Pubs intempestives sur IE, svp aidez moi!!!
TOTO008
Messages postés
83
Statut
Membre
-
E..T Messages postés 6565 Statut Contributeur -
E..T Messages postés 6565 Statut Contributeur -
Bonjour à tous,
J'ai un petit service à vous demander. A chaque fois que j'ouvre Internet Exlorer 7 ou même Firefox, des pubs intempestives apparaisent, c'est très ennuyeux, ....
J'utilise comme antivirus: Avira et comme firewall: Kerio
Je peux lancer un Hisjack si ça peux vous aider...
Pourriez vous me donner un coup de main, je commence à péter les plombs à devoir les fermer et que ça ne fonctionne pas comme il faut toute cette technologie!!!!!
Je remercie d'avance celui ou celle qui sera et aura la compétence de pouvoir m'aider!!
Toto008
J'ai un petit service à vous demander. A chaque fois que j'ouvre Internet Exlorer 7 ou même Firefox, des pubs intempestives apparaisent, c'est très ennuyeux, ....
J'utilise comme antivirus: Avira et comme firewall: Kerio
Je peux lancer un Hisjack si ça peux vous aider...
Pourriez vous me donner un coup de main, je commence à péter les plombs à devoir les fermer et que ça ne fonctionne pas comme il faut toute cette technologie!!!!!
Je remercie d'avance celui ou celle qui sera et aura la compétence de pouvoir m'aider!!
Toto008
A voir également:
- Pubs intempestives sur IE, svp aidez moi!!!
- Bloquer les pubs sur youtube - Accueil - Streaming
- Ie tab - Télécharger - Outils pour navigateurs
- Supprimer les pubs - Guide
- Ie 11 - Télécharger - Navigateurs
- Ie 8 - Télécharger - Navigateurs
16 réponses
Salut,
Ton message va être déplacé dans la section virus/sécurité, mais reste sur ce topic.
Télécharge Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Au menu principal, Fais le choix 1 >> Recherche
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... *** >>>>> Le fix peut durer une dizaine de minutes ;)
Appuie sur une touche le bloc note va s'ouvrir.
Copie-colle le rapport ici.
A toute.
++
Ton message va être déplacé dans la section virus/sécurité, mais reste sur ce topic.
Télécharge Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Au menu principal, Fais le choix 1 >> Recherche
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... *** >>>>> Le fix peut durer une dizaine de minutes ;)
Appuie sur une touche le bloc note va s'ouvrir.
Copie-colle le rapport ici.
A toute.
++
Merci ET de t'occuper de moi
Voici le rapport
Search Navipromo version 3.7.0 commencé le 31/12/2008 à 14:14:44,96
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 Mobile Technology MK-36 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Toto008 ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:83 Go (Free:18 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
Favorit
Live-Player
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Toto008\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Toto008\locals~1\applic~1" ***
...\Live-Player trouvé !
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Toto008\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Toto008\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vwgmuv"="\"c:\\documents and settings\\toto008\\local settings\\application data\\vwgmuv.exe\" vwgmuv"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Toto008\locals~1\applic~1" :
vwgmuv.exe trouvé !
vwgmuv.dat trouvé !
vwgmuv_nav.dat trouvé !
vwgmuv_navps.dat trouvé !
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 31/12/2008 à 14:24:14,67 ***
Voici le rapport
Search Navipromo version 3.7.0 commencé le 31/12/2008 à 14:14:44,96
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 Mobile Technology MK-36 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Toto008 ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:83 Go (Free:18 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
Favorit
Live-Player
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Toto008\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Toto008\locals~1\applic~1" ***
...\Live-Player trouvé !
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Toto008\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Toto008\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vwgmuv"="\"c:\\documents and settings\\toto008\\local settings\\application data\\vwgmuv.exe\" vwgmuv"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Toto008\locals~1\applic~1" :
vwgmuv.exe trouvé !
vwgmuv.dat trouvé !
vwgmuv_nav.dat trouvé !
vwgmuv_navps.dat trouvé !
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 31/12/2008 à 14:24:14,67 ***
Ouep,
Relance Navilog
# Sur le menu, choisis Désinfection automatique l'option 2
# Le fix va se mettre à travailler... sois patient!
# Cliques simplement sur OK si des fenêtres apparaissent.
Un rapport va être généré >> Envoi le
>>> Si ton bureau ne réapparait pas après le fix ce n'est rien ! <<<
Fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
-------------------------------------------------------------------------------------------------------
Puis :
Télécharge sur le Bureau HijackThis
http://download.hijackthis.eu/HJTInstall.exe
Double-clique sur dessus pour l'installer
Clique sur Do a system scan and save the log
Colle le rapport
Tutoriel >> https://www.malekal.com/tutoriel-hijackthis/
@+
Relance Navilog
# Sur le menu, choisis Désinfection automatique l'option 2
# Le fix va se mettre à travailler... sois patient!
# Cliques simplement sur OK si des fenêtres apparaissent.
Un rapport va être généré >> Envoi le
>>> Si ton bureau ne réapparait pas après le fix ce n'est rien ! <<<
Fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
-------------------------------------------------------------------------------------------------------
Puis :
Télécharge sur le Bureau HijackThis
http://download.hijackthis.eu/HJTInstall.exe
Double-clique sur dessus pour l'installer
Clique sur Do a system scan and save the log
Colle le rapport
Tutoriel >> https://www.malekal.com/tutoriel-hijackthis/
@+
Re : Voici le rapoort du nettoyage
Clean Navipromo version 3.7.0 commencé le 31/12/2008 à 14:31:29,93
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 Mobile Technology MK-36 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Toto008 ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:83 Go (Free:18 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
E:\ (CD or DVD)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Toto008\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Toto008\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Toto008\locals~1\applic~1" ***
...\Live-Player ...suppression...
...\Live-Player supprimé !
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Toto008\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Toto008\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Toto008\locals~1\applic~1" *
vwgmuv.exe trouvé !
Copie vwgmuv.exe réalisée avec succès !
vwgmuv.exe supprimé !
vwgmuv.dat trouvé !
Copie vwgmuv.dat réalisée avec succès !
vwgmuv.dat supprimé !
vwgmuv_nav.dat trouvé !
Copie vwgmuv_nav.dat réalisée avec succès !
vwgmuv_nav.dat supprimé !
vwgmuv_navps.dat trouvé !
Copie vwgmuv_navps.dat réalisée avec succès !
vwgmuv_navps.dat supprimé !
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 31/12/2008 à 14:38:47,92 ***
Clean Navipromo version 3.7.0 commencé le 31/12/2008 à 14:31:29,93
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 Mobile Technology MK-36 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Toto008 ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:83 Go (Free:18 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
E:\ (CD or DVD)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Toto008\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Toto008\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Toto008\locals~1\applic~1" ***
...\Live-Player ...suppression...
...\Live-Player supprimé !
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Toto008\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Toto008\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Toto008\locals~1\applic~1" *
vwgmuv.exe trouvé !
Copie vwgmuv.exe réalisée avec succès !
vwgmuv.exe supprimé !
vwgmuv.dat trouvé !
Copie vwgmuv.dat réalisée avec succès !
vwgmuv.dat supprimé !
vwgmuv_nav.dat trouvé !
Copie vwgmuv_nav.dat réalisée avec succès !
vwgmuv_nav.dat supprimé !
vwgmuv_navps.dat trouvé !
Copie vwgmuv_navps.dat réalisée avec succès !
vwgmuv_navps.dat supprimé !
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 31/12/2008 à 14:38:47,92 ***
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Et voici le rapport du Hijachthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:46, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rls=GFRD,GFRD:2007-38,GFRD:fr&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Toto008\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anthonybontemps.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:46, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rls=GFRD,GFRD:2007-38,GFRD:fr&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Toto008\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anthonybontemps.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
Re
Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
Double clique sur l'icône Ad-removersituée sur ton bureau
Au menu principal choisi l'option "Recherche"
Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
++
Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
Double clique sur l'icône Ad-removersituée sur ton bureau
Au menu principal choisi l'option "Recherche"
Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
++
voici le rapport,
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
# START at: 15:09:55 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 51 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\Software\Classes\boontybox"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[08/01/2008 16:58] C:\Program Files\Boonty\Components
[08/01/2008 16:58] C:\Program Files\Boonty\Components\BoontyBox_01net_setup.exe
[23/01/2008 22:43] C:\Program Files\BoontyGames
[08/01/2008 18:21] C:\Program Files\BoontyGames\appartement3d2006.exe
[08/01/2008 18:21] C:\Program Files\BoontyGames\Components
[07/12/2005 11:46] C:\Program Files\BoontyGames\Components\bureau.url
[27/10/2003 14:07] C:\Program Files\BoontyGames\Components\Joystick.ico
[07/12/2005 11:46] C:\Program Files\BoontyGames\Components\start.url
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared\Service
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
[08/01/2008 18:54] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
[20/11/2006 03:05] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3D43000.dat
[23/01/2008 22:42] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B45EA000.dat
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
[27/04/2008 14:12] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
[01/07/2008 15:54] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData\logs
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
[30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
FOUND- user_pref("browser.search.defaultenginename", "SweetIM Search");
FOUND- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND- user_pref("browser.search.selectedEngine", "SweetIM Search");
FOUND- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND- user_pref("sweetim.toolbar.mode.debug", "false");
FOUND- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
FOUND- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
FOUND- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
FOUND- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
FOUND- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
FOUND- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND- user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
FOUND- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
FOUND- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rls=GFRD,GFRD
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp:blank
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-31.12.2008.log" (~12699 bytes)
# END at: 15:10:14 | 31/12/2008 - Time elapsed: 18.1 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 183 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
# START at: 15:09:55 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 51 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\Software\Classes\boontybox"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[08/01/2008 16:58] C:\Program Files\Boonty\Components
[08/01/2008 16:58] C:\Program Files\Boonty\Components\BoontyBox_01net_setup.exe
[23/01/2008 22:43] C:\Program Files\BoontyGames
[08/01/2008 18:21] C:\Program Files\BoontyGames\appartement3d2006.exe
[08/01/2008 18:21] C:\Program Files\BoontyGames\Components
[07/12/2005 11:46] C:\Program Files\BoontyGames\Components\bureau.url
[27/10/2003 14:07] C:\Program Files\BoontyGames\Components\Joystick.ico
[07/12/2005 11:46] C:\Program Files\BoontyGames\Components\start.url
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared\Service
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
[08/01/2008 18:54] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
[20/11/2006 03:05] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3D43000.dat
[23/01/2008 22:42] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B45EA000.dat
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
[27/04/2008 14:12] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
[01/07/2008 15:54] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
[07/09/2008 18:22] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData\logs
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
[30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
FOUND- user_pref("browser.search.defaultenginename", "SweetIM Search");
FOUND- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND- user_pref("browser.search.selectedEngine", "SweetIM Search");
FOUND- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND- user_pref("sweetim.toolbar.mode.debug", "false");
FOUND- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
FOUND- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
FOUND- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
FOUND- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
FOUND- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
FOUND- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND- user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
FOUND- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
FOUND- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rls=GFRD,GFRD
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp:blank
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-31.12.2008.log" (~12699 bytes)
# END at: 15:10:14 | 31/12/2008 - Time elapsed: 18.1 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 183 lines ]
+---------------------------------------------------------------------------+
Oups d"solé ;)
Merci ric025!!
nettoyage :
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)
Puis choisis S, le programme va travailler.
Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
++
Merci ric025!!
nettoyage :
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)
Puis choisis S, le programme va travailler.
Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
++
voici le rapport
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:32:59 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[01/09/2006 09:57] C:\Program Files\Services en ligne\Boonty
[23/01/2008 22:43] C:\Program Files\BoontyGames
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
/!\ NOT DELETED - [30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
RESIST ! - "C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
REMOVED- user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("browser.search.selectedEngine", "SweetIM Search");
REMOVED- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
REMOVED- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
REMOVED- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
REMOVED- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED- user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
REMOVED- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-31.12.2008.log" (~10260 bytes)
- "C:\AD-report-Scan-31.12.2008.log" (~13035 bytes)
# END at: 15:35:59 | 31/12/2008 - Time elapsed: 2 minutes, 59 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 174 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:32:59 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[01/09/2006 09:57] C:\Program Files\Services en ligne\Boonty
[23/01/2008 22:43] C:\Program Files\BoontyGames
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
/!\ NOT DELETED - [30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
RESIST ! - "C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
REMOVED- user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("browser.search.selectedEngine", "SweetIM Search");
REMOVED- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
REMOVED- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
REMOVED- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
REMOVED- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED- user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
REMOVED- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-31.12.2008.log" (~10260 bytes)
- "C:\AD-report-Scan-31.12.2008.log" (~13035 bytes)
# END at: 15:35:59 | 31/12/2008 - Time elapsed: 2 minutes, 59 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 174 lines ]
+---------------------------------------------------------------------------+
voici le rapport
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:32:59 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[01/09/2006 09:57] C:\Program Files\Services en ligne\Boonty
[23/01/2008 22:43] C:\Program Files\BoontyGames
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
/!\ NOT DELETED - [30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
RESIST ! - "C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
REMOVED- user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("browser.search.selectedEngine", "SweetIM Search");
REMOVED- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
REMOVED- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
REMOVED- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
REMOVED- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED- user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
REMOVED- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-31.12.2008.log" (~10260 bytes)
- "C:\AD-report-Scan-31.12.2008.log" (~13035 bytes)
# END at: 15:35:59 | 31/12/2008 - Time elapsed: 2 minutes, 59 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 174 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:32:59 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[01/09/2006 09:57] C:\Program Files\Services en ligne\Boonty
[23/01/2008 22:43] C:\Program Files\BoontyGames
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
/!\ NOT DELETED - [30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
RESIST ! - "C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
REMOVED- user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("browser.search.selectedEngine", "SweetIM Search");
REMOVED- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
REMOVED- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
REMOVED- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
REMOVED- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED- user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
REMOVED- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-31.12.2008.log" (~10260 bytes)
- "C:\AD-report-Scan-31.12.2008.log" (~13035 bytes)
# END at: 15:35:59 | 31/12/2008 - Time elapsed: 2 minutes, 59 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 174 lines ]
+---------------------------------------------------------------------------+
Je ne sais pas si tu as recu le rapport, dsl si tu l'as eu plusieurs fois!!
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:32:59 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[01/09/2006 09:57] C:\Program Files\Services en ligne\Boonty
[23/01/2008 22:43] C:\Program Files\BoontyGames
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
/!\ NOT DELETED - [30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
RESIST ! - "C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
REMOVED- user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("browser.search.selectedEngine", "SweetIM Search");
REMOVED- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
REMOVED- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
REMOVED- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
REMOVED- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED- user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
REMOVED- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-31.12.2008.log" (~10260 bytes)
- "C:\AD-report-Scan-31.12.2008.log" (~13035 bytes)
# END at: 15:35:59 | 31/12/2008 - Time elapsed: 2 minutes, 59 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 174 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 15:32:59 | Mer 31/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ANTHONY | USER: Toto008 ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"Boonty Games" (service)
.
"HKEY_CLASSES_ROOT\boontybox"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[08/01/2008 18:56] C:\Program Files\Boonty
[01/09/2006 09:57] C:\Program Files\Services en ligne\Boonty
[23/01/2008 22:43] C:\Program Files\BoontyGames
[06/11/2006 20:46] C:\Program Files\Fichiers communs\BOONTY Shared
[06/11/2006 20:46] C:\Documents and Settings\All Users\Application Data\BOONTY
+-----------------------| Eorezo Elements Deleted :
.
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| It's TV Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:37] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\searchplugins\sweetim.xml
[09/10/2008 17:38] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[14/10/2008 16:26] C:\Documents and Settings\Toto008\Application Data\Mozilla\Firefox\Profiles\y8ae6y2c.default\SweetIMToolbarData
[17/08/2008 09:41] C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{23012310-3E05-46A5-88A9-C6CBCABCAC79}\ARPPRODUCTICON.exe
[01/09/2006 09:55] C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
[01/04/2008 17:45] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
[01/09/2006 09:56] C:\WINDOWS\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
/!\ NOT DELETED - [30/12/2008 09:58] C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
RESIST ! - "C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\y8ae6y2c.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "SweetIM Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_frFR241FR241&gws_rd=ssl"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+--+ +--+ +--+ +--+
.
REMOVED- user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED- user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("browser.search.selectedEngine", "SweetIM Search");
REMOVED- user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED- user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED- user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED- user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED- user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl");
REMOVED- user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Live Search");
REMOVED- user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f");
REMOVED- user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MICWV2");
REMOVED- user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED- user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED- user_pref("sweetim.toolbar.simapp_id", "{9D3EB6F3-1CE5-4E64-8100-B7A2210C9665}");
REMOVED- user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED- user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnlivesearch REG_SZ C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware REG_SZ "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-31.12.2008.log" (~10260 bytes)
- "C:\AD-report-Scan-31.12.2008.log" (~13035 bytes)
# END at: 15:35:59 | 31/12/2008 - Time elapsed: 2 minutes, 59 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 174 lines ]
+---------------------------------------------------------------------------+
Voici le rapport Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:38, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Toto008\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anthonybontemps.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:38, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Toto008\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anthonybontemps.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
Re,
Vérifie JAVA >> ICI c'est une chose importante aussi.
Installe la dernière version de adobe >> Ici
Une foi que les nouvelles versions sont installées virent les anciennes par ajouts suppressions de programmes ou par le programme de désinstallation.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
Double clique sur l'icône Ad-removersituée sur ton bureau
Au menu principal choisi l'option "Recherche"
Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
++
Vérifie JAVA >> ICI c'est une chose importante aussi.
Installe la dernière version de adobe >> Ici
Une foi que les nouvelles versions sont installées virent les anciennes par ajouts suppressions de programmes ou par le programme de désinstallation.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
Double clique sur l'icône Ad-removersituée sur ton bureau
Au menu principal choisi l'option "Recherche"
Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
++
