Sujet Précédent Sujet Suivant

Rapport malwarebytes

howdrey Messages postés 41 Statut Membre -  
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
Pourriez vous m'aider SVP
J'ai fait un scan avec malwarebytes et voici le rapport :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 6.0.6000

28/12/2008 20:33:53
mbam-log-2008-12-28 (20-33-52).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 151841
Temps écoulé: 54 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 80

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware370\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware370\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\AUDREY\Local Settings\Application Data\ueomw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\AUDREY\Local Settings\Application Data\ueomw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\AUDREY\Local Settings\Application Data\ueomw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\AUDREY\Local Settings\Application Data\ueomw.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\Program Files\Starware370\Starware370Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware370\Starware370Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware370\bin\IELauncher.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware370\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\563_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\563_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\572_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\572_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\573_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\573_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\Button_60.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\Button_60.bmp_new (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\Button_70.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\Button_70.bmp_new (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\Button_80.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\Button_80.bmp_new (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Starware370\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

Merci d'avance !!
A voir également:

54 réponses

Précédent
Réponse 21 / 54
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
  
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
0
Réponse 22 / 54
howdrey Messages postés 41 Statut Membre
 
Je ne le trouve pas

Mais je peux te dire que beaucoup de fois il y a eu d'ecrit Accés refusé
0
Réponse 23 / 54
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Normal tu as vista, c'est ça de te prendre en cours :S

Désactives l’UAC (User Account Control) le temps de la désinfection.
Démarrer, Panneau de configuration, Comptes d’utilisateurs, Désactiver le contrôle des comptes d’utilisateur.
(Manipulation inverse pour le remettre en fin de désinfection).
(Cela va permettre aux outils de désinfection de travailler correctement).

Puis réessaye.
0
Réponse 24 / 54
howdrey Messages postés 41 Statut Membre
 
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------

# START at: 0:50:10 | Mon 29/12/2008 | Microsoft® Windows Vista™ Home Premium (v6.0.6000)
# BOOT MODE: Normal
(!) - UAC is disable

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: PC-DE-AUDREY | USER: AUDREY ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.6000.16764

--------- [ RUNNING PROCESSES: 67 ] ---------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe
C:\Program Files\agi\common\agservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\msfeedssync.exe

-----------------------------------

+-----------------------| Boonty/Boonty Games Elements found :

"Boonty Games" (service)
.
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
.
[04/10/2008 19:43|d--------] C:\Boonty
[04/10/2008 19:45|d--------] C:\Boonty\COMPON~1
[04/10/2008 19:43|d--------] C:\Boonty\Games
[04/10/2008 19:43|--a------] C:\Boonty\COMPON~1\7_SINS~1.EXE
[04/10/2008 19:44|d--------] C:\PROGRA~1\COMMON~1\BOONTY~1
[04/10/2008 19:44|d--------] C:\PROGRA~1\COMMON~1\BOONTY~1\Service
[04/10/2008 19:44|--a------] C:\PROGRA~1\COMMON~1\BOONTY~1\Service\Boonty.exe
[04/10/2008 19:44|d--------] C:\PROGRA~2\BOONTY
[04/10/2008 19:44|d--------] C:\PROGRA~2\BOONTY\Licenses
[04/10/2008 19:45|-r-------] C:\PROGRA~2\BOONTY\Licenses\B392B000.dat
[04/10/2008 19:44|d--------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1
[04/10/2008 19:45|d--------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1\TLCHAR~1
[04/10/2008 19:45|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1\TLCHAR~1\DSINST~1.LNK
[04/10/2008 19:45|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BOONTY~1\TLCHAR~1\TLCHAR~1.LNK
[04/10/2008 19:45|--a------] C:\Users\AUDREY\AppData\Roaming\MICROS~1\Windows\Cookies\AUE429~1.TXT
[04/10/2008 19:45|--a------] C:\Users\AUDREY\AppData\Roaming\MICROS~1\Windows\Cookies\AUA0ED~1.TXT

+-----------------------| Eorezo Elements found :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
.
[31/05/2008 20:52|d--------] C:\PROGRA~1\EoRezo
[27/06/2007 13:56|--a------] C:\PROGRA~1\EoRezo\CONFME~1.CYP
[31/05/2008 20:52|d--------] C:\PROGRA~1\EoRezo\EoAdv
[16/04/2008 11:01|--a------] C:\PROGRA~1\EoRezo\EoEngine.exe
[31/05/2008 20:52|--a------] C:\PROGRA~1\EoRezo\eoEngine.url
[04/03/2008 15:13|--a------] C:\PROGRA~1\EoRezo\EOMULT~1.DLL
[15/06/2007 14:49|--a------] C:\PROGRA~1\EoRezo\EOREZO~1.DLL
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\EOREZO~3.DLL
[09/05/2007 16:57|--a------] C:\PROGRA~1\EoRezo\EO6119~1.DLL
[15/06/2007 14:49|--a------] C:\PROGRA~1\EoRezo\EO611D~1.DLL
[06/07/2007 15:55|--a------] C:\PROGRA~1\EoRezo\EO6111~1.DLL
[14/08/2007 13:45|--a------] C:\PROGRA~1\EoRezo\EO6115~1.DLL
[03/09/2007 12:22|--a------] C:\PROGRA~1\EoRezo\EO4511~1.DLL
[04/03/2008 15:14|--a------] C:\PROGRA~1\EoRezo\EO4515~1.DLL
[07/01/2008 12:07|--a------] C:\PROGRA~1\EoRezo\EO5519~1.DLL
[04/03/2008 12:31|--a------] C:\PROGRA~1\EoRezo\EO551D~1.DLL
[05/03/2008 17:39|--a------] C:\PROGRA~1\EoRezo\EO5511~1.DLL
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\EOREZO~2.DLL
[09/05/2007 16:57|--a------] C:\PROGRA~1\EoRezo\EOREZO~4.DLL
[15/06/2007 14:49|--a------] C:\PROGRA~1\EoRezo\EO5CF5~1.DLL
[06/07/2007 15:55|--a------] C:\PROGRA~1\EoRezo\EO6CF9~1.DLL
[14/08/2007 12:11|--a------] C:\PROGRA~1\EoRezo\EO6CFD~1.DLL
[24/08/2007 16:15|--a------] C:\PROGRA~1\EoRezo\EO400A~1.DLL
[04/03/2008 15:14|--a------] C:\PROGRA~1\EoRezo\EO400E~1.DLL
[04/03/2008 12:31|--a------] C:\PROGRA~1\EoRezo\EO4002~1.DLL
[20/03/2008 12:57|--a------] C:\PROGRA~1\EoRezo\EO4006~1.DLL
[02/04/2008 15:07|--a------] C:\PROGRA~1\EoRezo\EO500A~1.DLL
[16/04/2008 11:00|--a------] C:\PROGRA~1\EoRezo\EO500E~1.DLL
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\FREEIM~1.DLL
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\Host.cyp
[17/08/2007 15:36|--a------] C:\PROGRA~1\EoRezo\ICON_E~1.ICO
[31/05/2008 20:52|d--------] C:\PROGRA~1\EoRezo\lang
[27/03/2008 13:56|--a------] C:\PROGRA~1\EoRezo\MNGINS~1.DLL
[31/05/2008 20:52|--a------] C:\PROGRA~1\EoRezo\unins000.dat
[31/05/2008 20:52|--a------] C:\PROGRA~1\EoRezo\unins000.exe
[21/12/2007 10:23|--a------] C:\PROGRA~1\EoRezo\user.cyp
[09/05/2007 16:57|--a------] C:\PROGRA~1\EoRezo\EoAdv\EoAdv.dll
[31/05/2008 20:52|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[31/05/2008 20:52|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.584
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~3.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH935B~1.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~1.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH0447~1.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~2.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~4.XML
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_en.xml
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_es.xml
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_fr.xml
[26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_it.xml
[28/12/2008 23:28|d--------] C:\Users\AUDREY\AppData\Roaming\EoRezo
[28/12/2008 22:47|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\cmhost.cyp
[28/12/2008 23:28|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\CONFME~1.CYP
[04/12/2008 20:27|d--------] C:\Users\AUDREY\AppData\Roaming\EoRezo\db
[28/12/2008 23:28|d--------] C:\Users\AUDREY\AppData\Roaming\EoRezo\EODESK~1
[28/12/2008 22:47|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\host.cyp
[28/12/2008 22:47|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\user.cyp
[04/12/2008 20:27|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\db\cat.cyp
[28/12/2008 23:28|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\EODESK~1\config.xml
[28/12/2008 23:28|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\EODESK~1\EODESK~1.HTM
[28/12/2008 23:28|--a------] C:\Users\AUDREY\AppData\Roaming\EoRezo\EODESK~1\USERCO~1.XML
[31/05/2008 20:52|d--------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\EoRezo
[31/05/2008 20:52|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\EoRezo\EoEngine.lnk
[03/12/2008 11:15|--a------] C:\Users\AUDREY\AppData\Roaming\MICROS~1\Windows\Cookies\AU5E73~1.TXT

+-----------------------| Everest Poker Elements found :

.
[18/11/2007 14:44|d--------] C:\PROGRA~1\EVERES~1
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\casino.exe
[18/11/2007 14:38|--a------] C:\PROGRA~1\EVERES~1\CStart.exe
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data
[18/11/2007 14:38|--a------] C:\PROGRA~1\EVERES~1\EVERES~1.EXE
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\gvbase.dll
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\gvcrt.dll
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\GVGFX-~1.DLL
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\gvgfx.dll
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\gvmain.dll
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\gvmain.exe
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\GVNETW~1.DLL
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\gvsound.dll
[18/11/2007 14:38|--a------] C:\PROGRA~1\EVERES~1\init.ini
[18/11/2007 14:44|--a------] C:\PROGRA~1\EVERES~1\log.dat
[18/11/2007 14:44|--a------] C:\PROGRA~1\EVERES~1\settings.ini
[18/11/2007 14:44|--a------] C:\PROGRA~1\EVERES~1\toc_fr.ini
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\var
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\cpanel
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\fonts
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\mp-lobby
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\mp-poker
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\shared
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\startup
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\cpanel\shared.gvt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\fonts\kgp-en.ttf
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\mp-lobby\fr.gvt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\mp-lobby\shared.gvt
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\mp-poker\BACKGR~1
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\mp-poker\fr
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\mp-poker\shared.gvt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\mp-poker\BACKGR~1\default.gvt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\mp-poker\fr\bitmaps.gvt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\mp-poker\fr\MP-POK~1.TXT
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\mp-poker\fr\MP-POK~2.TXT
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\shared\fr
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\shared\shared
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\fr\country.txt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\fr\language.txt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\fr\ordinal.txt
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\shared\shared\bitmaps
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\shared\shared\sounds
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\shared\bitmaps\BTN_SC~1.GVT
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\shared\bitmaps\check.art
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\shared\bitmaps\chips.art
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\shared\sounds\button.ogg
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\shared\sounds\carddeal.ogg
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\shared\sounds\cardflip.ogg
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\shared\shared\sounds\CHIPCL~1.OGG
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\startup\en
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\startup\fr
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\startup\shared
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\startup\en\STARTU~1.TXT
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\startup\fr\cstart.txt
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\startup\fr\STARTU~1.TXT
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\startup\shared\bitmaps
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\startup\shared\icons
[18/11/2007 14:39|d--------] C:\PROGRA~1\EVERES~1\data\startup\shared\sounds
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\startup\shared\bitmaps\SPLASH~1.ART
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\startup\shared\icons\ep.ico
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\data\startup\shared\sounds\alert.ogg
[18/11/2007 14:39|--a------] C:\PROGRA~1\EVERES~1\var\CONTEN~1.DAT
[18/11/2007 14:39|d--------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\EVERES~1
[18/11/2007 14:39|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\EVERES~1\EVERES~1.LNK
[18/11/2007 14:39|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\EVERES~1\UNINST~1.LNK

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_LOCAL_MACHINE\SOFTWARE\ItsLabel"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1"
"HKEY_USERS\S-1-5-21-1033721620-3049051530-2943172277-1002\Software\ItsLabel"
.
[31/05/2008 20:53|d--------] C:\PROGRA~1\ItsLabel
[26/04/2007 15:19|--a------] C:\PROGRA~1\ItsLabel\ItsTV.exe
[31/05/2008 20:53|--a------] C:\PROGRA~1\ItsLabel\ItsTV.url
[26/04/2007 17:54|--a------] C:\PROGRA~1\ItsLabel\ItsTV.xml
[19/04/2007 16:54|--a------] C:\PROGRA~1\ItsLabel\Loading.swf
[31/05/2008 20:53|--a------] C:\PROGRA~1\ItsLabel\unins000.dat
[31/05/2008 20:53|--a------] C:\PROGRA~1\ItsLabel\unins000.exe
[31/05/2008 21:30|d--------] C:\Users\AUDREY\AppData\Roaming\ItsLabel
[28/12/2008 18:23|d--------] C:\Users\AUDREY\AppData\Roaming\ItsLabel\ItsTV
[19/12/2008 17:34|--a------] C:\Users\AUDREY\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
[31/05/2008 20:53|d--------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\ItsLabel
[31/05/2008 20:53|--a------] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\ItsLabel\ItsTV.lnk

+-----------------------| Sweetim Elements found :

.

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\h2girbgf.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.1 ~~~~

* Browser Search Default Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?ocid=iehp"

+----------+

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
(par d‚faut) REG_SZ
StartCCC REG_SZ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
(par d‚faut) REG_SZ
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
ISTray REG_SZ "C:\Program Files\Spyware Doctor\pctsTray.exe"

+--[HKEY_USERS\.DEFAULT\..\Run]

Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-29.12.2008.log" (~18204 bytes)

# END at: 0:51:57 | 29/12/2008 - Time elapsed: 1 minute, 47 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 302 lines ]
+---------------------------------------------------------------------------+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 54
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
▶ ! Déconnecte toi et fermes toutes applications en cours !

▶ Relance "Ad-remover" : au menu principal choisi l'option "B".
= = = =>>> Comme sur cette image <<<= = = =

▶ Ensuite coche:

Boonty
Eorezo
Everest Poker
It's TV
En tapant chaque numéro puis entrée

▶ Puis "S"

▶ le programme va travailler ...

▶ Postes le rapport qui apparaît à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
0
Réponse 26 / 54
howdrey Messages postés 41 Statut Membre
 
--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Poker
It's TV

******************

# START at: 1:04:30 | Mon 29/12/2008 | Microsoft® Windows Vista™ Home Premium (v6.0.6000)
# BOOT MODE: Normal
(!) - UAC is disable

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: PC-DE-AUDREY | USER: AUDREY ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.6000.16764

--------- [ RUNNING PROCESSES: 63 ] ---------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe
C:\Program Files\agi\common\agservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Boonty/Boonty Games Elements Deleted :

"Boonty Games" (service)
.
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games"
.
[04/10/2008 19:43|d--------] C:\Boonty
[04/10/2008 19:44|d--------] C:\DOCUME~1\ALLUSE~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\DOCUME~1\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\BOONTY
[|] C:\PROGRA~2\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\PROGRA~2\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[|] C:\Users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\BOONTY
[04/10/2008 19:44|d--------] C:\Program Files\Common Files\BOONTY Shared
[04/10/2008 19:44|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\BoontyGames
[04/10/2008 19:45|--a------] C:\Users\AUDREY\AppData\Roaming\MICROS~1\Windows\Cookies\AUE429~1.TXT
[04/10/2008 19:45|--a------] C:\Users\AUDREY\AppData\Roaming\MICROS~1\Windows\Cookies\AUA0ED~1.TXT

+-----------------------| Eorezo Elements Deleted :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
.
[31/05/2008 20:52|d--------] C:\Program Files\EoRezo
[28/12/2008 23:28|d--------] C:\Users\AUDREY\AppData\Roaming\EoRezo
[31/05/2008 20:52|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\EoRezo
[03/12/2008 11:15|--a------] C:\Users\AUDREY\AppData\Roaming\MICROS~1\Windows\Cookies\AU5E73~1.TXT

+-----------------------| Everest Poker Elements Deleted :

.
[18/11/2007 14:44|d--------] C:\Program Files\Everest Poker
[18/11/2007 14:39|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\Everest Poker

+-----------------------| It's TV Elements Deleted :

"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_LOCAL_MACHINE\SOFTWARE\ItsLabel"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1"
"HKEY_USERS\S-1-5-21-1033721620-3049051530-2943172277-1002\Software\ItsLabel"
.
[31/05/2008 20:53|d--------] C:\Program Files\ItsLabel
[31/05/2008 21:30|d--------] C:\Users\AUDREY\AppData\Roaming\ItsLabel
[31/05/2008 20:53|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\ItsLabel

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------------| ADDED SCAN :

+--[HKEY_CURRENT_USER\..\Run]

Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
(par d‚faut) REG_SZ
StartCCC REG_SZ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
(par d‚faut) REG_SZ
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
ISTray REG_SZ "C:\Program Files\Spyware Doctor\pctsTray.exe"

+--[HKEY_USERS\.DEFAULT\..\Run]

Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-29.12.2008.log" (~11125 bytes)

- "C:\AD-report-Scan-29.12.2008.log" (~18548 bytes)

# END at: 1:22:39 | 29/12/2008 - Time elapsed: 18 minutes, 9 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 191 lines ]
+---------------------------------------------------------------------------+
0
Réponse 27 / 54
howdrey Messages postés 41 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:16, on 29/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe
C:\Program Files\agi\common\agservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217148800847&h=292787890fee6a8dfe024abea7aff93e/&filename=jinstall-6u7-windows-i586-jc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\agi\common\agservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 28 / 54
howdrey Messages postés 41 Statut Membre
 
Alors tu en penses quoi?
0
Réponse 29 / 54
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Je t'envoie plusieurs procédures pour gagner du temps car je vais me coucher.

Télécharges ToolBar S&D ( de Eric_71 )
= = = = >>> En cliquant ici <<< = = = =

Tuto si besoin en cliquant ICI

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipulation !!
* Double-cliques sur l’exécutable pour lancer l’outil
* Une fois fait, tape F pour sélectionner le Français
* Choisis l’option 1 (Recherche) et tape sur Entrée.
* Une fois le scan finit, un rapport va apparaître au format .txt.
* Copie-colle l’intégralité de son contenu dans ta prochaine réponse ...
Note :
Le rapport est sauvegardé ici : C:\TB.txt

***********************

Pour supprimer les anciennes versions de Java et télécharger la nouvelle,
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
= = = =>>> En cliquant ici <<<= = = =
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa
* Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher).
* Clique sur Search For Updates
* Sélectionne Update Using jucheck.exe puis clique sur Search.
* Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes
* L'installation est terminée
* Reviens à l'écran de JavaRa et clique sur Remove Older Versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

***********************
Analyse ce fichier :

C:\Program Files\agi\common\_agcutils.pyd

Sur le site de virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.

Poste le rapport.

***********************

Poste bien tous les rapports.
A demain.
0
Réponse 30 / 54
howdrey Messages postés 41 Statut Membre
 
Euh je le ferais demain parce que là je n'en peux plus

Merci !!
0
Réponse 31 / 54
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Ok, tiens moi bien au courant.
Bonne nuit.
0
Réponse 32 / 54
howdrey Messages postés 41 Statut Membre
 
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz )
BIOS : Default System BIOS
USER : AUDREY ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:141 Go (Free:109 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 29/12/2008|11:20 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://actus.sfr.fr"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://actus.sfr.fr"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\AppData\Local\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\Application Data\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT
C:\Users\AUDREY\Local Settings\VirtualStore\Program Files\GoPets Ltd\Effect\motion\effect_all firecracke.EMT

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 28/12/2008|21:24 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 28/12/2008|21:31 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 28/12/2008|23:17 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 29/12/2008|11:24 - Option : [1]

-----------\\ Fin du rapport a 11:24:47,16
0
Réponse 33 / 54
howdrey Messages postés 41 Statut Membre
 
JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Dec 29 11:36:59 2008

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Dec 29 11:37:15 2008

------------------------------------

Finished reporting.
0
Réponse 34 / 54
howdrey Messages postés 41 Statut Membre
 
Je n'arrive pas à aller sur virustotal.com/fr/
0
Réponse 35 / 54
howdrey Messages postés 41 Statut Membre
 
up !
0
Réponse 36 / 54
howdrey Messages postés 41 Statut Membre
 
up !

SVP
0
Réponse 37 / 54
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
En effet, leur serveur doit avoir un souci !
Essaye ICI
0
Réponse 38 / 54
howdrey Messages postés 41 Statut Membre
 
Je ne comprends pas comment utiliser ?
0
Réponse 39 / 54
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Parcourir > Sélectionne ton fichier (C:\Program Files\agi\common\_agcutils.pyd)> clic sur Submit, patiente que l’analyse soit terminée.
0
Réponse 40 / 54
howdrey Messages postés 41 Statut Membre
 
Scan taken on 29 Dec 2008 17:17:21 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
installer malwarebytes gratuit
Frenzel -
MPMP10 -

9 réponses