Virus win 32 trojan-gen(other)

Fermé
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 - 14 janv. 2009 à 09:22
 Utilisateur anonyme - 14 janv. 2009 à 15:38
Bonjour,

bonjour,

mon antivirus (g data) detecte 2 virus :

1 dans download et l'autre dans appdata/local/mozilla/firefox........

pourriez vous m'aider SVP???
A voir également:

18 réponses

Utilisateur anonyme
14 janv. 2009 à 09:29
bonjour afin que quelqu'un puisse mieux t'aider je te suggere ceci :


commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser:


Télécharges et installes le logiciel de diagnostic HijackThis :

ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

tuto pour utilisation :
Regardes ici, c'est parfaitement expliqué en images (merci balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixes encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

2- !! Déconnectes toi et fermes toute tes applications en cours !!

Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

--->copies-colles le rapport généré pour analyse

et vide la quarantaine de G-Data
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 09:36
voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:20, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Users\Alex\Documents\HijackThis.exe
C:\Users\Alex\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C583B87-EB8C-434E-AF32-D0391E49967A}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 09:36
voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:20, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Users\Alex\Documents\HijackThis.exe
C:\Users\Alex\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C583B87-EB8C-434E-AF32-D0391E49967A}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Utilisateur anonyme
14 janv. 2009 à 09:41
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517


Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours

? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-removersituée sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 10:21
voici le deuxieme rapport


------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

# START AT: 10:01:58 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\

--- RUNNING PROCESSES: 67

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
C:\Users\Alex\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\host.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\user.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png

+--------------------| Everest Casino/Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.

+--------------------| It's TV Elements found :

HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml

+--------------------| Sweetim Elements found :

.
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData\logs
C:\Users\Alex\AppData\LocalLow\SweetIM
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\mjgieb77.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"

.
FOUND - user_pref("browser.search.defaultenginename", "SweetIM Search");
FOUND - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
FOUND - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.8");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.6001.18000 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.google.fr/

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://home.sweetim.com

+---------------------------------------------------------------------------+

[~15797 bytes] - "C:\AD-report-Scan-14.01.2009.log"

# END at: 10:02:30 | 14/01/2009 - Time elapsed: 32.5 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 217 lines ]
+---------------------------------------------------------------------------+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 10:12
voici le rapport


------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

# START AT: 10:01:58 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\

--- RUNNING PROCESSES: 67

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
C:\Users\Alex\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\host.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\user.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png

+--------------------| Everest Casino/Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.

+--------------------| It's TV Elements found :

HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml

+--------------------| Sweetim Elements found :

.
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData\logs
C:\Users\Alex\AppData\LocalLow\SweetIM
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\mjgieb77.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"

.
FOUND - user_pref("browser.search.defaultenginename", "SweetIM Search");
FOUND - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
FOUND - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.8");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.6001.18000 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.google.fr/

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://home.sweetim.com

+---------------------------------------------------------------------------+

[~15797 bytes] - "C:\AD-report-Scan-14.01.2009.log"

# END at: 10:02:30 | 14/01/2009 - Time elapsed: 32.5 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 217 lines ]
+---------------------------------------------------------------------------+
0
Utilisateur anonyme
14 janv. 2009 à 10:49
/!\ Déconnecte-toi et ferme toutes applications en cours /!\


Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

Choisis "A"


Puis choisis S, le programme va travailler.

Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\

Note :

<souligne>"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 11:16
a l'ouverture de ad-remover il y a le message suivant : cmdow.exe manquant
et quand j'essai de le telecharger à nouveau, le message est la suivant :
G DATA TotalCare 2008 a refusé l'ouverture de cette page web.
Cette page comporte des codes infectés: not-a-virus:RiskTool.Win32.HideWindows.
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 11:02
dsl mon antivirus gdata bloque tout!!
je ne peux plus lancer ad remover n'y le telecharger
comment faire?
0
Utilisateur anonyme
14 janv. 2009 à 11:24
desactive G-Data le temps du nettoyage et poste le rapport comme demandé au post 7
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 11:29
gdata est désactivé mais le fichier "cmdow.exe est toujours manquant!!!
de plus je ne peu plus le telecharger car mon antivirus a bloqué la page de telechargement!!
Analyse virale des contenus Web

Adresse: sd-1.archive-host.com
Virus: not-a-virus:RiskTool.Win32.HideWindows
Statut : L'accès a été refusé.
0
Utilisateur anonyme
14 janv. 2009 à 11:32
tu as aussi desactive la protection residente de G-Data ? ;-)
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 11:54
voici le rapport


------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Casino/Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim

******************

# START AT: 11:34:06 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\

--- RUNNING PROCESSES: 58

(!) ---- IE start pages reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
.

+--------------------| Eorezo Elements Deleted :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo

+--------------------| Everest Casino/Everest Poker Elements Deleted :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.

+--------------------| It's TV Elements Deleted :

HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel

+--------------------| Sweetim Elements Deleted :

.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\LocalLow\SweetIM

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\mjgieb77.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"

.
REMOVED - user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
REMOVED - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.8");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.6001.18000 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~6290 bytes] - "C:\AD-report-Clean-14.01.2009.log"
[~10457 bytes] - "C:\AD-report-Scan-14.01.2009.log"

# END at: 11:36:32 | 14/01/2009 - Time elapsed: 2 minutes, 26 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 106 lines ]
+---------------------------------------------------------------------------+
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 11:55
rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:37, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Alex\Desktop\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C583B87-EB8C-434E-AF32-D0391E49967A}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Utilisateur anonyme
14 janv. 2009 à 12:07
BitDefender est mal desinstallé :

suis ce tuto :http://www.bitdefender.fr/KB333-fr--Desinstaller-BitDefender%C2%AD.html

ensuite :

norton est mal desinstallé :

outil de desinstallation totale :

ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

ensuite :

relance hijackthis , coches ces lignes sur leur gauche et "fix checked"

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

ensuite relance hijackthis s'il te plait
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 12:23
voici le rapport

ps : dsl mais la desinstallation de norton ca ne marche pas!!il se bloque au niveau des msi par code

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:25, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Alex\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYIS2ZSA\Norton_Removal_Tool[1].exe
C:\Users\Alex\AppData\Local\Temp\WZSE0.TMP\symnrt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C583B87-EB8C-434E-AF32-D0391E49967A}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Utilisateur anonyme
14 janv. 2009 à 12:28
la desinstall de bitdefender tu veux dire Norton n est plus present
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 12:31
non l'outil de désinstallation de norton se bloque a mi chemin
(au niveau des msi par code)
0
Utilisateur anonyme
14 janv. 2009 à 12:41
je n ai jamais utilisé Norton

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 15:01
voila g tout fait tout bien mais j'ai un gros souci maintenant

ca m'a viré mon wireless wifi link4965agp
?????????????????????????????????
0
Utilisateur anonyme
14 janv. 2009 à 15:07
redemarre et je peux avoir le rapport de otmoveit ?

0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 15:09
voici le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Alex\AppData\Local\Temp\WZSE1.TMP\SymNRT.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\Alex\AppData\Local\Temp\WZSE1.TMP\SymNRT.loc scheduled to be deleted on reboot.
File delete failed. C:\Users\Alex\AppData\Local\Temp\etilqs_9zkHQzsCr3glMrBvHrdm scheduled to be deleted on reboot.
File delete failed. C:\Users\Alex\AppData\Local\Temp\SymNRT 1-14-2009 12h27m22s.log scheduled to be deleted on reboot.
File delete failed. C:\Users\Alex\AppData\Local\Temp\~DFC8A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Alex\AppData\Local\Temp\~DFC99.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JETB25D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JETB2CA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JETB318.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JETB395.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JETB5B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JETEDE8.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_124708

Files moved on Reboot...
File C:\Users\Alex\AppData\Local\Temp\WZSE1.TMP\SymNRT.exe not found!
File C:\Users\Alex\AppData\Local\Temp\WZSE1.TMP\SymNRT.loc not found!
File C:\Users\Alex\AppData\Local\Temp\etilqs_9zkHQzsCr3glMrBvHrdm not found!
C:\Users\Alex\AppData\Local\Temp\SymNRT 1-14-2009 12h27m22s.log moved successfully.
File C:\Users\Alex\AppData\Local\Temp\~DFC8A.tmp not found!
File C:\Users\Alex\AppData\Local\Temp\~DFC99.tmp not found!
File C:\Windows\temp\JETB25D.tmp not found!
File C:\Windows\temp\JETB2CA.tmp not found!
File C:\Windows\temp\JETB318.tmp not found!
File C:\Windows\temp\JETB395.tmp not found!
C:\Windows\temp\JETB5B7.tmp moved successfully.
File C:\Windows\temp\JETEDE8.tmp not found!
0
Utilisateur anonyme
14 janv. 2009 à 15:15
pour la wifi je pense qu il faut desinstaller et reinstaller le pilote
0
diabolo162 Messages postés 1002 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 9 octobre 2018 29
14 janv. 2009 à 15:21
oui c bon pour le wifi, g réinstaller la version precedente et fait une mise a jour....
est ce que tout est bon sinon????
0
Utilisateur anonyme
14 janv. 2009 à 15:38
ok refais un scan avec g-data(normalement il s est reactive en redemarrant)
0