Problème-virus
gwadsan1
Messages postés
1
Statut
Membre
-
gwadsan1 -
gwadsan1 -
Bonjour,
Quelqu'un pourrait-il m'aider j'ai un problème avec mon ordi un ACER ASPIRE 5520/5220, il rame énormément, dés que je suis sur un programme ou internet cela ne répond plus, j'ai beaucoup de mal à lire des vidéos et à avoir des vidéos conférences sur msn ou skype. Je l'ai scanné avec SPYBOT qui m'avait détecter des spywares que j'ai supprimé, mais rien a changé et aprés avoir parcouru le forum j'ai vu que beaucoup de personnes avaient leurs problèmes résolus aprés un rapport HijackThis grâce à l'aide d'intenautes. SI JE POSTE LE MIEN QUELQU'UN POURAIT-IL M'AIDER CAR MOI JE N'Y COMPRENDS RIEN. MERCI
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:33, on 26/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Horloge Parlante ZMSoft] C:\ZMSoft\HParlant\HParlante.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mkwig] "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://spinpalace.microgaming.com/frspinpalace/FlashAX2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Quelqu'un pourrait-il m'aider j'ai un problème avec mon ordi un ACER ASPIRE 5520/5220, il rame énormément, dés que je suis sur un programme ou internet cela ne répond plus, j'ai beaucoup de mal à lire des vidéos et à avoir des vidéos conférences sur msn ou skype. Je l'ai scanné avec SPYBOT qui m'avait détecter des spywares que j'ai supprimé, mais rien a changé et aprés avoir parcouru le forum j'ai vu que beaucoup de personnes avaient leurs problèmes résolus aprés un rapport HijackThis grâce à l'aide d'intenautes. SI JE POSTE LE MIEN QUELQU'UN POURAIT-IL M'AIDER CAR MOI JE N'Y COMPRENDS RIEN. MERCI
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:33, on 26/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Horloge Parlante ZMSoft] C:\ZMSoft\HParlant\HParlante.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mkwig] "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://spinpalace.microgaming.com/frspinpalace/FlashAX2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Problème-virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
6 réponses
Tu peux essayer de désactiver le Tea-Timer de Spybot, il crée des ralentissements monstres sur certaines machines.
bonsoir :
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis :
"Exécuter en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé a la racine du disque
Tuto : http://www.malekal.com/Adware.Magic_Control.php
ensuite :
Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-remover située sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis :
"Exécuter en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé a la racine du disque
Tuto : http://www.malekal.com/Adware.Magic_Control.php
ensuite :
Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-remover située sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
Bonsoir,
Je fais exactement ce que tu m'as dit de faire par contre j'ai un prob avec le téléchargement de AD-R, je le télécharge normalement sur mon bureau mais quand je veux l'executer on me dit qu'il a des parties invalides et je ne le retrouve pas dans mon bureau. Ai-je fais une erreur quelque part. merçi
Je fais exactement ce que tu m'as dit de faire par contre j'ai un prob avec le téléchargement de AD-R, je le télécharge normalement sur mon bureau mais quand je veux l'executer on me dit qu'il a des parties invalides et je ne le retrouve pas dans mon bureau. Ai-je fais une erreur quelque part. merçi
bonjour meme en faisant "clic droit" et "executer en tant qu'admin?
tu as desactivé l'uac comme demande au debut du post ?
tu as desactivé l'uac comme demande au debut du post ?
Bonjour,
J'ai réussi à téléchargr AD-RE, j'ai fait tous ce que tu 'as dit de faire. voici le rapport.
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
# START at: 19:52:42 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 90 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Windows\System32\rundll32.exe
C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[20/07/2008 19:48|d--------] C:\Boonty
[20/07/2008 19:48|d--------] C:\Boonty\COMPON~1
[10/12/2008 19:54|d--------] C:\Boonty\Games
[10/12/2008 19:54|--a------] C:\Boonty\Games\RICOCH~1.EXE
[20/07/2008 19:49|--a------] C:\Boonty\Games\ZUMADE~1.EXE
[11/12/2008 12:33|d--------] C:\PROGRA~1\BOONTY~1
[10/12/2008 19:54|d--------] C:\PROGRA~1\BOONTY~1\COMPON~1
[14/02/2005 15:34|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\bureau.url
[27/10/2003 14:07|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\Joystick.ico
[14/02/2005 15:34|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\start.url
[11/12/2008 12:33|d--------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1
[10/12/2008 19:56|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1\JEUXTL~1.LNK
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
"HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}"
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM
[01/11/2008 20:47|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\default.xml
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMA~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMM~1.DLL
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGARCH~1.DLL
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgcommon.dll
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGCOMM~1.DLL
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgconfig.dll
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGFLAS~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGHOOK~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGIEPL~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mglogger.dll
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMEDI~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNA~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNM~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSIMC~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSWEE~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGUPDA~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGXML_~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~2.DLL
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcp71.dll
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\SweetIM.exe
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\AUDIBL~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\DISPLA~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\EMOTIC~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\NUDGEB~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\SOUNDF~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\WINKSB~1.PNG
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\CLEARH~1.EXE
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\conf
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\default.xml
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgcommon.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgconfig.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgHelper.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mglogger.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGSIMC~1.DLL
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGTOOL~1.DLL
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGXML_~1.DLL
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\msvcp71.dll
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\msvcr71.dll
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\conf\logger.xml
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\affid.dat
[18/03/2008 19:10|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\basis.xml
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\BOOKMA~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\EMAIL_~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\GAMES_~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\GREETI~1.BMP
[27/03/2008 17:03|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\Logo.bmp
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\MOBILE~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\MUSIC_~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\NEWS_2~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SHOPIN~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SMILEY~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SMILEY~2.BMP
[27/03/2008 17:03|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SWEETI~1.BMP
[27/03/2008 12:41|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\toolbar.xml
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\version.txt
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\data
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\logs
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\update
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\adapter.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\AUTOUP~1.XML
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\logger.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\messages.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\sweetim.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\SWEETI~1.XML
[07/08/2008 10:01|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users
[21/07/2008 09:33|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\DTOWNS~1.FR
[24/07/2008 14:34|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FABULO~1.FR
[30/07/2008 12:26|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FASHIO~1.FR
[24/07/2008 01:02|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR
[07/08/2008 10:01|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\KALITY~1.FR
[09/07/2008 19:44|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[25/07/2008 01:11|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\SANDRI~1.FR
[21/07/2008 09:33|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\DTOWNS~1.FR\EMOTIC~1.XML
[21/07/2008 09:33|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\DTOWNS~1.FR\USER_C~1.XML
[24/07/2008 14:34|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FABULO~1.FR\EMOTIC~1.XML
[24/07/2008 14:34|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FABULO~1.FR\USER_C~1.XML
[30/07/2008 12:26|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FASHIO~1.FR\EMOTIC~1.XML
[30/07/2008 12:26|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FASHIO~1.FR\USER_C~1.XML
[24/07/2008 00:18|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR\EMOTIC~1.XML
[24/07/2008 01:02|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR\LASTUS~1.XML
[09/07/2008 19:44|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR\USER_C~1.XML
[07/08/2008 10:01|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\KALITY~1.FR\EMOTIC~1.XML
[07/08/2008 10:01|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\KALITY~1.FR\USER_C~1.XML
[25/07/2008 01:11|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\SANDRI~1.FR\EMOTIC~1.XML
[25/07/2008 01:11|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\SANDRI~1.FR\USER_C~1.XML
[04/12/2008 13:16|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100AC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100B8.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100BA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100D5.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100FD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100FE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0001010B.dat
[07/06/2006 23:02|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010846.dat
[07/06/2006 23:02|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010848.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010859.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010892.dat
[11/04/2007 17:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010896.dat
[11/04/2007 17:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010897.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0001089D.dat
[15/07/2007 10:46|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108A8.dat
[13/08/2007 21:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[21/11/2007 11:02|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108B9.dat
[02/12/2007 12:30|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108BE.dat
[16/12/2007 09:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108C2.dat
[24/04/2008 17:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108F1.dat
[22/05/2008 20:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010904.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020062.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002006A.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002006D.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020075.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000200B8.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020114.dat
[15/11/2006 13:13|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020132.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002013F.dat
[01/03/2007 15:52|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020148.dat
[13/05/2007 21:13|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020158.dat
[09/10/2007 10:41|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020185.dat
[21/10/2007 19:48|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020191.dat
[20/11/2007 17:52|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000201B0.dat
[16/12/2007 10:53|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000201F6.dat
[13/01/2008 19:33|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
[22/05/2008 20:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
[22/06/2008 08:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000202C3.dat
[14/09/2008 12:12|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000202ED.dat
[21/10/2007 18:48|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0003005F.dat
[05/11/2007 18:41|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00030063.dat
[20/11/2007 17:52|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00030067.dat
[13/01/2008 19:33|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0003006F.dat
[26/06/2008 14:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000300A2.dat
[26/06/2008 13:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000300A4.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0004001F.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0004002B.dat
[06/04/2006 19:56|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00040048.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0004005A.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00040063.dat
[16/12/2007 09:53|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000400E2.dat
[22/05/2008 20:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00040108.dat
[09/09/2007 13:35|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00050004.dat
[11/07/2007 12:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00050005.dat
[24/04/2008 17:18|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080014.dat
[22/05/2008 20:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0008001A.dat
[22/06/2008 08:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080020.dat
[22/06/2008 08:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080022.dat
[23/06/2008 16:32|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[21/10/2007 18:48|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\010108A7.dat
[11/12/2007 18:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\01050007.dat
[04/12/2008 13:16|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars\INTERN~1
[09/07/2008 19:43|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars\INTERN~1\cache
[19/12/2008 00:20|--a------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
SweetIM REG_SZ C:\Program Files\SweetIM\Messenger\SweetIM.exe
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://home.sweetim.com
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-28.12.2008.log" (~31450 bytes)
# END at: 19:53:17 | 28/12/2008 - Time elapsed: 34.9 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 422 lines ]
+---------------------------------------------------------------------------+
J'ai réussi à téléchargr AD-RE, j'ai fait tous ce que tu 'as dit de faire. voici le rapport.
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
# START at: 19:52:42 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 90 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Windows\System32\rundll32.exe
C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[20/07/2008 19:48|d--------] C:\Boonty
[20/07/2008 19:48|d--------] C:\Boonty\COMPON~1
[10/12/2008 19:54|d--------] C:\Boonty\Games
[10/12/2008 19:54|--a------] C:\Boonty\Games\RICOCH~1.EXE
[20/07/2008 19:49|--a------] C:\Boonty\Games\ZUMADE~1.EXE
[11/12/2008 12:33|d--------] C:\PROGRA~1\BOONTY~1
[10/12/2008 19:54|d--------] C:\PROGRA~1\BOONTY~1\COMPON~1
[14/02/2005 15:34|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\bureau.url
[27/10/2003 14:07|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\Joystick.ico
[14/02/2005 15:34|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\start.url
[11/12/2008 12:33|d--------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1
[10/12/2008 19:56|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1\JEUXTL~1.LNK
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
"HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}"
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM
[01/11/2008 20:47|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\default.xml
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMA~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMM~1.DLL
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGARCH~1.DLL
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgcommon.dll
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGCOMM~1.DLL
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgconfig.dll
[15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGFLAS~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGHOOK~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGIEPL~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mglogger.dll
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMEDI~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNA~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNM~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSIMC~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSWEE~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGUPDA~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGXML_~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~1.DLL
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~2.DLL
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcp71.dll
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1
[15/06/2008 12:40|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\SweetIM.exe
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\AUDIBL~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\DISPLA~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\EMOTIC~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\NUDGEB~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\SOUNDF~1.PNG
[03/02/2008 15:45|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\WINKSB~1.PNG
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\CLEARH~1.EXE
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\conf
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\default.xml
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgcommon.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgconfig.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgHelper.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mglogger.dll
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGSIMC~1.DLL
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGTOOL~1.DLL
[27/03/2008 13:12|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGXML_~1.DLL
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\msvcp71.dll
[11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\msvcr71.dll
[09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\conf\logger.xml
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\affid.dat
[18/03/2008 19:10|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\basis.xml
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\BOOKMA~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\EMAIL_~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\GAMES_~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\GREETI~1.BMP
[27/03/2008 17:03|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\Logo.bmp
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\MOBILE~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\MUSIC_~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\NEWS_2~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SHOPIN~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SMILEY~1.BMP
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SMILEY~2.BMP
[27/03/2008 17:03|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SWEETI~1.BMP
[27/03/2008 12:41|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\toolbar.xml
[03/02/2008 14:45|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\version.txt
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\data
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\logs
[09/07/2008 19:42|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\update
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\adapter.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\AUTOUP~1.XML
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\logger.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\messages.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\sweetim.xml
[03/02/2008 15:45|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\SWEETI~1.XML
[07/08/2008 10:01|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users
[21/07/2008 09:33|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\DTOWNS~1.FR
[24/07/2008 14:34|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FABULO~1.FR
[30/07/2008 12:26|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FASHIO~1.FR
[24/07/2008 01:02|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR
[07/08/2008 10:01|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\KALITY~1.FR
[09/07/2008 19:44|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[25/07/2008 01:11|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\SANDRI~1.FR
[21/07/2008 09:33|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\DTOWNS~1.FR\EMOTIC~1.XML
[21/07/2008 09:33|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\DTOWNS~1.FR\USER_C~1.XML
[24/07/2008 14:34|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FABULO~1.FR\EMOTIC~1.XML
[24/07/2008 14:34|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FABULO~1.FR\USER_C~1.XML
[30/07/2008 12:26|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FASHIO~1.FR\EMOTIC~1.XML
[30/07/2008 12:26|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\FASHIO~1.FR\USER_C~1.XML
[24/07/2008 00:18|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR\EMOTIC~1.XML
[24/07/2008 01:02|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR\LASTUS~1.XML
[09/07/2008 19:44|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\GWADSA~1.FR\USER_C~1.XML
[07/08/2008 10:01|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\KALITY~1.FR\EMOTIC~1.XML
[07/08/2008 10:01|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\KALITY~1.FR\USER_C~1.XML
[25/07/2008 01:11|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\SANDRI~1.FR\EMOTIC~1.XML
[25/07/2008 01:11|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\conf\users\SANDRI~1.FR\USER_C~1.XML
[04/12/2008 13:16|d--------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100AC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100B8.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100BA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100D5.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100FD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000100FE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0001010B.dat
[07/06/2006 23:02|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010846.dat
[07/06/2006 23:02|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010848.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010859.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010892.dat
[11/04/2007 17:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010896.dat
[11/04/2007 17:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010897.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0001089D.dat
[15/07/2007 10:46|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108A8.dat
[13/08/2007 21:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[21/11/2007 11:02|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108B9.dat
[02/12/2007 12:30|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108BE.dat
[16/12/2007 09:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108C2.dat
[24/04/2008 17:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000108F1.dat
[22/05/2008 20:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00010904.dat
[16/12/2005 12:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020062.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002006A.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002006D.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020075.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000200B8.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020114.dat
[15/11/2006 13:13|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020132.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0002013F.dat
[01/03/2007 15:52|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020148.dat
[13/05/2007 21:13|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020158.dat
[09/10/2007 10:41|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020185.dat
[21/10/2007 19:48|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020191.dat
[20/11/2007 17:52|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000201B0.dat
[16/12/2007 10:53|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000201F6.dat
[13/01/2008 19:33|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
[22/05/2008 20:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
[22/06/2008 08:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000202C3.dat
[14/09/2008 12:12|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000202ED.dat
[21/10/2007 18:48|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0003005F.dat
[05/11/2007 18:41|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00030063.dat
[20/11/2007 17:52|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00030067.dat
[13/01/2008 19:33|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0003006F.dat
[26/06/2008 14:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000300A2.dat
[26/06/2008 13:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000300A4.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0004001F.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0004002B.dat
[06/04/2006 19:56|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00040048.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0004005A.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00040063.dat
[16/12/2007 09:53|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\000400E2.dat
[22/05/2008 20:21|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00040108.dat
[09/09/2007 13:35|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00050004.dat
[11/07/2007 12:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00050005.dat
[24/04/2008 17:18|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080014.dat
[22/05/2008 20:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\0008001A.dat
[22/06/2008 08:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080020.dat
[22/06/2008 08:54|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080022.dat
[23/06/2008 16:32|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[21/10/2007 18:48|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\010108A7.dat
[11/12/2007 18:20|-ra------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\01050007.dat
[04/12/2008 13:16|--a------] C:\PROGRA~2\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars\INTERN~1
[09/07/2008 19:43|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars\INTERN~1\cache
[19/12/2008 00:20|--a------] C:\Users\sandrine\AppData\LocalLow\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
SweetIM REG_SZ C:\Program Files\SweetIM\Messenger\SweetIM.exe
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://home.sweetim.com
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-28.12.2008.log" (~31450 bytes)
# END at: 19:53:17 | 28/12/2008 - Time elapsed: 34.9 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 422 lines ]
+---------------------------------------------------------------------------+
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG
Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)
Puis choisis S, le programme va travailler.
Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG
Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)
Puis choisis S, le programme va travailler.
Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
Voici le rapport :
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 20:26:28 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 86 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Windows\System32\rundll32.exe
C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[20/07/2008 19:48|d--------] C:\Boonty
[11/12/2008 12:33|d--------] C:\Program Files\BoontyGames
[11/12/2008 12:33|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\BoontyGames
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}"
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
/!\ NOT DELETED - [09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[09/07/2008 19:42|d--------] C:\ProgramData\SweetIM
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
Second run ...
"C:\Program Files\SweetIM\Messenger" - RESIST !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - RESIST !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - RESIST !
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-28.12.2008.log" (~17790 bytes)
- "C:\AD-report-Scan-28.12.2008.log" (~31786 bytes)
# END at: 20:30:44 | 28/12/2008 - Time elapsed: 4 minutes, 15 seconds
+---------------------------------------------------------------------------a
+------------------------------- [ E.O.F - 263 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 20:26:28 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 86 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Windows\System32\rundll32.exe
C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[20/07/2008 19:48|d--------] C:\Boonty
[11/12/2008 12:33|d--------] C:\Program Files\BoontyGames
[11/12/2008 12:33|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\BoontyGames
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}"
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
/!\ NOT DELETED - [09/07/2008 19:42|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [15/06/2008 12:39|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 17:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[09/07/2008 19:42|d--------] C:\ProgramData\SweetIM
[09/07/2008 19:42|d--------] C:\Users\sandrine\AppData\LocalLow\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
Second run ...
"C:\Program Files\SweetIM\Messenger" - RESIST !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - RESIST !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - RESIST !
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-28.12.2008.log" (~17790 bytes)
- "C:\AD-report-Scan-28.12.2008.log" (~31786 bytes)
# END at: 20:30:44 | 28/12/2008 - Time elapsed: 4 minutes, 15 seconds
+---------------------------------------------------------------------------a
+------------------------------- [ E.O.F - 263 lines ]
+---------------------------------------------------------------------------+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
tu n'as pas suivi cette consigne alors recommence en coupant internet , emule , le teaTimer de spybot,tout ce que tu peux fermer
tu n'as pas suivi cette consigne alors recommence en coupant internet , emule , le teaTimer de spybot,tout ce que tu peux fermer
J'ai fermer tout ce que j'ai pu. voici le nouveau rapport :
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 21:55:09 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 79 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
.
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [15/06/2008 12:39|---------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 17:35|---------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
Second run ...
"C:\Program Files\SweetIM\Messenger" - RESIST !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - RESIST !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - RESIST !
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-28.12.2008.log" (~8292 bytes)
- "C:\AD-report-Scan-28.12.2008.log" (~31786 bytes)
# END at: 21:57:11 | 28/12/2008 - Time elapsed: 2 minutes, 1 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 432 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 21:55:09 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 79 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
.
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [15/06/2008 12:39|---------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 17:35|---------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
Second run ...
"C:\Program Files\SweetIM\Messenger" - RESIST !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - RESIST !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - RESIST !
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-28.12.2008.log" (~8292 bytes)
- "C:\AD-report-Scan-28.12.2008.log" (~31786 bytes)
# END at: 21:57:11 | 28/12/2008 - Time elapsed: 2 minutes, 1 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 432 lines ]
+---------------------------------------------------------------------------+
non il te restait ca a desactiver :C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c est a cause de ca que ca marche pas
tu cliques bien droit et "utiliser en tant qu'admin ?"
c est a cause de ca que ca marche pas
tu cliques bien droit et "utiliser en tant qu'admin ?"
Excuse-moi, j'espère que là ça ira :
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 22:43:55 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 79 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
.
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [15/06/2008 12:39|---------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 17:35|---------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
Second run ...
"C:\Program Files\SweetIM\Messenger" - RESIST !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - RESIST !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - RESIST !
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-28.12.2008.log" (~8204 bytes)
- "C:\AD-report-Scan-28.12.2008.log" (~31786 bytes)
# END at: 22:44:56 | 28/12/2008 - Time elapsed: 61.2 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 600 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 22:43:55 | Sun 28/12/2008 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-SANDRINE | USER: sandrine ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 79 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sandrine\AppData\Local\mkwig.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\sandrine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
.
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [28/12/2008 20:28|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [15/06/2008 12:39|---------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 17:35|---------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
Second run ...
"C:\Program Files\SweetIM\Messenger" - RESIST !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - RESIST !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - RESIST !
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
mkwig REG_SZ "c:\users\sandrine\appdata\local\mkwig.exe" mkwig
eMuleAutoStart REG_SZ C:\Users\sandrine\eMule\Nouveau dossier\eMule\emule.exe -AutoStart
+--[HKEY_LOCAL_MACHINE\..\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch REG_SZ C:\Acer\ALaunch\AlaunchClient.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour REG_SZ
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
PLFSetL REG_SZ C:\Windows\PLFSetL.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SetPanel REG_SZ C:\Acer\APanel\APanel.cmd
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Horloge Parlante ZMSoft REG_SZ C:\ZMSoft\HParlant\HParlante.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
YMailAdvisor REG_SZ "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-28.12.2008.log" (~8204 bytes)
- "C:\AD-report-Scan-28.12.2008.log" (~31786 bytes)
# END at: 22:44:56 | 28/12/2008 - Time elapsed: 61.2 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 600 lines ]
+---------------------------------------------------------------------------+
