22 réponses
Utilisateur anonyme
27 déc. 2009 à 00:35
27 déc. 2009 à 00:35
>Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• RSIT téléchargera Hijackthis (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt.
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• RSIT téléchargera Hijackthis (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt.
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
coolvirus
Messages postés
88
Date d'inscription
lundi 24 mars 2008
Statut
Membre
Dernière intervention
29 décembre 2009
1
27 déc. 2009 à 00:35
27 déc. 2009 à 00:35
ouais si tu veux quil se propage tu le laisse si non tu le surpimé mdrrrrrrrrrrrrrrr
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
27 déc. 2009 à 01:22
27 déc. 2009 à 01:22
Moi jsuiis vraiment nuul l'indant
Utilisateur anonyme
27 déc. 2009 à 01:47
27 déc. 2009 à 01:47
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
27 déc. 2009 à 01:59
27 déc. 2009 à 01:59
Mercii beaucoup je fais sa tout de suite et je colle le rappor !
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
27 déc. 2009 à 02:15
27 déc. 2009 à 02:15
.MERCI VRAIMENT ! VOICI LE RESULTAT
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 2:02:29, 27/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 1 v5.1.2600
Nom du PC: NOM-OGL2XDJJQAE | Utilisateur actuel: Propri‚taire
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: WinSvc
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\liveplayer_exe.dat
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\liveplayer_skin.dat
C:\WINDOWS\pack.epk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Live-Player
C:\Program Files\AskTBar
C:\Program Files\EoRezo
C:\Program Files\Kiwee Toolbar2
C:\Program Files\Live-Player
C:\Program Files\Viewpoint
C:\Program Files\Winsudate
C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
C:\DOCUME~1\PROPRI~1\APPLIC~1\live-player
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar2
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\EoRezo
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\Kiwee Toolbar2
C:\DOCUME~1\PROPRI~1\Bureau\Live-Player.lnk
C:\DOCUME~1\ALLUSE~1\Bureau\Continue Europa Casino setup.lnk
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre.dat
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre.exe
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre_nav.dat
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre_navps.dat
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\EoRezo
HKCU\software\fcn
HKCU\software\Live-Player
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\msafmkre
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\software\classes\appid\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\software\classes\EoRezoBHO.EoBHO
HKLM\software\classes\EoRezoBHO.EoBHO.1
HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\software\EoRezo
HKLM\software\Live-Player
HKLM\software\microsoft\shared tools\msconfig\startupreg\EoEngine
HKLM\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\SYSTEM\ControlSet003\Services\winsvc
HKU\.default\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 708vdllo.default (Propri‚taire)
.
(PROPRI~1, Invalidprefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, Invalidprefs.js) Browser.search.selectedEngine, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.startup.homepage, hxxp://www.cherchermalin.com/?t=Q0908143499&s=h
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
.
(PROPRI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements
(PROPRI~1, prefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, prefs.js) Browser.search.selectedEngine, Google
(PROPRI~1, prefs.js) Browser.startup.homepage, hxxp://www.searcheo.fr/pratique
(PROPRI~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,ar@dictionaries.addons.mozilla.org:2.0.20080110,fr@dictionaries.addons.mozilla.org:2.1,{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{d9284e50-81fc-11da-a72b-0800200c9a66}:6.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(PROPRI~1, prefs.js) Keyword.URL, hxxp://www.searcheo.fr/pratique?search&q=
.
.
* Internet Explorer Version 6.0.2800.1106 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\System32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Use Search Asst: no
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6356 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
7 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
264 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 2:13:03 | 27/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 2:02:29, 27/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 1 v5.1.2600
Nom du PC: NOM-OGL2XDJJQAE | Utilisateur actuel: Propri‚taire
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: WinSvc
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\liveplayer_exe.dat
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\liveplayer_skin.dat
C:\WINDOWS\pack.epk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Live-Player
C:\Program Files\AskTBar
C:\Program Files\EoRezo
C:\Program Files\Kiwee Toolbar2
C:\Program Files\Live-Player
C:\Program Files\Viewpoint
C:\Program Files\Winsudate
C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
C:\DOCUME~1\PROPRI~1\APPLIC~1\live-player
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar2
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\EoRezo
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\Kiwee Toolbar2
C:\DOCUME~1\PROPRI~1\Bureau\Live-Player.lnk
C:\DOCUME~1\ALLUSE~1\Bureau\Continue Europa Casino setup.lnk
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre.dat
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre.exe
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre_nav.dat
C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre_navps.dat
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\EoRezo
HKCU\software\fcn
HKCU\software\Live-Player
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\msafmkre
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\software\classes\appid\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\software\classes\EoRezoBHO.EoBHO
HKLM\software\classes\EoRezoBHO.EoBHO.1
HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\software\EoRezo
HKLM\software\Live-Player
HKLM\software\microsoft\shared tools\msconfig\startupreg\EoEngine
HKLM\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\SYSTEM\ControlSet003\Services\winsvc
HKU\.default\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 708vdllo.default (Propri‚taire)
.
(PROPRI~1, Invalidprefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, Invalidprefs.js) Browser.search.selectedEngine, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.startup.homepage, hxxp://www.cherchermalin.com/?t=Q0908143499&s=h
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
.
(PROPRI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements
(PROPRI~1, prefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, prefs.js) Browser.search.selectedEngine, Google
(PROPRI~1, prefs.js) Browser.startup.homepage, hxxp://www.searcheo.fr/pratique
(PROPRI~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,ar@dictionaries.addons.mozilla.org:2.0.20080110,fr@dictionaries.addons.mozilla.org:2.1,{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{d9284e50-81fc-11da-a72b-0800200c9a66}:6.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(PROPRI~1, prefs.js) Keyword.URL, hxxp://www.searcheo.fr/pratique?search&q=
.
.
* Internet Explorer Version 6.0.2800.1106 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\System32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Use Search Asst: no
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6356 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
7 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
264 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 2:13:03 | 27/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
27 déc. 2009 à 02:45
27 déc. 2009 à 02:45
Merci pour votre aide j'attend la suiite pour demain svp .. la je vais me coucher =)
Bonne soiré . et a Demain Mercii !
Bonne soiré . et a Demain Mercii !
Utilisateur anonyme
27 déc. 2009 à 13:30
27 déc. 2009 à 13:30
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
27 déc. 2009 à 17:33
27 déc. 2009 à 17:33
Mercii je fais sa maintenent et je poste le rapport =D
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
27 déc. 2009 à 17:40
27 déc. 2009 à 17:40
J'aii un petit soucis
Quand je met RAPPORT COMPLET on me demande de selectionné le lecteur a examiné !
il y a le lecteur A :/ C:/ D:/ E:/ F:/ G:/ Maiis il y a ke le lecteur C:/ et D:/ qui sont coché !
QUE DOIT JE FAIRE
Quand je met RAPPORT COMPLET on me demande de selectionné le lecteur a examiné !
il y a le lecteur A :/ C:/ D:/ E:/ F:/ G:/ Maiis il y a ke le lecteur C:/ et D:/ qui sont coché !
QUE DOIT JE FAIRE
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
28 déc. 2009 à 01:24
28 déc. 2009 à 01:24
Le rapport est terminé MAIS L'ORDINATEUR A REDERMARRé Ou est il enregistré ?
Utilisateur anonyme
28 déc. 2009 à 11:30
28 déc. 2009 à 11:30
Ouvre Malwarebyte's / Onglet Log, rapports / Copie sont intégralité et envoie le dans ta prochaine réponse.
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
28 déc. 2009 à 15:19
28 déc. 2009 à 15:19
MERCI VOILAA LE RAPPORT ::
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3441
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106
28/12/2009 01:17:33
mbam-log-2009-12-28 (01-17-33).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 226358
Temps écoulé: 1 hour(s), 12 minute(s), 35 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 80
Processus mémoire infecté(s):
C:\WINDOWS\rndll.exe (BackdoorBot) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firevall administrating (BackdoorBot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.postarticles.net) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\07WCKS25\gibupt[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\07WCKS25\gibusr[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O7Z9STUM\gibsvc[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z9MOSO1A\gibcom[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z9MOSO1A\gibidl[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EOA99\EoRezoBHO.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoAdv\EoAdv.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoEng\EoEngine.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\eorez\eorezo.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibcom\gibcom.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibidl\gibidl.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc\gibsvc.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibupt\gibupt.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibusr\gibusr.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042974.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042976.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042977.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042978.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043001.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043031.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043032.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043033.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043034.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043035.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043037.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043038.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\image02.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image020.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image023.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image026.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image035.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image044.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image05.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image083.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image086.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image092.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images18.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images21.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images24.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images33.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images66.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images72.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images81.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images90.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images96.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo0.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo18.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo21.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo27.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo30.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo39.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo63.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo72.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo78.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo84.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_13.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_16.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_22.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_34.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_64.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_76.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_85.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_88.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_94.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album1.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album25.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album37.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album43.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album49.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album58.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album7.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album73.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album79.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album82.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album88.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album91.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rndll.exe (BackdoorBot) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3441
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106
28/12/2009 01:17:33
mbam-log-2009-12-28 (01-17-33).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 226358
Temps écoulé: 1 hour(s), 12 minute(s), 35 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 80
Processus mémoire infecté(s):
C:\WINDOWS\rndll.exe (BackdoorBot) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firevall administrating (BackdoorBot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.postarticles.net) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\07WCKS25\gibupt[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\07WCKS25\gibusr[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O7Z9STUM\gibsvc[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z9MOSO1A\gibcom[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z9MOSO1A\gibidl[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EOA99\EoRezoBHO.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoAdv\EoAdv.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoEng\EoEngine.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\eorez\eorezo.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibcom\gibcom.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibidl\gibidl.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc\gibsvc.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibupt\gibupt.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibusr\gibusr.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042974.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042976.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042977.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042978.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043001.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043031.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043032.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043033.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043034.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043035.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043037.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043038.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\image02.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image020.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image023.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image026.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image035.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image044.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image05.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image083.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image086.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\image092.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images18.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images21.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images24.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images33.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images66.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images72.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images81.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images90.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\images96.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo0.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo18.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo21.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo27.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo30.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo39.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo63.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo72.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo78.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo84.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_13.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_16.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_22.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_34.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_64.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_76.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_85.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_88.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photos2007_94.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album1.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album25.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album37.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album43.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album49.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album58.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album7.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album73.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album79.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album82.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album88.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\photo_album91.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rndll.exe (BackdoorBot) -> Quarantined and deleted successfully.
Utilisateur anonyme
29 déc. 2009 à 00:12
29 déc. 2009 à 00:12
Vide la qurantaine de Malwarebyte's :
> Lance Malwarebyte's
> Onglet quarantaine
> Supprimer tout
Et refait moi un rapport RSIT stp =)
https://forums.commentcamarche.net/forum/affich-15848347-viruuuus#1
> Lance Malwarebyte's
> Onglet quarantaine
> Supprimer tout
Et refait moi un rapport RSIT stp =)
https://forums.commentcamarche.net/forum/affich-15848347-viruuuus#1
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
29 déc. 2009 à 00:37
29 déc. 2009 à 00:37
VOILA LE RAPPORT RSIT ::
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-12-29 00:36:15
Microsoft Windows XP Édition familiale Service Pack 1
System drive C: has 1 GB (2%) free of 73 GB
Total RAM: 511 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:34, on 29/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ares\Ares.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\RSIT(2).exe
C:\Program Files\trend micro\Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-12-29 00:36:15
Microsoft Windows XP Édition familiale Service Pack 1
System drive C: has 1 GB (2%) free of 73 GB
Total RAM: 511 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:34, on 29/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ares\Ares.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\RSIT(2).exe
C:\Program Files\trend micro\Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
29 déc. 2009 à 00:33
29 déc. 2009 à 00:33
Daccor je fais sa maintenent =D
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
29 déc. 2009 à 00:34
29 déc. 2009 à 00:34
eske je doi tou fermé comme le premier rappor ?!
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
30 déc. 2009 à 01:32
30 déc. 2009 à 01:32
MERCI ET VOICI LE RAPPORT ::
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 1:24:58, 30/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 1 v5.1.2600
Nom du PC: NOM-OGL2XDJJQAE | Utilisateur actuel: Propri‚taire
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
(!) -- Fichiers temporaires supprimés.
.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 708vdllo.default (Propri‚taire)
.
(PROPRI~1, Invalidprefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, Invalidprefs.js) Browser.search.selectedEngine, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.startup.homepage, hxxp://www.cherchermalin.com/?t=Q0908143499&s=h
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
.
(PROPRI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Propriétaire\Mes documents\MES IMAGES\PhOto Neejma\LOGO'S
(PROPRI~1, prefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, prefs.js) Browser.search.selectedEngine, Google
(PROPRI~1, prefs.js) Browser.startup.homepage, hxxp://www.searcheo.fr/pratique
(PROPRI~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,ar@dictionaries.addons.mozilla.org:2.0.20080110,fr@dictionaries.addons.mozilla.org:2.1,{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{d9284e50-81fc-11da-a72b-0800200c9a66}:6.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(PROPRI~1, prefs.js) Keyword.URL, hxxp://www.searcheo.fr/pratique?search&q=
.
.
* Internet Explorer Version 6.0.2800.1106 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\System32\blank.htm
Show_ToolBar: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Use Search Asst: no
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6725 Octet(s) - C:\Ad-Report-CLEAN[1].log
3800 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
0 Fichier(s) - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
6 Fichier(s) - C:\WINDOWS\Prefetch
.
35 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
253 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 1:30:30 | 30/12/2009 - CLEAN[2]
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 1:24:58, 30/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 1 v5.1.2600
Nom du PC: NOM-OGL2XDJJQAE | Utilisateur actuel: Propri‚taire
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
(!) -- Fichiers temporaires supprimés.
.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: 708vdllo.default (Propri‚taire)
.
(PROPRI~1, Invalidprefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, Invalidprefs.js) Browser.search.selectedEngine, Chercher Malin
(PROPRI~1, Invalidprefs.js) Browser.startup.homepage, hxxp://www.cherchermalin.com/?t=Q0908143499&s=h
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
(PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
.
(PROPRI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Propriétaire\Mes documents\MES IMAGES\PhOto Neejma\LOGO'S
(PROPRI~1, prefs.js) Browser.search.defaultenginename, Chercher Malin
(PROPRI~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(PROPRI~1, prefs.js) Browser.search.selectedEngine, Google
(PROPRI~1, prefs.js) Browser.startup.homepage, hxxp://www.searcheo.fr/pratique
(PROPRI~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,ar@dictionaries.addons.mozilla.org:2.0.20080110,fr@dictionaries.addons.mozilla.org:2.1,{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{d9284e50-81fc-11da-a72b-0800200c9a66}:6.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(PROPRI~1, prefs.js) Keyword.URL, hxxp://www.searcheo.fr/pratique?search&q=
.
.
* Internet Explorer Version 6.0.2800.1106 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\System32\blank.htm
Show_ToolBar: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Use Search Asst: no
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6725 Octet(s) - C:\Ad-Report-CLEAN[1].log
3800 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
0 Fichier(s) - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
6 Fichier(s) - C:\WINDOWS\Prefetch
.
35 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
253 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 1:30:30 | 30/12/2009 - CLEAN[2]
.
============== E.O.F ==============
.
Utilisateur anonyme
30 déc. 2009 à 13:30
30 déc. 2009 à 13:30
Supprime manuellement ceci : C:\Program Files\EoRezo\eorezo.exe
Et refait moi un RSIT.
Et refait moi un RSIT.
Tchoup'S
Messages postés
24
Date d'inscription
dimanche 27 décembre 2009
Statut
Membre
Dernière intervention
25 avril 2010
30 déc. 2009 à 17:18
30 déc. 2009 à 17:18
Je le supprime où ?? Où est enregistré le fichier ?
27 déc. 2009 à 01:27
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-12-27 01:25:23
Microsoft Windows XP Édition familiale Service Pack 1
System drive C: has 708 MB (1%) free of 73 GB
Total RAM: 511 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:57, on 27/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\EoRezo\eorezo.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Winsudate\gibusr.exe
C:\documents and settings\propriétaire\local settings\application data\msafmkre.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\rndll.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EOBHO - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files\EoRezo\EoRezoBHO.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe"
O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [msafmkre] "c:\documents and settings\propriétaire\local settings\application data\msafmkre.exe" msafmkre
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe