C:\ProgramData\SweetIM
[20/04/2009|19:03] C:\ProgramData\Symantec
[22/02/2009|11:38] C:\ProgramData\TEMP
[02/11/2006|14:59] C:\ProgramData\Templates
[17/04/2009|13:57] C:\ProgramData\tpfmon
[12/05/2009|20:03] C:\ProgramData\UDL
[09/04/2009|19:47] C:\ProgramData\WinZip

--------------------\\ Listing des dossiers dans C:\Program Files

[20/11/2008|13:35] C:\Program Files\Acer Incorporated
[08/03/2009|19:51] C:\Program Files\Adobe
[30/06/2009|06:26] C:\Program Files\Amazon
[20/11/2008|13:23] C:\Program Files\Apoint2K
[25/04/2009|19:00] C:\Program Files\Apple Software Update
[17/04/2009|13:56] C:\Program Files\Axmapresse
[12/06/2009|16:40] C:\Program Files\Bonjour
[22/07/2009|23:52] C:\Program Files\Common Files
[18/06/2009|00:04] C:\Program Files\Conduit
[19/02/2009|16:40] C:\Program Files\EMACHINES
[06/07/2009|17:47] C:\Program Files\eMachines GameZone
[23/07/2009|01:37] C:\Program Files\EoRezo
[12/05/2009|20:13] C:\Program Files\epson
[09/05/2009|12:26] C:\Program Files\ffdshow
[19/02/2009|16:31] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[21/02/2009|20:40] C:\Program Files\Full Pack Office
[01/07/2009|20:56] C:\Program Files\GalaPlayer
[22/05/2009|15:51] C:\Program Files\Google
[09/05/2009|12:26] C:\Program Files\Haali
[12/05/2009|20:10] C:\Program Files\InstallShield Installation Information
[28/08/2008|09:32] C:\Program Files\Intel
[12/06/2009|16:15] C:\Program Files\Internet Explorer
[20/11/2008|13:29] C:\Program Files\InterVideo
[22/07/2009|11:59] C:\Program Files\iPod
[22/07/2009|12:00] C:\Program Files\iTunes
[26/03/2009|20:17] C:\Program Files\Java
[06/06/2009|19:51] C:\Program Files\JRE
[08/03/2009|15:55] C:\Program Files\Kodak
[20/11/2008|13:21] C:\Program Files\Launch Manager
[18/06/2009|00:03] C:\Program Files\LimeWire
[21/02/2009|22:51] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[21/02/2009|21:49] C:\Program Files\Microsoft Office
[28/08/2008|10:14] C:\Program Files\Microsoft Office Suite Activation Assistant
[22/07/2009|23:30] C:\Program Files\Microsoft Silverlight
[21/02/2009|22:48] C:\Program Files\Microsoft SQL Server Compact Edition
[21/02/2009|22:50] C:\Program Files\Microsoft Sync Framework
[12/06/2009|16:13] C:\Program Files\Microsoft Works
[28/08/2008|10:09] C:\Program Files\Microsoft.NET
[21/01/2008|04:47] C:\Program Files\Movie Maker
[02/11/2006|14:35] C:\Program Files\MSBuild
[23/02/2009|11:39] C:\Program Files\MSXML 4.0
[23/07/2009|00:42] C:\Program Files\Navilog1
[30/06/2009|10:43] C:\Program Files\Nero
[28/08/2008|10:04] C:\Program Files\NewTech Infosystems
[16/04/2009|18:01] C:\Program Files\Norton 360
[28/08/2008|09:44] C:\Program Files\Oberon Media
[06/06/2009|19:57] C:\Program Files\OpenOffice.org 3
[18/06/2009|00:04] C:\Program Files\P2P_Max_France
[01/07/2009|20:57] C:\Program Files\P2Pcontrol
[12/06/2009|16:32] C:\Program Files\QuickTime
[10/05/2009|11:07] C:\Program Files\Real
[28/08/2008|09:42] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[22/07/2009|12:16] C:\Program Files\Safari
[23/02/2009|16:26] C:\Program Files\SFR
[29/06/2009|19:49] C:\Program Files\SweetIM
[25/02/2009|21:39] C:\Program Files\Symantec
[09/04/2009|19:52] C:\Program Files\tamasoftware
[23/07/2009|00:54] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[26/02/2009|19:39] C:\Program Files\VirginMega
[09/05/2009|12:26] C:\Program Files\Wendise Decoder Pack
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[21/02/2009|22:50] C:\Program Files\Windows Live
[21/02/2009|22:46] C:\Program Files\Windows Live SkyDrive
[28/08/2008|09:17] C:\Program Files\Windows Mail
[11/03/2009|17:56] C:\Program Files\Windows Media Player
[19/02/2009|16:31] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[10/05/2009|17:21] C:\Program Files\WinTV
[09/04/2009|19:41] C:\Program Files\WinZip
[18/05/2009|23:11] C:\Program Files\YesMessenger

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[08/03/2009|19:51] C:\Program Files\Common Files\Adobe
[22/07/2009|11:59] C:\Program Files\Common Files\Apple
[19/02/2009|18:17] C:\Program Files\Common Files\ArcSoft
[28/08/2008|10:10] C:\Program Files\Common Files\DESIGNER
[12/05/2009|20:06] C:\Program Files\Common Files\InstallShield
[20/11/2008|13:29] C:\Program Files\Common Files\InterVideo
[21/02/2009|21:44] C:\Program Files\Common Files\Java
[08/03/2009|15:53] C:\Program Files\Common Files\Kodak
[28/08/2008|10:04] C:\Program Files\Common Files\LightScribe
[21/02/2009|22:46] C:\Program Files\Common Files\microsoft shared
[08/03/2009|15:50] C:\Program Files\Common Files\MSSoap
[28/08/2008|10:02] C:\Program Files\Common Files\muvee Technologies
[30/06/2009|12:00] C:\Program Files\Common Files\Nero
[28/08/2008|09:44] C:\Program Files\Common Files\Oberon Media
[08/03/2009|15:52] C:\Program Files\Common Files\PX Storage Engine
[10/05/2009|11:08] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[25/02/2009|22:42] C:\Program Files\Common Files\Symantec Shared
[21/01/2008|04:47] C:\Program Files\Common Files\System
[21/02/2009|22:32] C:\Program Files\Common Files\Windows Live
[10/05/2009|11:08] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 82 Processes )

iexplore.exe ~ [PID:3980]
iexplore.exe ~ [PID:5236]
iexplore.exe ~ [PID:5448]
iexplore.exe ~ [PID:1652]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Platformbonebone.8hme7
C:\ProgramData\Platformbonebone.dqeuw
C:\ProgramData\Platformbonebone.z9quvn
C:\ProgramData\Second poke dead.advp1c
C:\ProgramData\BASERD~1
C:\ProgramData\BASERD~1\fxcheahp.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\comp two long internet
C:\ProgramData\comp two long internet\Body Real.dat
C:\ProgramData\comp two long internet\Body Real.exe
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer\GalaPlayer.lnk
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer\HomePage.lnk
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer\Uninstall.lnk
C:\Program Files\GalaPlayer
C:\Program Files\GalaPlayer\GalaPlayer.exe
C:\Program Files\GalaPlayer\GalaPlayer.url
C:\Program Files\GalaPlayer\skin.skf
C:\Program Files\GalaPlayer\SkinCrafterDll.dll
C:\Program Files\GalaPlayer\uninstall.exe
C:\Users\CHRIST~1\Desktop\GalaPlayer.lnk
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@go.galaplayer[1].txt
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@go.galaplayer[1].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oncekeepthunk]
"DisplayName"="CiD Help"
"UninstallString"="C:\\PROGRA~2\\BASERD~1\\balm memo heck.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wayclock"="\"C:\\ProgramData\\Platformbonebone.z9quvn\""
"Long Internet Team Stupid"="\"C:\\ProgramData\\Second poke dead.advp1c\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 01:41:21
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\CHRIST~1\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{97976C2D-711D-11DE-A3F6-001EEC5D1486}.dat 4608 bytes
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:409][D:197]-> C:\Users\CHRIST~1\AppData\Local\Temp
[F:1225][D:1]-> C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:367][D:15]-> C:\Users\CHRIST~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 23/07/2009| 1:46 - Option : [1]

--------------------\\ Fin du rapport a 1:46:17
[ UAC => 1 ]
0
Réponse 6 / 10
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
23 juil. 2009 à 01:52
--> Double-clique sur le raccourci de Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Choisis cette fois-ci l'option 2 (Suppression).

--> Ne ferme pas la fenêtre lors de la suppression !

--> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
chris57000
23 juil. 2009 à 02:02
OK et re

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU 575 @ 2.00GHz )
BIOS : InsydeH2O Version V1.06
USER : Christophe ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:58 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 23/07/2009| 1:55 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\comp two long internet\Body Real.dat
Supprime! - C:\ProgramData\comp two long internet\Body Real.exe
Supprime! - C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer\GalaPlayer.lnk
Supprime! - C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer\HomePage.lnk
Supprime! - C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer\Uninstall.lnk
Supprime! - C:\Program Files\GalaPlayer\GalaPlayer.exe
Supprime! - C:\Program Files\GalaPlayer\GalaPlayer.url
Supprime! - C:\Program Files\GalaPlayer\skin.skf
Supprime! - C:\Program Files\GalaPlayer\SkinCrafterDll.dll
Supprime! - C:\Program Files\GalaPlayer\uninstall.exe
Supprime! - C:\Users\CHRIST~1\Desktop\GalaPlayer.lnk
Supprime! - C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@go.galaplayer[1].txt
Supprime! - C:\ProgramData\Platformbonebone.8hme7
Supprime! - C:\ProgramData\Platformbonebone.dqeuw
Supprime! - C:\ProgramData\Platformbonebone.z9quvn
Supprime! - C:\ProgramData\Second poke dead.advp1c
Supprime! - C:\ProgramData\BASERD~1\fxcheahp.exe
Supprime! - C:\ProgramData\comp two long internet
Supprime! - C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\GalaPlayer
Supprime! - C:\Program Files\GalaPlayer
Supprime! - C:\ProgramData\BASERD~1
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[22/02/2009|18:21] C:\Users\CHRIST~1\AppData\Local\Adobe
[25/04/2009|19:00] C:\Users\CHRIST~1\AppData\Local\Apple
[22/07/2009|11:34] C:\Users\CHRIST~1\AppData\Local\Apple Computer
[19/02/2009|16:39] C:\Users\CHRIST~1\AppData\Local\Application Data
[19/02/2009|18:17] C:\Users\CHRIST~1\AppData\Local\ArcSoft
[22/07/2009|18:10] C:\Users\CHRIST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[04/07/2009|09:58] C:\Users\CHRIST~1\AppData\Local\eMule
[06/06/2009|21:23] C:\Users\CHRIST~1\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\CHRIST~1\AppData\Local\gnc.exe
[25/04/2009|16:32] C:\Users\CHRIST~1\AppData\Local\Google
[19/02/2009|16:39] C:\Users\CHRIST~1\AppData\Local\Historique
[23/07/2009|01:34] C:\Users\CHRIST~1\AppData\Local\IconCache.db
[08/03/2009|19:15] C:\Users\CHRIST~1\AppData\Local\KodakGallery
[23/07/2009|00:40] C:\Users\CHRIST~1\AppData\Local\Microsoft
[23/07/2009|01:55] C:\Users\CHRIST~1\AppData\Local\Temp
[19/02/2009|16:39] C:\Users\CHRIST~1\AppData\Local\Temporary Internet Files
[12/05/2009|20:27] C:\Users\CHRIST~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[23/07/2009 01:28][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[23/07/2009 01:37][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[23/07/2009 01:39][--a------] C:\Windows\tasks\Google Software Updater.job
[22/07/2009 22:51][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{329D2D8B-9982-4D52-985C-81EBFE366492}.job
[14/06/2009 14:46][--a------] C:\Windows\tasks\EasyShare Registration Task.job
[23/07/2009 01:36][--ah-----] C:\Windows\tasks\SA.DAT
[23/07/2009 01:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[21/02/2009|20:23] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/06/2009|16:41] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[28/08/2008|09:55] C:\ProgramData\Acer
[08/03/2009|19:51] C:\ProgramData\Adobe
[25/04/2009|19:00] C:\ProgramData\Apple
[12/06/2009|16:40] C:\ProgramData\Apple Computer
[19/02/2009|16:41] C:\ProgramData\Application Data
[19/02/2009|18:17] C:\ProgramData\ArcSoft
[19/02/2009|16:31] C:\ProgramData\Bureau
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[26/02/2009|19:19] C:\ProgramData\Downloaded Installations
[22/07/2009|23:52] C:\ProgramData\DriverCure
[04/07/2009|09:58] C:\ProgramData\eMule
[12/05/2009|19:56] C:\ProgramData\EPSON
[19/02/2009|16:31] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[28/08/2008|09:48] C:\ProgramData\FloodLightGames
[26/02/2009|20:45] C:\ProgramData\Google
[22/07/2009|20:23] C:\ProgramData\Google Updater
[08/03/2009|16:02] C:\ProgramData\Kodak
[04/07/2009|18:09] C:\ProgramData\LuUninstall.LiveUpdate
[19/02/2009|16:31] C:\ProgramData\Menu D‚marrer
[21/02/2009|22:50] C:\ProgramData\Microsoft
[12/06/2009|16:12] C:\ProgramData\Microsoft Help
[19/02/2009|16:31] C:\ProgramData\ModŠles
[30/06/2009|10:19] C:\ProgramData\Nero
[22/07/2009|14:10] C:\ProgramData\ParetoLogic
[27/02/2009|11:57] C:\ProgramData\Seagate
[02/11/2006|14:59] C:\ProgramData\Start Menu
[06/04/2009|21:58] C:\ProgramData\SweetIM
[20/04/2009|19:03] C:\ProgramData\Symantec
[22/02/2009|11:38] C:\ProgramData\TEMP
[02/11/2006|14:59] C:\ProgramData\Templates
[17/04/2009|13:57] C:\ProgramData\tpfmon
[12/05/2009|20:03] C:\ProgramData\UDL
[09/04/2009|19:47] C:\ProgramData\WinZip

--------------------\\ Listing des dossiers dans C:\Program Files

[20/11/2008|13:35] C:\Program Files\Acer Incorporated
[08/03/2009|19:51] C:\Program Files\Adobe
[30/06/2009|06:26] C:\Program Files\Amazon
[20/11/2008|13:23] C:\Program Files\Apoint2K
[25/04/2009|19:00] C:\Program Files\Apple Software Update
[17/04/2009|13:56] C:\Program Files\Axmapresse
[12/06/2009|16:40] C:\Program Files\Bonjour
[22/07/2009|23:52] C:\Program Files\Common Files
[18/06/2009|00:04] C:\Program Files\Conduit
[19/02/2009|16:40] C:\Program Files\EMACHINES
[06/07/2009|17:47] C:\Program Files\eMachines GameZone
[23/07/2009|01:37] C:\Program Files\EoRezo
[12/05/2009|20:13] C:\Program Files\epson
[09/05/2009|12:26] C:\Program Files\ffdshow
[19/02/2009|16:31] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[21/02/2009|20:40] C:\Program Files\Full Pack Office
[22/05/2009|15:51] C:\Program Files\Google
[09/05/2009|12:26] C:\Program Files\Haali
[12/05/2009|20:10] C:\Program Files\InstallShield Installation Information
[28/08/2008|09:32] C:\Program Files\Intel
[12/06/2009|16:15] C:\Program Files\Internet Explorer
[20/11/2008|13:29] C:\Program Files\InterVideo
[22/07/2009|11:59] C:\Program Files\iPod
[22/07/2009|12:00] C:\Program Files\iTunes
[26/03/2009|20:17] C:\Program Files\Java
[06/06/2009|19:51] C:\Program Files\JRE
[08/03/2009|15:55] C:\Program Files\Kodak
[20/11/2008|13:21] C:\Program Files\Launch Manager
[18/06/2009|00:03] C:\Program Files\LimeWire
[21/02/2009|22:51] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[21/02/2009|21:49] C:\Program Files\Microsoft Office
[28/08/2008|10:14] C:\Program Files\Microsoft Office Suite Activation Assistant
[22/07/2009|23:30] C:\Program Files\Microsoft Silverlight
[21/02/2009|22:48] C:\Program Files\Microsoft SQL Server Compact Edition
[21/02/2009|22:50] C:\Program Files\Microsoft Sync Framework
[12/06/2009|16:13] C:\Program Files\Microsoft Works
[28/08/2008|10:09] C:\Program Files\Microsoft.NET
[21/01/2008|04:47] C:\Program Files\Movie Maker
[02/11/2006|14:35] C:\Program Files\MSBuild
[23/02/2009|11:39] C:\Program Files\MSXML 4.0
[23/07/2009|00:42] C:\Program Files\Navilog1
[30/06/2009|10:43] C:\Program Files\Nero
[28/08/2008|10:04] C:\Program Files\NewTech Infosystems
[16/04/2009|18:01] C:\Program Files\Norton 360
[28/08/2008|09:44] C:\Program Files\Oberon Media
[06/06/2009|19:57] C:\Program Files\OpenOffice.org 3
[18/06/2009|00:04] C:\Program Files\P2P_Max_France
[01/07/2009|20:57] C:\Program Files\P2Pcontrol
[12/06/2009|16:32] C:\Program Files\QuickTime
[10/05/2009|11:07] C:\Program Files\Real
[28/08/2008|09:42] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[22/07/2009|12:16] C:\Program Files\Safari
[23/02/2009|16:26] C:\Program Files\SFR
[29/06/2009|19:49] C:\Program Files\SweetIM
[25/02/2009|21:39] C:\Program Files\Symantec
[09/04/2009|19:52] C:\Program Files\tamasoftware
[23/07/2009|00:54] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[26/02/2009|19:39] C:\Program Files\VirginMega
[09/05/2009|12:26] C:\Program Files\Wendise Decoder Pack
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[21/02/2009|22:50] C:\Program Files\Windows Live
[21/02/2009|22:46] C:\Program Files\Windows Live SkyDrive
[28/08/2008|09:17] C:\Program Files\Windows Mail
[11/03/2009|17:56] C:\Program Files\Windows Media Player
[19/02/2009|16:31] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[10/05/2009|17:21] C:\Program Files\WinTV
[09/04/2009|19:41] C:\Program Files\WinZip
[18/05/2009|23:11] C:\Program Files\YesMessenger

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[08/03/2009|19:51] C:\Program Files\Common Files\Adobe
[22/07/2009|11:59] C:\Program Files\Common Files\Apple
[19/02/2009|18:17] C:\Program Files\Common Files\ArcSoft
[28/08/2008|10:10] C:\Program Files\Common Files\DESIGNER
[12/05/2009|20:06] C:\Program Files\Common Files\InstallShield
[20/11/2008|13:29] C:\Program Files\Common Files\InterVideo
[21/02/2009|21:44] C:\Program Files\Common Files\Java
[08/03/2009|15:53] C:\Program Files\Common Files\Kodak
[28/08/2008|10:04] C:\Program Files\Common Files\LightScribe
[21/02/2009|22:46] C:\Program Files\Common Files\microsoft shared
[08/03/2009|15:50] C:\Program Files\Common Files\MSSoap
[28/08/2008|10:02] C:\Program Files\Common Files\muvee Technologies
[30/06/2009|12:00] C:\Program Files\Common Files\Nero
[28/08/2008|09:44] C:\Program Files\Common Files\Oberon Media
[08/03/2009|15:52] C:\Program Files\Common Files\PX Storage Engine
[10/05/2009|11:08] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[25/02/2009|22:42] C:\Program Files\Common Files\Symantec Shared
[21/01/2008|04:47] C:\Program Files\Common Files\System
[21/02/2009|22:32] C:\Program Files\Common Files\Windows Live
[10/05/2009|11:08] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 83 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 01:56:35
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:389][D:197]-> C:\Users\CHRIST~1\AppData\Local\Temp
[F:1234][D:1]-> C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:543][D:15]-> C:\Users\CHRIST~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 23/07/2009| 1:46 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/07/2009| 2:00 - Option : [2]

--------------------\\ Fin du rapport a 2:00:12
[ UAC => 1 ]

je pense que c'est bon?
0
Réponse 7 / 10
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
23 juil. 2009 à 02:09
Ne réinstalle pas GalaPlayer, c'est lui qui t'a installé l'infection Lop/Swizzor.

● Désinstalle eoEngine et SweetIM.

● Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\

● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
● Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
● Au menu principal, choisis l'option L.
● Poste le rapport généré (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
0
chris57000
23 juil. 2009 à 02:16
OK je vais continuer tes indications alors peut etre a+
Mille merci déjà
0
chris57000
23 juil. 2009 à 07:46
Bonjour Destrio5,
J'espere que la nuit fut bonne et encore merci pour les réponses.
voila le dernier rapport de Ad-Remover.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 2:24:45, 23/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Basic Service Pack 1 v6.0.6001
Nom du PC: PC-DE-CHRIS | Utilisateur actuel: Christophe
.
Administrateur: Administrateur *Desactive*
Administrateur: Christophe
N'est pas administrateur: Invité *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
/!\ NON SUPPRIMÉ - HKLM\Software\EoRezo
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
/!\ NON SUPPRIMÉ - HKLM\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-731700337-3581175911-564349719-1000\Software\Sweetim
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoweather
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
.
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\cache
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\db
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\eoDesktop
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\eoStats
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\host.cyp
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\towns.cfg
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\user.cyp
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\EoWeather.cfg
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_‚cran.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_‚cran.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\Download
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\help_config.cyp
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\Software
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.dat
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\user_config.cyp
C:\Users\CHRIST~1\AppData\Roaming\EoRezo\SoftwareUpdate\user_profil.cyp
C:\Users\CHRIST~1\AppData\Roaming\EoRezo
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-647FDB46.pf
C:\Windows\Prefetch\SWEETIESETUP.EXE-E085CFBB.pf
C:\Windows\Prefetch\SWEETIM.EXE-46801483.pf
C:\Windows\Prefetch\SWEETIMSETUP.EXE-E84D5D06.pf
C:\Windows\Prefetch\VISTACOOKIESCOLLECTOR.EXE-FEA8DAF7.pf
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@ads.eorezo[2].txt
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@dl.eorezo[1].txt
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@eorezo[1].txt
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\Low\christophe@eorezo[1].txt
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@mir1.eorezo[1].txt
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\Low\christophe@mir1.eorezo[1].txt
C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\Cookies\christophe@sweetim[1].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 8.0.6001.18783 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=040c&s=2&o=vb32&d=1108&m=e520
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://home.sweetim.com

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://y.lo.st

.
============== Processus Caches/Bloque ==============
.
PID: 1156 [LOCKED] audiodg.exe
.

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
13261 Octet(s) - C:\Ad-Report-CLEAN.log
.
376 Fichier(s) - C:\Users\CHRIST~1\AppData\Local\Temp
1 Fichier(s) - C:\Windows\Temp
.
19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
29 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 3:11:51 | 23/07/2009
.
============== E.O.F ==============
.
Merci pour la suite
0
Réponse 8 / 10
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
23 juil. 2009 à 15:37
--> Désinstalle Ad-Remover.

--> Refais un scan RSIT et poste le rapport log.
0
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 1
23 juil. 2009 à 16:05
Salut mon bon,
j'espere que la nuit fut bonne. aujourd'hui pour moi effectivement plus de pop up. merci et je continue tes indications.
J'ai désinstaller Ad Remover et voila le rapport log de RSit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-07-23 15:56:49
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 60 GB (42%) free of 142 GB
Total RAM: 1977 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:19, on 23/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\P2Pcontrol\p2control.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Christophe\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\conime.exe
C:\Users\Christophe\Desktop\RSIT.exe
C:\Program Files\trend micro\Christophe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer-group.com/selection.html?b=ACEW&l=040c&s=2&o=vb32&d=1108&m=e520
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P_.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P_.dll
O3 - Toolbar: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P_.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P2Pcontrol] C:\Program Files\P2Pcontrol\p2control.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ReminderCommander] C:\Program Files\Reminder Commander\ReminderCommander.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Lyad Messenger] C:\Program Files\Lyad Messenger\Lyad Messenger.exe -autostart
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S954D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Christophe\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.807.15159 (GoogleDesktopManager-071508-051939) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9b627a36447a2) (gupdate1c9b627a36447a2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
0
Réponse 9 / 10
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
23 juil. 2009 à 16:14
---> Désinstalle Java 6 Update 7 et Java 6 Update 13.

---> Mets à jour Java.

---> Mets à jour Adobe Reader.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 1
23 juil. 2009 à 20:25
ok voila le rapport:
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2487
Windows 6.0.6001 Service Pack 1

23/07/2009 20:08:14
mbam-log-2009-07-23 (20-08-14).txt

Type de recherche: Examen rapide
Eléments examinés: 81499
Temps écoulé: 13 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{6deee498-08cc-43f0-bca0-dbb5a25c9501} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{84c94803-b5ec-4491-b2be-7b113e013b77} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 10 / 10
chris57000 Messages postés 65 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 7 novembre 2017 1
24 juil. 2009 à 14:50
Bon je pense que mon soucis est éradiqué.
Merci pour cette aide précieuse et a plus.
Je reconfigure mon compte utilisateur (UAC)
Et je supprime les prg suivants:
LopSD
RSIT
Navilog1
Malwarebyte
Encore une fois, merci
Chris57000
0

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
comment desactiver un bloqueur de pub
amour10 -
MPMP10 -

4 réponses
Problème promotion Instagram
Seeysoon -
Ben -

22 réponses
TF1 replay demande désactiver un bloqueur de pub déjà désactivé
Purplejasmine -
Nelli3 -

12 réponses
retrouver les factures des posts sponsorisés
Carotte -
MathildeSpprn -

12 réponses