Virus du soir ...
Résolu
Snakeyese
-
Snakeyese -
Snakeyese -
Bonjour,
Je viens d'allumer mon pc après une semaine sans rien faire dessus ... et là ... le drame !
Un cheval de troie ou un virus (vous pourrez certainement m'aider à ce sujet car les spécialistes c'est vous) qui vient juste après l'apparition du bureau win xp pro.
J'ai le droit à deux nouveau petit icone à côté de l'horloge genre non protection fire wall etc ... et le bouclier genre mise à jour.
Bon bref, mon avira antivir ne se déclenche pas et ce virus.win32 ... (j'ai ce nom sur un message en bulle jaune parfois) à l'air de bien tenir tous le monde !
J'ai fais un hijackthis dont voici les fichiers :
Log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-12-26 23:08:33
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 18 GB (55%) free of 33 GB
Total RAM: 2047 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:49, on 26/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\richtx64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\wscsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christophe\Bureau\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Christophe\Bureau\Christophe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5664A9-6117-4A21-A270-2480DECE8788}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
Je viens d'allumer mon pc après une semaine sans rien faire dessus ... et là ... le drame !
Un cheval de troie ou un virus (vous pourrez certainement m'aider à ce sujet car les spécialistes c'est vous) qui vient juste après l'apparition du bureau win xp pro.
J'ai le droit à deux nouveau petit icone à côté de l'horloge genre non protection fire wall etc ... et le bouclier genre mise à jour.
Bon bref, mon avira antivir ne se déclenche pas et ce virus.win32 ... (j'ai ce nom sur un message en bulle jaune parfois) à l'air de bien tenir tous le monde !
J'ai fais un hijackthis dont voici les fichiers :
Log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-12-26 23:08:33
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 18 GB (55%) free of 33 GB
Total RAM: 2047 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:49, on 26/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\richtx64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\wscsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christophe\Bureau\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Christophe\Bureau\Christophe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5664A9-6117-4A21-A270-2480DECE8788}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
A voir également:
- Virus du soir ...
- Virus mcafee - Accueil - Piratage
- Postmaster outlook virus - Forum Virus
- Virus facebook demande d'amis - Accueil - Facebook
- Softonic virus ✓ - Forum Virus
- Mauvaise réception tnt le soir - Guide
36 réponses
J'ai du faire une petite pause dans la réparation, voilà le pourquoi du retard
Jusque là le pc va mieux ... :) grâce à toi !
Log de RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-12-27 18:03:43
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (57%) free of 33 GB
Total RAM: 2047 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:52, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Christophe\Bureau\RSIT.exe
C:\Documents and Settings\Christophe\Bureau\Christophe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5664A9-6117-4A21-A270-2480DECE8788}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
Jusque là le pc va mieux ... :) grâce à toi !
Log de RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-12-27 18:03:43
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (57%) free of 33 GB
Total RAM: 2047 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:52, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Christophe\Bureau\RSIT.exe
C:\Documents and Settings\Christophe\Bureau\Christophe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5664A9-6117-4A21-A270-2480DECE8788}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
reste quelques cochonneries...
Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir l'option "s" et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir l'option "s" et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:15:46, 27/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: LIPS-CQ4WGGS883 | Utilisateur actuel: Christophe
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
C:\Program Files\pdfforge Toolbar
C:\Program Files\Viewpoint
C:\DOCUME~1\CHRIST~1\APPLIC~1\pdfforge
C:\Windows\Installer\308356.msi
.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\Search Settings
HKLM\software\AskBarDis
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKU\s-1-5-21-1214440339-1757981266-682003330-1004\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 683zjsu1.default (Christophe)
.
(CHRIST~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.startup.homepage, hxxp://www.trictrac.net/|hxxp://www.google.com/calendar/render?um=1&ie=UTF-8&sa=N&tab=wc|hxxp://www.ludosphere.net/|hxxp://ludosite.o2switch.net/administrator/
(CHRIST~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{FBF6D7FB-F305-4445-BB3D-FEF66579A033}:3.8,{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(CHRIST~1, prefs.js) Privacy.popups.showBrowserMessage, false
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Search Bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4198 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
124 Fichier(s) - C:\WINDOWS\Prefetch
.
2 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 18:24:41 | 27/12/2009 - SCAN[1]
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:15:46, 27/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: LIPS-CQ4WGGS883 | Utilisateur actuel: Christophe
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
C:\Program Files\pdfforge Toolbar
C:\Program Files\Viewpoint
C:\DOCUME~1\CHRIST~1\APPLIC~1\pdfforge
C:\Windows\Installer\308356.msi
.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\Search Settings
HKLM\software\AskBarDis
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKU\s-1-5-21-1214440339-1757981266-682003330-1004\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 683zjsu1.default (Christophe)
.
(CHRIST~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.startup.homepage, hxxp://www.trictrac.net/|hxxp://www.google.com/calendar/render?um=1&ie=UTF-8&sa=N&tab=wc|hxxp://www.ludosphere.net/|hxxp://ludosite.o2switch.net/administrator/
(CHRIST~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{FBF6D7FB-F305-4445-BB3D-FEF66579A033}:3.8,{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(CHRIST~1, prefs.js) Privacy.popups.showBrowserMessage, false
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Search Bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4198 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
124 Fichier(s) - C:\WINDOWS\Prefetch
.
2 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 18:24:41 | 27/12/2009 - SCAN[1]
.
============== E.O.F ==============
.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
oui
et relances ensuite
Option L Lancer le nettoyage
Poster le rapport
puis un nouveau RSIT de controle
et relances ensuite
Option L Lancer le nettoyage
Poster le rapport
puis un nouveau RSIT de controle
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:39:13, 27/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: LIPS-CQ4WGGS883 | Utilisateur actuel: Christophe
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\Program Files\pdfforge Toolbar
C:\Program Files\Viewpoint
C:\DOCUME~1\CHRIST~1\APPLIC~1\pdfforge
C:\Windows\Installer\308356.msi
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\Search Settings
HKLM\software\AskBarDis
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 683zjsu1.default (Christophe)
.
(CHRIST~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.startup.homepage, hxxp://www.trictrac.net/|hxxp://www.google.com/calendar/render?um=1&ie=UTF-8&sa=N&tab=wc|hxxp://www.ludosphere.net/|hxxp://ludosite.o2switch.net/administrator/
(CHRIST~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{FBF6D7FB-F305-4445-BB3D-FEF66579A033}:3.8,{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(CHRIST~1, prefs.js) Privacy.popups.showBrowserMessage, false
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4319 Octet(s) - C:\Ad-Report-CLEAN[1].log
4564 Octet(s) - C:\Ad-Report-SCAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
1 Fichier(s) - C:\WINDOWS\Temp
3 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
40 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 18:46:33 | 27/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:39:13, 27/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: LIPS-CQ4WGGS883 | Utilisateur actuel: Christophe
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\Program Files\pdfforge Toolbar
C:\Program Files\Viewpoint
C:\DOCUME~1\CHRIST~1\APPLIC~1\pdfforge
C:\Windows\Installer\308356.msi
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\Search Settings
HKLM\software\AskBarDis
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 683zjsu1.default (Christophe)
.
(CHRIST~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Christophe\Bureau
(CHRIST~1, prefs.js) Browser.startup.homepage, hxxp://www.trictrac.net/|hxxp://www.google.com/calendar/render?um=1&ie=UTF-8&sa=N&tab=wc|hxxp://www.ludosphere.net/|hxxp://ludosite.o2switch.net/administrator/
(CHRIST~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{FBF6D7FB-F305-4445-BB3D-FEF66579A033}:3.8,{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(CHRIST~1, prefs.js) Privacy.popups.showBrowserMessage, false
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4319 Octet(s) - C:\Ad-Report-CLEAN[1].log
4564 Octet(s) - C:\Ad-Report-SCAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
1 Fichier(s) - C:\WINDOWS\Temp
3 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
40 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 18:46:33 | 27/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-12-27 18:47:19
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (57%) free of 33 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:22, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christophe\Bureau\RSIT.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Christophe\Bureau\Christophe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5664A9-6117-4A21-A270-2480DECE8788}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christophe at 2009-12-27 18:47:19
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (57%) free of 33 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:22, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christophe\Bureau\RSIT.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Christophe\Bureau\Christophe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5664A9-6117-4A21-A270-2480DECE8788}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
(validé par gen hackman)
▶ Télécharge OTM (OldTimer) sur ton Bureau :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
▶ Double-clique sur OTM.exe afin de le lancer.
▶ Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:services
SeekappSrch Service
:files
c:\documents and settings\all users\application data\seekappsrch
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
▶ Clique maintenant sur le bouton MoveIt! puis ferme OTM
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
▶ Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
*Le nom du rapport correspond au moment de sa création : date_heure.log
▶ Télécharge OTM (OldTimer) sur ton Bureau :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
▶ Double-clique sur OTM.exe afin de le lancer.
▶ Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:services
SeekappSrch Service
:files
c:\documents and settings\all users\application data\seekappsrch
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
▶ Clique maintenant sur le bouton MoveIt! puis ferme OTM
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
▶ Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
*Le nom du rapport correspond au moment de sa création : date_heure.log
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
Process Teatimer.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service SeekappSrch Service stopped successfully!
Service SeekappSrch Service deleted successfully!
========== FILES ==========
File/Folder c:\documents and settings\all users\application data\seekappsrch not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Christophe
->Temp folder emptied: 68254 bytes
->Temporary Internet Files folder emptied: 153071 bytes
->Java cache emptied: 113819740 bytes
->FireFox cache emptied: 61984622 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 813233 bytes
Total Files Cleaned = 169,00 mb
OTM by OldTimer - Version 3.1.4.0 log created on 12282009_183847
Files moved on Reboot...
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
Process Teatimer.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service SeekappSrch Service stopped successfully!
Service SeekappSrch Service deleted successfully!
========== FILES ==========
File/Folder c:\documents and settings\all users\application data\seekappsrch not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Christophe
->Temp folder emptied: 68254 bytes
->Temporary Internet Files folder emptied: 153071 bytes
->Java cache emptied: 113819740 bytes
->FireFox cache emptied: 61984622 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 813233 bytes
Total Files Cleaned = 169,00 mb
OTM by OldTimer - Version 3.1.4.0 log created on 12282009_183847
Files moved on Reboot...
Registry entries deleted on Reboot...
ok
1)
Cherches et cliques sur C:\Documents and Settings\Christophe\Bureau\Christophe.exe
Au menu principal, choisir do a scan only, puis cocher la case devant les lignes suivantes à corriger et cliquer en bas sur Fix Checked
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
................
2)
Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure)
https://get2.adobe.com/reader/otherversions/
.................
3)
IMPORTANT
purger la Restauration systeme XP
http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm
..............
4)
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
1)
Cherches et cliques sur C:\Documents and Settings\Christophe\Bureau\Christophe.exe
Au menu principal, choisir do a scan only, puis cocher la case devant les lignes suivantes à corriger et cliquer en bas sur Fix Checked
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe (file missing)
................
2)
Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure)
https://get2.adobe.com/reader/otherversions/
.................
3)
IMPORTANT
purger la Restauration systeme XP
http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm
..............
4)
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\OTM.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\ComboFix.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\HijackThis.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Ad-R.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\hijackthis.log: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Rsit.exe: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\Christophe\Bureau\CLEAN\OTM.exe: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Christophe\Bureau\CLEAN\HijackThis.exe: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Ad-R.exe: supprimé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\hijackthis.log: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Rsit.exe: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !
--> Recherche:
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\OTM.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\ComboFix.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\HijackThis.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Ad-R.exe: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\hijackthis.log: trouvé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Rsit.exe: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\Christophe\Bureau\CLEAN\OTM.exe: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Christophe\Bureau\CLEAN\HijackThis.exe: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Ad-R.exe: supprimé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\hijackthis.log: supprimé !
C:\Documents and Settings\Christophe\Bureau\CLEAN\Rsit.exe: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !
vu
si c'est ok
tu peux mettre le topic en resolu
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
Bonne continuation et surtout , prudence et bon surf :)
si c'est ok
tu peux mettre le topic en resolu
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
Bonne continuation et surtout , prudence et bon surf :)
Je te remercie de m'avoir porter secours.
Avant de noter mon post en résolu, peut tu me donner 2 ou 3 conseil sur les logiciels :
j'ai déjà Avira antivir en antivirus
Spybot en recherche résidente
dois je mettre zone alarme ?
Avant de noter mon post en résolu, peut tu me donner 2 ou 3 conseil sur les logiciels :
j'ai déjà Avira antivir en antivirus
Spybot en recherche résidente
dois je mettre zone alarme ?
