Problème avec rundll32.exe
Résolu
el tipito
Messages postés
112
Date d'inscription
Statut
Membre
Dernière intervention
-
Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 85985 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
au fait !! j'ai pas vraiment une question !! c'est plutôt un problème !! au fait à chaque fois que je veux éteindre mon Pc il y a une fenêtre de terminer le programme qui apparait !! et je vous laisse deviner de quel programme s'agit il !! et oui !! c'est le Rundll32.exe !! alors j'aimerai savoir si c'est un programme système !! et puis c'est quoi son rôle exactement ? et qu'est qui a pu causer ce problème ?? et bien sur comment le réparer !!
merci pour votre aide !!
au fait !! j'ai pas vraiment une question !! c'est plutôt un problème !! au fait à chaque fois que je veux éteindre mon Pc il y a une fenêtre de terminer le programme qui apparait !! et je vous laisse deviner de quel programme s'agit il !! et oui !! c'est le Rundll32.exe !! alors j'aimerai savoir si c'est un programme système !! et puis c'est quoi son rôle exactement ? et qu'est qui a pu causer ce problème ?? et bien sur comment le réparer !!
merci pour votre aide !!
A voir également:
- Problème avec rundll32.exe
- .Exe - Télécharger - Divers Utilitaires
- Svchost exe - Guide
- Bat to exe converter - Télécharger - Édition & Programmation
- Winrar exe - Télécharger - Compression & Décompression
- Frst64.exe - Télécharger - Sécurité
65 réponses
voila !! c fé !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50:51, on 29/09/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\TEMP\stf2B8.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Documents and Settings\user\jgrkfyv.exe \s,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {F8D257EA-A711-4A60-86E8-B9F0A22B5166} - C:\WINDOWS\System32\msvcp6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinDLL (Regdll.exe)] rundll32.exe C:\WINDOWS\System32\Regdll.exe,start
O4 - HKLM\..\Run: [WinDLL (uthn.exe)] rundll32.exe C:\WINDOWS\System32\uthn.exe,start
O4 - HKLM\..\Run: [WinSmsFi] System
O4 - HKLM\..\Run: [phkgrj] C:\WINDOWS\System32\phkgrj.exe \u
O4 - HKLM\..\Run: [mqaacctv] %systemroot%\mqaacctv.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunServices: [Windows Micro Drivers] wupdates32.exe
O4 - HKCU\..\RunServices: [Symantec Autoscan] xedpaypzmqcgh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] zcbxmw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Micro Drivers] wupdates32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Autoscan] xedpaypzmqcgh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Config] msconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Config] msconf.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://66.186.63.186/IMSCP/talk.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D553A-FE1E-44D8-8980-1E5DAA4A9A97}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O18 - Filter: text/plain - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/logos/holiday06_1.gif
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50:51, on 29/09/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\TEMP\stf2B8.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Documents and Settings\user\jgrkfyv.exe \s,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {F8D257EA-A711-4A60-86E8-B9F0A22B5166} - C:\WINDOWS\System32\msvcp6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinDLL (Regdll.exe)] rundll32.exe C:\WINDOWS\System32\Regdll.exe,start
O4 - HKLM\..\Run: [WinDLL (uthn.exe)] rundll32.exe C:\WINDOWS\System32\uthn.exe,start
O4 - HKLM\..\Run: [WinSmsFi] System
O4 - HKLM\..\Run: [phkgrj] C:\WINDOWS\System32\phkgrj.exe \u
O4 - HKLM\..\Run: [mqaacctv] %systemroot%\mqaacctv.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunServices: [Windows Micro Drivers] wupdates32.exe
O4 - HKCU\..\RunServices: [Symantec Autoscan] xedpaypzmqcgh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] zcbxmw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Micro Drivers] wupdates32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Autoscan] xedpaypzmqcgh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Config] msconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Config] msconf.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://66.186.63.186/IMSCP/talk.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D553A-FE1E-44D8-8980-1E5DAA4A9A97}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O18 - Filter: text/plain - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/logos/holiday06_1.gif
C'est déjà plus normal comme rapport.
---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voilà !!
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : BIOS Revision: 1.05
USER : user ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total : 14 Go Free : 0 Go
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total : 13 Go Free : 6 Go
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 29/09/2008| 1:57 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\Multi_Media
C:\Program Files\Multi_Media\INSTALL.LOG
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\DOCUME~1\user\APPLIC~1\Search Settings
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\DOCUME~1\user\Cookies\user@lp.zango[2].txt
C:\DOCUME~1\user\Cookies\user@static.zangocash[2].txt
-----------\\ Extensions
(user) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\System32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Default_Page_URL"="about:blank"
"Start Page_bak"="http://www.com/"
"Search Page_bak"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar_bak"="http://www.couldnotfind.com/search_page.html?&account_id=152854"
"HOMEOldSP"="about:blank"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Start Page"="https://fr.yahoo.com/"
"HOMEOldSP"="about:blank"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 29/09/2008| 2:00 - Option : [1]
-----------\\ Fin du rapport a 2:00:39,68
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : BIOS Revision: 1.05
USER : user ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total : 14 Go Free : 0 Go
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total : 13 Go Free : 6 Go
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 29/09/2008| 1:57 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\Multi_Media
C:\Program Files\Multi_Media\INSTALL.LOG
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\DOCUME~1\user\APPLIC~1\Search Settings
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\DOCUME~1\user\Cookies\user@lp.zango[2].txt
C:\DOCUME~1\user\Cookies\user@static.zangocash[2].txt
-----------\\ Extensions
(user) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\System32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Default_Page_URL"="about:blank"
"Start Page_bak"="http://www.com/"
"Search Page_bak"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar_bak"="http://www.couldnotfind.com/search_page.html?&account_id=152854"
"HOMEOldSP"="about:blank"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Start Page"="https://fr.yahoo.com/"
"HOMEOldSP"="about:blank"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 29/09/2008| 2:00 - Option : [1]
-----------\\ Fin du rapport a 2:00:39,68
mais bon !!
je prefere réparer tant ke c possible !! je suis un future informaticien qd mm !! et un bon informaticien doit pa avoir recourt au formatage sauf sil a vraiment plu le choix !! vré ou fo ?? ;)
-
l'informaticien est un lecteur éternel...
je prefere réparer tant ke c possible !! je suis un future informaticien qd mm !! et un bon informaticien doit pa avoir recourt au formatage sauf sil a vraiment plu le choix !! vré ou fo ?? ;)
-
l'informaticien est un lecteur éternel...
"et un bon informaticien doit pa avoir recourt au formatage sauf sil a vraiment plu le choix !! vré ou fo ?? ;) "
---> C'est trop facile de formater à chaque problème.
---> C'est trop facile de formater à chaque problème.
le dernier rapport apres la supression !!
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : BIOS Revision: 1.05
USER : user ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total : 14 Go Free : 0 Go
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total : 13 Go Free : 6 Go
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 29/09/2008| 2:05 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Multi_Media\INSTALL.LOG
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\user\Cookies\user@lp.zango[2].txt
Supprime! - C:\DOCUME~1\user\Cookies\user@static.zangocash[2].txt
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\Multi_Media
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(user) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\System32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Default_Page_URL"="about:blank"
"Start Page_bak"="http://www.com/"
"Search Page_bak"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar_bak"="http://www.couldnotfind.com/search_page.html?&account_id=152854"
"HOMEOldSP"="about:blank"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Start Page"="https://www.msn.com/fr-fr/"
"HOMEOldSP"="about:blank"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 29/09/2008| 2:00 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/09/2008| 2:10 - Option : [2]
-----------\\ Fin du rapport a 2:10:41,02
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : BIOS Revision: 1.05
USER : user ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total : 14 Go Free : 0 Go
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total : 13 Go Free : 6 Go
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 29/09/2008| 2:05 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Multi_Media\INSTALL.LOG
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\user\Cookies\user@lp.zango[2].txt
Supprime! - C:\DOCUME~1\user\Cookies\user@static.zangocash[2].txt
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\Multi_Media
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(user) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\System32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Default_Page_URL"="about:blank"
"Start Page_bak"="http://www.com/"
"Search Page_bak"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar_bak"="http://www.couldnotfind.com/search_page.html?&account_id=152854"
"HOMEOldSP"="about:blank"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/"
"Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/"
"Start Page"="https://www.msn.com/fr-fr/"
"HOMEOldSP"="about:blank"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 29/09/2008| 2:00 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/09/2008| 2:10 - Option : [2]
-----------\\ Fin du rapport a 2:10:41,02
voici le rapport !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:08, on 29/09/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\TEMP\stf2B8.tmp
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Documents and Settings\user\jgrkfyv.exe \s,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: (no name) - {F8D257EA-A711-4A60-86E8-B9F0A22B5166} - C:\WINDOWS\System32\msvcp6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinDLL (Regdll.exe)] rundll32.exe C:\WINDOWS\System32\Regdll.exe,start
O4 - HKLM\..\Run: [WinDLL (uthn.exe)] rundll32.exe C:\WINDOWS\System32\uthn.exe,start
O4 - HKLM\..\Run: [WinSmsFi] System
O4 - HKLM\..\Run: [phkgrj] C:\WINDOWS\System32\phkgrj.exe \u
O4 - HKLM\..\Run: [mqaacctv] %systemroot%\mqaacctv.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunServices: [Windows Micro Drivers] wupdates32.exe
O4 - HKCU\..\RunServices: [Symantec Autoscan] xedpaypzmqcgh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] zcbxmw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Micro Drivers] wupdates32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Autoscan] xedpaypzmqcgh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Config] msconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Config] msconf.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://66.186.63.186/IMSCP/talk.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D553A-FE1E-44D8-8980-1E5DAA4A9A97}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O18 - Filter: text/plain - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/logos/holiday06_1.gif
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:08, on 29/09/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\TEMP\stf2B8.tmp
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Documents and Settings\user\jgrkfyv.exe \s,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: (no name) - {F8D257EA-A711-4A60-86E8-B9F0A22B5166} - C:\WINDOWS\System32\msvcp6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinDLL (Regdll.exe)] rundll32.exe C:\WINDOWS\System32\Regdll.exe,start
O4 - HKLM\..\Run: [WinDLL (uthn.exe)] rundll32.exe C:\WINDOWS\System32\uthn.exe,start
O4 - HKLM\..\Run: [WinSmsFi] System
O4 - HKLM\..\Run: [phkgrj] C:\WINDOWS\System32\phkgrj.exe \u
O4 - HKLM\..\Run: [mqaacctv] %systemroot%\mqaacctv.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunServices: [Windows Micro Drivers] wupdates32.exe
O4 - HKCU\..\RunServices: [Symantec Autoscan] xedpaypzmqcgh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] zcbxmw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Micro Drivers] wupdates32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Autoscan] xedpaypzmqcgh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Config] msconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Config] msconf.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://66.186.63.186/IMSCP/talk.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D553A-FE1E-44D8-8980-1E5DAA4A9A97}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O18 - Filter: text/plain - {73CA97F9-0CA2-4C6F-8F23-2C2FB9170FCF} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/logos/holiday06_1.gif
---> Menu Démarrer > Exécuter > Tu tapes cmd et tu valides par Entrée
---> Dans la fenêtre noire, tape sc delete AntiVirScheduler et fais Entrée
---> Dans la fenêtre noire, tape sc delete AntiVirScheduler et fais Entrée
---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
---> Enregistre le fichier sur le Bureau.
---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.
---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste List Of Files/Folders to Move.
C:\Program Files\AntiVir PersonalEdition Classic\
C:\WINDOWS\faceback.exe
---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.
Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
---> Enregistre le fichier sur le Bureau.
---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.
---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste List Of Files/Folders to Move.
C:\Program Files\AntiVir PersonalEdition Classic\
C:\WINDOWS\faceback.exe
---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.
Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
je croi kon s'approche de la fin !!
C:\Program Files\AntiVir PersonalEdition Classic\FAILSAFE moved successfully.
C:\Program Files\AntiVir PersonalEdition Classic\EVENTDB moved successfully.
C:\Program Files\AntiVir PersonalEdition Classic moved successfully.
C:\WINDOWS\faceback.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09292008_024331
C:\Program Files\AntiVir PersonalEdition Classic\FAILSAFE moved successfully.
C:\Program Files\AntiVir PersonalEdition Classic\EVENTDB moved successfully.
C:\Program Files\AntiVir PersonalEdition Classic moved successfully.
C:\WINDOWS\faceback.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09292008_024331