AIDEZ MOI SVP virus win 32 trojan-gen (other)
diabolo162
Messages postés
1039
Statut
Membre
-
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,
voici mon rapport avec ad remover :
------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------
# START AT: 10:01:58 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\
--- RUNNING PROCESSES: 67
+--------------------| Boonty/Boonty Games Elements found :
.
.
+--------------------| Eorezo Elements found :
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
C:\Users\Alex\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\host.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\user.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png
+--------------------| Everest Casino/Everest Poker Elements found :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements found :
HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
+--------------------| Sweetim Elements found :
.
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData\logs
C:\Users\Alex\AppData\LocalLow\SweetIM
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\mjgieb77.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
.
FOUND - user_pref("browser.search.defaultenginename", "SweetIM Search");
FOUND - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
FOUND - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://home.sweetim.com
+---------------------------------------------------------------------------+
[~15797 bytes] - "C:\AD-report-Scan-14.01.2009.log"
# END at: 10:02:30 | 14/01/2009 - Time elapsed: 32.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 217 lines ]
+---------------------------------------------------------------------------+
voici mon rapport avec ad remover :
------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------
# START AT: 10:01:58 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\
--- RUNNING PROCESSES: 67
+--------------------| Boonty/Boonty Games Elements found :
.
.
+--------------------| Eorezo Elements found :
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
C:\Users\Alex\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\host.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\user.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Alex\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\Alex\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_‚cran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\Alex\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png
+--------------------| Everest Casino/Everest Poker Elements found :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements found :
HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV
C:\Users\Alex\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
+--------------------| Sweetim Elements found :
.
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData\logs
C:\Users\Alex\AppData\LocalLow\SweetIM
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\Alex\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\mjgieb77.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
.
FOUND - user_pref("browser.search.defaultenginename", "SweetIM Search");
FOUND - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
FOUND - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
FOUND - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://home.sweetim.com
+---------------------------------------------------------------------------+
[~15797 bytes] - "C:\AD-report-Scan-14.01.2009.log"
# END at: 10:02:30 | 14/01/2009 - Time elapsed: 32.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 217 lines ]
+---------------------------------------------------------------------------+
A voir également:
- AIDEZ MOI SVP virus win 32 trojan-gen (other)
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Win rar - Télécharger - Compression & Décompression
- Virus mcafee - Accueil - Piratage
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
26 réponses
! Déconnectes toi et fermes toutes applications en cours !
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
Ensuite :
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
bonjour
1)pour vista si infection.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
2) Déconnectes toi et fermes toutes applications en cours !
Relances "Ad-remover" : au menu principal choisi l'option "B" .
? Ensuite coche: (le numero devant et entree)
Boonty/Boonty Games
eorezo
.......
Puis "S"
le programme va travailler ...
Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
3)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
1)pour vista si infection.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
2) Déconnectes toi et fermes toutes applications en cours !
Relances "Ad-remover" : au menu principal choisi l'option "B" .
? Ensuite coche: (le numero devant et entree)
Boonty/Boonty Games
eorezo
.......
Puis "S"
le programme va travailler ...
Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
3)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
dsl mais mon antivirus g data bloque le lancement de ad remover et il m'empeche de telecharger à nouveau!!
comment faire?merci
comment faire?merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ben le 1er coup ca marchait avec mon antivirus....
maintenant il me dit :"G DATA TotalCare 2008 a refusé l'ouverture de cette page web.
Cette page comporte des codes infectés: not-a-virus:RiskTool.Win32.HideWindows."
comment je peux faire?
maintenant il me dit :"G DATA TotalCare 2008 a refusé l'ouverture de cette page web.
Cette page comporte des codes infectés: not-a-virus:RiskTool.Win32.HideWindows."
comment je peux faire?
mon antivirus est désactivé!!!!
mais il a bloqué la page internet de telechargement de ad-remover
et je je sais pas comment faire pour debloquer cette page dans mon antivirus
voici le message de mon antivirus :
"Analyse virale des contenus Web
Adresse: sd-1.archive-host.com
Virus: not-a-virus:RiskTool.Win32.HideWindows
Statut : L'accès a été refusé.
mais il a bloqué la page internet de telechargement de ad-remover
et je je sais pas comment faire pour debloquer cette page dans mon antivirus
voici le message de mon antivirus :
"Analyse virale des contenus Web
Adresse: sd-1.archive-host.com
Virus: not-a-virus:RiskTool.Win32.HideWindows
Statut : L'accès a été refusé.
"si mais il est inscrit : cmdow.exe est manquant"
as tu regarder dans la quarantaine de ton antivirus a moin que tu l as supprime lorsque ton antivirus t a alerte.
mais je ne comprend pas pourquoi il ne t a pas prevenu lorsque tu l as telecharge la premiere fois.
as tu regarder dans la quarantaine de ton antivirus a moin que tu l as supprime lorsque ton antivirus t a alerte.
mais je ne comprend pas pourquoi il ne t a pas prevenu lorsque tu l as telecharge la premiere fois.
deuxieme rapport hisjackthis
------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Casino/Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START AT: 11:34:06 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\
--- RUNNING PROCESSES: 58
(!) ---- IE start pages reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
+--------------------| Everest Casino/Everest Poker Elements Deleted :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
+--------------------| Sweetim Elements Deleted :
.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\LocalLow\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\mjgieb77.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
.
REMOVED - user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
REMOVED - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~6290 bytes] - "C:\AD-report-Clean-14.01.2009.log"
[~10457 bytes] - "C:\AD-report-Scan-14.01.2009.log"
# END at: 11:36:32 | 14/01/2009 - Time elapsed: 2 minutes, 26 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 106 lines ]
+---------------------------------------------------------------------------+
------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Casino/Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START AT: 11:34:06 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\
--- RUNNING PROCESSES: 58
(!) ---- IE start pages reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
+--------------------| Everest Casino/Everest Poker Elements Deleted :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
+--------------------| Sweetim Elements Deleted :
.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\LocalLow\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\mjgieb77.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
.
REMOVED - user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
REMOVED - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~6290 bytes] - "C:\AD-report-Clean-14.01.2009.log"
[~10457 bytes] - "C:\AD-report-Scan-14.01.2009.log"
# END at: 11:36:32 | 14/01/2009 - Time elapsed: 2 minutes, 26 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 106 lines ]
+---------------------------------------------------------------------------+
ouf y a est j'ai reussi!!
voici le rapport ad-remover
------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Casino/Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START AT: 11:34:06 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\
--- RUNNING PROCESSES: 58
(!) ---- IE start pages reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
+--------------------| Everest Casino/Everest Poker Elements Deleted :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
+--------------------| Sweetim Elements Deleted :
.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\LocalLow\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\mjgieb77.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
.
REMOVED - user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
REMOVED - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~6290 bytes] - "C:\AD-report-Clean-14.01.2009.log"
[~10457 bytes] - "C:\AD-report-Scan-14.01.2009.log"
# END at: 11:36:32 | 14/01/2009 - Time elapsed: 2 minutes, 26 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 106 lines ]
+---------------------------------------------------------------------------+
voici le rapport ad-remover
------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Casino/Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START AT: 11:34:06 | Wed 14/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: PC-DE-ALEX | USER: Alex ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\Windows\
# System Directory: C:\Windows\system32\
--- RUNNING PROCESSES: 58
(!) ---- IE start pages reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Alex\AppData\Roaming\EoRezo
+--------------------| Everest Casino/Everest Poker Elements Deleted :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
.
C:\Users\Alex\AppData\Roaming\ItsLabel
+--------------------| Sweetim Elements Deleted :
.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3587792120-1069241437-2351346818-1002\Software\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\SOFTWARE\SweetIM
.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\searchplugins\sweetim.xml
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\mjgieb77.default\SweetIMToolbarData
C:\Users\Alex\AppData\LocalLow\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\mjgieb77.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
* Browser Search Default Engine: "SweetIM Search"
* Browser Search Default Engine: "MyStart Rechercher"
* Browser Search Selected Engine: "Live Search"
* Browser Search Selected Engine: "MyStart Rechercher"
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Search Default Url: "https://search.sweetim.com/search.asp?src=2&q="
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"
.
REMOVED - user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Rechercher");
REMOVED - user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "http://mystart.incredimail.com/?loc=ff_address_bar&search=");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{719C00FB-6B90-11DD-82A8-00030D000001}");
REMOVED - user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.6001.18000 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~6290 bytes] - "C:\AD-report-Clean-14.01.2009.log"
[~10457 bytes] - "C:\AD-report-Scan-14.01.2009.log"
# END at: 11:36:32 | 14/01/2009 - Time elapsed: 2 minutes, 26 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 106 lines ]
+---------------------------------------------------------------------------+
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:37, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Alex\Desktop\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C583B87-EB8C-434E-AF32-D0391E49967A}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:37, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Alex\Desktop\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C583B87-EB8C-434E-AF32-D0391E49967A}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Fait moi ceci et poste moi le rapport.
Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
je te laisse pimprenelle.rien a priori sur hijack
juste pour dire la merde de norton n est pas entierement enleve , il reste un petit peu(c est comme un virus ou autre il se met partout).
utilise cela pour bien tout enlever.
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924?Open&src=&docid=20040413131641928&nsf=SUPPORT%5CINTER%5Cnisintl.nsf&view=833aab0c51f1b15a88256da6006a0505&dtype=&prod=&ver=&osv=&osv_lvl=
1)passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)pour enlever les fichiers temporaires
a passer tout les 15 jours a peu pres.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language
et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
3)passe a mozilla 3 au lieu d internet explorer car c est bien plus sur.
http://www.commentcamarche.net/telecharger/telecharger 111 firefox
fait ce qui est indique sur ce lien pour mieux securise firefox.
https://www.malekal.com/securiser-le-navigateur-web-firefox-2/
surtout NO SCRIPT(arrete les programmes java et adobe automatiquement,
donc il faut autoriser pour certains de tes sites pour pouvoir lire des textes ou des video)
juste pour dire la merde de norton n est pas entierement enleve , il reste un petit peu(c est comme un virus ou autre il se met partout).
utilise cela pour bien tout enlever.
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924?Open&src=&docid=20040413131641928&nsf=SUPPORT%5CINTER%5Cnisintl.nsf&view=833aab0c51f1b15a88256da6006a0505&dtype=&prod=&ver=&osv=&osv_lvl=
1)passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)pour enlever les fichiers temporaires
a passer tout les 15 jours a peu pres.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language
et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
3)passe a mozilla 3 au lieu d internet explorer car c est bien plus sur.
http://www.commentcamarche.net/telecharger/telecharger 111 firefox
fait ce qui est indique sur ce lien pour mieux securise firefox.
https://www.malekal.com/securiser-le-navigateur-web-firefox-2/
surtout NO SCRIPT(arrete les programmes java et adobe automatiquement,
donc il faut autoriser pour certains de tes sites pour pouvoir lire des textes ou des video)
