fenêtre intempestivesRésolu/Fermé

Question

Bonjour,

J'ai des fenêtres intempestives qui s'ouvrent toutes seules sur mozilla(sans rien dedans) et sur IE (avec des pubs).  

Est-ce un spam ou un virus ?

j'ai passé Malwarebyte qui a nettoyé. Je poste le rapport.
J'ai ensuite refait un scan avec Antivir mais il trouve toujours des anomalies. Est-ce normal ?
Je poste aussi le rapport.

Est-ce que Malwarebytes suffit pour enlever ses fenêtres ou y at'il autre chose à faire ?

Merci de votre aide.


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1675
Windows 5.1.2600 Service Pack 2

22/01/2009 09:51:37
mbam-log-2009-01-22 (09-51-26).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 109914
Temps écoulé: 21 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pxjsjtbe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fcccdBRK.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yjxsfobe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ofpfdj.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fcccdbrk -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fcccdbrk  -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ofpfdj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fcccdBRK.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\KRBdcccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\KRBdcccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pxjsjtbe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ebtjsjxp.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yjxsfobe.dll (Trojan.Vundo) -> No action taken.
C:\ARK6.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\axntbhmi.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\ZSOZSG2F\kbp41256[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\2LIG6RG8\index[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\2LIG6RG8\upd105320[1] (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP507\A0076997.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP512\A0077363.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> No action taken.




ET ANTIVIR




Avira AntiVir Personal
Report file date: jeudi 22 janvier 2009  09:57

Scanning for 1242124 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    LAURA

Version information:
BUILD.DAT     : 8.2.0.337      16934 Bytes  18/11/2008 13:05:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  26/11/2008 18:34:24
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 08:56:42
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 13:44:20
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 08:58:54
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  27/10/2008 17:38:28
ANTIVIR1.VDF  : 7.1.1.113    2817536 Bytes  14/01/2009 21:03:52
ANTIVIR2.VDF  : 7.1.1.148     440832 Bytes  20/01/2009 09:57:28
ANTIVIR3.VDF  : 7.1.1.156     112640 Bytes  21/01/2009 09:57:30
Engineversion : 8.2.0.57  
AEVDF.DLL     : 8.1.0.6       102772 Bytes  15/10/2008 18:23:42
AESCRIPT.DLL  : 8.1.1.26      340347 Bytes  17/01/2009 09:09:36
AESCN.DLL     : 8.1.1.5       123251 Bytes  07/11/2008 18:33:28
AERDL.DLL     : 8.1.1.3       438645 Bytes  05/11/2008 18:33:36
AEPACK.DLL    : 8.1.3.5       393588 Bytes  09/01/2009 21:02:00
AEOFFICE.DLL  : 8.1.0.33      196987 Bytes  11/12/2008 18:35:22
AEHEUR.DLL    : 8.1.0.84     1540471 Bytes  17/01/2009 09:09:36
AEHELP.DLL    : 8.1.2.0       119159 Bytes  18/11/2008 18:35:16
AEGEN.DLL     : 8.1.1.10      323957 Bytes  17/01/2009 09:09:32
AEEMU.DLL     : 8.1.0.9       393588 Bytes  15/10/2008 18:23:26
AECORE.DLL    : 8.1.5.2       172405 Bytes  28/11/2008 18:36:08
AEBB.DLL      : 8.1.0.3        53618 Bytes  15/10/2008 18:23:18
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 09:40:06
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 10:28:02
AVREP.DLL     : 8.0.0.2        98344 Bytes  15/09/2008 12:17:48
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 12:26:42
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 09:29:24
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 13:27:50
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 18:28:04
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 13:49:42
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 13:05:12
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 14:48:08
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 14:34:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: jeudi 22 janvier 2009  09:57

Starting search for hidden objects.
'50114' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'PINMENU.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'CISVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '65' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP512\A0077150.exe
    [0] Archive type: RSRC
      --> Object
        [1] Archive type: CAB (Microsoft)
        --> Setup_00.exe
          [DETECTION] Contains recognition pattern of the DR/Vundo.ggf dropper
    [NOTE]      The file was moved to '49a83c81.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077388.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '49a83c8d.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077391.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '49a83c91.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077392.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '49a83c95.qua'!


End of the scan: jeudi 22 janvier 2009  10:29
Used time: 32:25 Minute(s)

The scan has been done completely.

   5441 Scanning directories
 182013 Files were scanned
      1 viruses and/or unwanted programs were found
      3 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 182007 Files not concerned
   6676 Archives were scanned
      6 Warnings
      4 Notes
  50114 Objects were scanned with rootkit scan
      0 Hidden objects were found

geoffrey5 · Answer

Bonjour,

tu n'as pas appliqué d'action... As tu supprimé la sélection après avoir copié/collé le rapport de Malwarebytes ??

&#x25B6; Télécharge et enregistre le fichier d installation sur ton bureau : 

  http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe   

&#x25B6; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

&#x25B6; Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.

&#x25B6; Au menu principal choisi l'option "A"

&#x25B6; Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

fraggle559 · Answer

Bonjour, 
Voici le rapport que tu m'as demandé. 
Oui à la fin de malwarebytes, j'ai supprimé ce qu'il a trouvé. Pour antivir, il me propose d'ignorer tout ce qu'il trouve. Je ne fais rien de plus avec.
Merci.

Avira AntiVir Personal
Report file date: jeudi 22 janvier 2009  09:57

Scanning for 1242124 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    LAURA

Version information:
BUILD.DAT     : 8.2.0.337      16934 Bytes  18/11/2008 13:05:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  26/11/2008 18:34:24
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 08:56:42
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 13:44:20
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 08:58:54
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  27/10/2008 17:38:28
ANTIVIR1.VDF  : 7.1.1.113    2817536 Bytes  14/01/2009 21:03:52
ANTIVIR2.VDF  : 7.1.1.148     440832 Bytes  20/01/2009 09:57:28
ANTIVIR3.VDF  : 7.1.1.156     112640 Bytes  21/01/2009 09:57:30
Engineversion : 8.2.0.57  
AEVDF.DLL     : 8.1.0.6       102772 Bytes  15/10/2008 18:23:42
AESCRIPT.DLL  : 8.1.1.26      340347 Bytes  17/01/2009 09:09:36
AESCN.DLL     : 8.1.1.5       123251 Bytes  07/11/2008 18:33:28
AERDL.DLL     : 8.1.1.3       438645 Bytes  05/11/2008 18:33:36
AEPACK.DLL    : 8.1.3.5       393588 Bytes  09/01/2009 21:02:00
AEOFFICE.DLL  : 8.1.0.33      196987 Bytes  11/12/2008 18:35:22
AEHEUR.DLL    : 8.1.0.84     1540471 Bytes  17/01/2009 09:09:36
AEHELP.DLL    : 8.1.2.0       119159 Bytes  18/11/2008 18:35:16
AEGEN.DLL     : 8.1.1.10      323957 Bytes  17/01/2009 09:09:32
AEEMU.DLL     : 8.1.0.9       393588 Bytes  15/10/2008 18:23:26
AECORE.DLL    : 8.1.5.2       172405 Bytes  28/11/2008 18:36:08
AEBB.DLL      : 8.1.0.3        53618 Bytes  15/10/2008 18:23:18
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 09:40:06
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 10:28:02
AVREP.DLL     : 8.0.0.2        98344 Bytes  15/09/2008 12:17:48
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 12:26:42
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 09:29:24
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 13:27:50
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 18:28:04
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 13:49:42
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 13:05:12
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 14:48:08
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 14:34:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: jeudi 22 janvier 2009  09:57

Starting search for hidden objects.
'50114' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'PINMENU.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'CISVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '65' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP512\A0077150.exe
    [0] Archive type: RSRC
      --> Object
        [1] Archive type: CAB (Microsoft)
        --> Setup_00.exe
          [DETECTION] Contains recognition pattern of the DR/Vundo.ggf dropper
    [NOTE]      The file was moved to '49a83c81.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077388.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '49a83c8d.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077391.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '49a83c91.qua'!
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP513\A0077392.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '49a83c95.qua'!


End of the scan: jeudi 22 janvier 2009  10:29
Used time: 32:25 Minute(s)

The scan has been done completely.

   5441 Scanning directories
 182013 Files were scanned
      1 viruses and/or unwanted programs were found
      3 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 182007 Files not concerned
   6676 Archives were scanned
      6 Warnings
      4 Notes
  50114 Objects were scanned with rootkit scan
      0 Hidden objects were found

geoffrey5 · Answer

Ce sont des fichiers infectés logés dans la restauration du système, on s'en occupera en fin de désinfection  ;-)

Tu devrais configurer File Heuristic sur MEDIUM.

Pourquoi me renvois-tu le rapport d'Antivir ?? As-tu fais AD-Remover ??

fraggle559 · Answer

Bonjour


tu as raison 
En fait j'avais 2 rapport malwarebytes. Je te poste le 2eme si cela peut t'aider.
Merci


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1675
Windows 5.1.2600 Service Pack 2

22/01/2009 09:52:41
mbam-log-2009-01-22 (09-52-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 109914
Temps écoulé: 21 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pxjsjtbe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fcccdBRK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yjxsfobe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ofpfdj.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a1cdde1a-2830-4851-b671-3f267f74ff4c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82904c57-38c7-4e55-b67a-2c5289160875} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fcccdbrk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fcccdbrk  -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ofpfdj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fcccdBRK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\KRBdcccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KRBdcccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxjsjtbe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ebtjsjxp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjxsfobe.dll (Trojan.Vundo) -> Delete on reboot.
C:\ARK6.tmp (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\axntbhmi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\ZSOZSG2F\kbp41256[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\2LIG6RG8\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\13\Local Settings\Temporary Internet Files\Content.IE5\2LIG6RG8\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP507\A0076997.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4081E8B6-077E-420E-8973-EE0643E83BA3}\RP512\A0077363.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.

geoffrey5 · Answer

As-tu bien redémarré le PC pour terminer la suppression de Malwarebytes ?? Il te l'a surement demandé..

&#x25B6; Télécharge et enregistre le fichier d installation sur ton bureau : 

  http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe   

&#x25B6; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

&#x25B6; Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.

&#x25B6; Au menu principal choisi l'option "A"

&#x25B6; Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

fraggle559 · Answer

J'ai du faire une mauvaise manipulation en faisant le copier coller. Excuse moi.

Voila le rapport  après le chargement de AD-REMOVER

L'ordinateur a fait le redémarrage lui même après le nettoyage  de Malwarerbytes.
Je n'ai pas bien compris de quel réglage tu me parles. Pourrais tu m'expliquer SVP.


------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

Start at: 11:07:40 | Jeu 22/01/2009 | Microsoft® Windows XP™  SP2 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LAURA | User: 13 ( Current user is an administrator)
Drive(s): 
- C:\  (File System: FAT32)
- D:\  (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 44

+--------------------| Boonty/Boonty Games Elements Found :

.
.

+--------------------| Eorezo Elements Found :

.
.

+--------------------| Everest Casino/Everest Poker Elements Found :

.
.

+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :

.
.

+--------------------| It's TV Elements Found :

.

+--------------------| Sweetim Elements Found :

Process: "SWEETIM.EXE" [PID:~1228]
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SWEETIE
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\SOFTWARE\Microsoft\ESENT\Process\SweetIM
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\~\INSTALLER\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
.
C:\WINDOWS\INSTALLER\1cb5ef9.msi
C:\WINDOWS\INSTALLER\1cb5f11.msi
C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messengeresources
C:\Program Files\SweetIM\Messenger\default.xml
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
C:\Program Files\SweetIM\Messengeresources\images
C:\Program Files\SweetIM\Messengeresources\images\AudibleButton.png
C:\Program Files\SweetIM\Messengeresources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messengeresources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messengeresources\images\NudgeButton.png
C:\Program Files\SweetIM\Messengeresources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messengeresources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\affid.dat
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\basis.xml
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Bookmarks_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Email_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Games_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Greetingcards_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Logo.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Mobile_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Music_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\News_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\Shoping_23x18.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\SmileySmile.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\SmileyWink.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\sweetimicons.bmp
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources	oolbar.xml
C:\Program Files\SweetIM\Toolbars\Internet Exploreresources\version.txt
C:\Documents and Settings\13\Application Data\Mozilla\Firefox\Profiles\9ka9hnr1.default\searchplugins\sweetim.xml
C:\Documents and Settings\All Users\Application Data\SweetIM
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\logs
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\update
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00060075.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0006009E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002008E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020144.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020117.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002006D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002009E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020096.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020071.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002017D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020241.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020217.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002017B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040121.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030095.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010893.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108A9.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002005E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108A5.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020230.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002019F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A0.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000201D4.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002013F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020185.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000100AD.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108B9.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020139.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000200C7.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080016.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020075.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108BE.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004005A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002020A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004002B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040063.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002010D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020114.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020077.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040070.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000400C3.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010949.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202D6.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202C9.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202D5.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002006C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080046.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000201DA.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108C2.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300AC.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080011.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010896.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108F1.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000600DD.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000601F9.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300B2.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010897.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010890.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001088D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001089A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000100AF.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002006E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020113.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020132.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000201CD.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000200C0.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002012E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202CA.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202ED.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202AA.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040024.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040108.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0006023B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004012C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008005A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080059.dat

C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040127.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040128.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004012E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040129.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040020.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004012B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004012A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004012D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004007B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004007C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040039.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0004010E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080024.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080042.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000200A6.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010911.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010119.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108E8.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108D2.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108A4.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020148.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010899.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000201E4.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020079.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000100C5.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001011E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002011D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001089D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00060237.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000601F7.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002030B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002019D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00060042.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020226.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000202F3.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000601DE.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00060298.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001095C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002034C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080068.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0003009A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030099.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000800B8.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300B9.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A5.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300B1.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008005C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001081A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010959.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080040.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001092C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020359.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\01030046.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040117.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000602C0.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010859.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080017.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\02050002.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008001A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080020.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108D5.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080014.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108AD.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000400E6.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020337.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108FB.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001090F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0003008E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001095B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040064.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00050005.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001089F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00050004.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\010108A7.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001088F.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030040.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300AD.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300C1.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00040148.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000400FD.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010962.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000800AE.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000800BA.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000600C2.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300BF.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010819.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300BE.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108A1.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010922.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0003009B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030096.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0003009D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010930.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00020358.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080060.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002022A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010863.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001084A.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A4.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030049.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030057.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300AB.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000300A2.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108A0.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108BD.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0003004E.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108BC.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010857.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0001085D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010891.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030092.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000108CC.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\000601EA.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0006028B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00010954.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0008008D.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0002032C.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00060232.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00080090.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\01030047.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\01030040.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\0003004B.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030050.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030052.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\00030053.dat
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\adapter.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\autoupdate.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\logger.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\messages.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\sweetim.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\sweetimapp.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\main_user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\lablondedu.07@hotmail.fr
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\gatto07@hotmail.fr
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\laura_zzz@hotmail.fr
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\saintgand@hotmail.com
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr\user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr\emoticons_shortcut.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr\lastuse_Emoticons.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr\lastuse_SoundFX.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr\lastuse_Winks.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr\lastuse_DisplayPictures.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\joelle.2@free.fr\lastuse_Audibles.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\lablondedu.07@hotmail.fr\user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\lablondedu.07@hotmail.fr\emoticons_shortcut.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\gatto07@hotmail.fr\user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\gatto07@hotmail.fr\emoticons_shortcut.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\laura_zzz@hotmail.fr\user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\laura_zzz@hotmail.fr\emoticons_shortcut.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\laura_zzz@hotmail.fr\lastuse_Emoticons.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\laura_zzz@hotmail.fr\lastuse_Winks.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\saintgand@hotmail.com\user_config.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\saintgand@hotmail.com\emoticons_shortcut.xml
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml

+--------------------| Added Scan :


+---------- SCANNING PREFS.JS ... ( # Mozilla user preferences )

..\9ka9hnr1.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~

* BROWSER SEARCH DEFAULT ENGINE:  "SweetIM Search"
* BROWSER SEARCH SELECTED ENGINE:  "Google"
* BROWSER SEARCH DEFAULT URL:  "https://search.sweetim.com/search.asp?src=2&q="
* BROWSER STARTUP HOMEPAGE:  "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"

.
FOUND - user_pref("browser.search.defaultenginename", "SweetIM Search");
FOUND - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");

+---------------------------------------------------------------------------+


~~~~ INTERNET EXPLORER VERSION 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://www.msn.fr/

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://home.sweetim.com

+---------------------------------------------------------------------------+

[~37716 BYTES] - "C:\AD-REPORT-SCAN-22.01.2009.LOG"

End at: 11:08:31 | 22/01/2009 - Time elapsed: 51.1 seconds 

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 457 Lines ]
+---------------------------------------------------------------------------+

geoffrey5 · Answer

! Déconnectes toi et fermes toutes applications en cours ! 

&#9679; Relances "Ad-remover" : au menu principal choisi l'option "B" . 

&#9679; Coche à l'écran de sélection :


6. Suppression Sweetim


&#9679; Tape le chiffre correspondant à la suppression demandée et valide par ENTER pour le cocher. 

&#9679; Puis choisi "S" , le programme va travailler, 

&#9679; Postes le rapport qui apparait à la fin. 

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log ) 

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)


ensuite :


&#x25B6; Télécharge hijackthis

&#x25B6; Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

&#x25B6; Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.


Comment copier/coller le rapport :


&#x25B6; Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

&#x25B6; ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

fraggle559 · Answer

Salut,
Voilà les 2 rapports que tu m'as demandé

------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

*** LIMITED TO ***

Sweetim

******************

Start at:  9:51:30 | Ven 23/01/2009 | Microsoft® Windows XP™  SP2 (V5.1.2600)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: LAURA | User: 13 ( Current user is an administrator)
Drive(s): 
- C:\  (File System: FAT32)
- D:\  (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 41

(!) ---- IE start pages reset

+--------------------| Sweetim Elements Deleted :

Process: "SWEETIM.EXE" [PID:~1228]
.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SWEETIM
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\07D5290CDBDAE4242926B8E6CA650501
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\08E33F7B61DEFF24BB9673ED7D467636
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\1AC67655DD68F8240B2860F2D511EBD8
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4318DF19719275242801CBE292063A4C
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\4CCCAC049F34D0540AAC13011398BEDB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D19F074C042AD34BAB463D4175A062E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\697E782CF574CC34CBB9566440BA12BC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\6AE27A8613CF7EA4782F2886F67295E5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\7CE172051F585E04187BCB97570BFA74
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\86A901BA5265452499DCBF719C378EE3
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\9A4B7EF3789F871419D9302583B20C15
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\A6C53B0F76C44004A8F36716213017DB
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\B59F2D8189784CC46A4597F2842480B0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\D149C1355C98DE24E82CEFBD996FE06A
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB59FDB786388EA4D897F3EE715683AC
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\E337925F629CF4C4FB08F3D9674DD839
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\EC65F200D112357449C8B1BC3CFA03D0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\F327D0C73C0973644A21E8CC852267A0
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\FA96423FE2B98E248A3B23548D1E22D9
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-18\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCT\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\~\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\02F47BF73B948514FAACADD8CBBDF37D
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\080D9F5E1E95FEE4794CE438E635239E
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\1E264E0A5959A1C46BA9175A878B12EA
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\2E6768B6932D112438F047C54D180635
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\351716A953E21214898904032EAE2E81
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\397C771A7BCAC904697C3EC629ED33ED
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\A189D17A469616C4688D23E192996267
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\D3BA76A44C779424889063D5098ED2D6
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\E4748F9A4181FCE46A23C13B517B9420
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\~\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\COMPONENTS\305B09CE8C53A214DB58887F62F25536
HKLM\~\INSTALLER\USERDATA\S-1-5-21-784569582-1608279117-3960356139-1010\PRODUCTS\5D72AF385B5242D47B69FD47F2805AFC
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCU\SOFTWARE\SWEETIE
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\ESENT\Process\SweetIM
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
HKLM\SOFTWARE\SweetIM
.
C:\WINDOWS\INSTALLER\1cb5ef9.msi
C:\WINDOWS\INSTALLER\1cb5f11.msi
/!\ NOT DELETED - C:\Program Files\SweetIM
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger 
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll 
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\msvcr71.dll 
C:\Documents and Settings\13\Application Data\Mozilla\Firefox\Profiles\9ka9hnr1.default\searchplugins\sweetim.xml
C:\Documents and Settings\All Users\Application Data\SweetIM

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


************* /!\ FILE(S)/FOLDER(S) NOT DELETED /!\ *************

"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"

SECOND RUN ...

DELETED ! - "C:\Program Files\SweetIM\Messenger"
DELETED ! - "C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
DELETED ! - "C:\Program Files\SweetIM\Messenger\msvcr71.dll"


+--------------------| Added Scan :


+---------- SCANNING PREFS.JS ... ( # MOZILLA USER PREFERENCES )

..\9ka9hnr1.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~

* BROWSER SEARCH DEFAULT ENGINE:  "SweetIM Search"
* BROWSER SEARCH SELECTED ENGINE:  "Google"
* BROWSER SEARCH DEFAULT URL:  "https://search.sweetim.com/search.asp?src=2&q="
* BROWSER STARTUP HOMEPAGE:  "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"

.
REMOVED - user_pref("browser.search.defaultenginename", "SweetIM Search");
REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");

+---------------------------------------------------------------------------+


~~~~ INTERNET EXPLORER VERSION 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~38050 BYTES] - "C:\AD-REPORT-SCAN-22.01.2009.LOG"
[~9517 BYTES] - "C:\AD-REPORT-CLEAN-23.01.2009.LOG"

End at:  9:52:32 | 23/01/2009 - Time elapsed: 62.7 seconds 

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 150 Lines ]
+---------------------------------------------------------------------------+


ET LE RAPPORT HITJACKTHIS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:12, on 23/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4CFFE09A-EAAB-4CC7-BBB6-D01DDA792E6E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {EEE393B9-FE82-4560-8FE3-9938DA08BC49} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-784569582-1608279117-3960356139-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2a22063e1a6841fa860803837843fbd1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2a22063e1a6841fa860803837843fbd1
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {654AC4C5-5793-4747-B558-34B17112D6E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ixrhij.dll ofpfdj.dll
O20 - Winlogon Notify: vtUkihHB - vtUkihHB.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

geoffrey5 · Answer

Bonjour,

relance hijackthis en cliquant sur scan only, coches toutes les lignes 018 et celles ci :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll     
O2 - BHO: (no name) - {4CFFE09A-EAAB-4CC7-BBB6-D01DDA792E6E} - (no file) 
O2 - BHO: (no name) - {EEE393B9-FE82-4560-8FE3-9938DA08BC49} - (no file) 
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll     
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab 

puis tu cliques sur fix checked.

ensuite :

&#x25B6; Télécharge RegCleaner

&#x25B6; Une fois installé, double-clique sur son icône pour l'exécuter

&#x25B6; Dans la barre de menu, clique sur Options puis sélectionne Language => Select language

&#x25B6; recherche French.rlg et double-clique dessus pour appliquer la langue

&#x25B6; Clique ensuite sur Outils dans la barre de menu

&#x25B6; Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

&#x25B6; RegCleaner va alors lancer le nettoyage automatiquement

&#x25B6; Coche ensuite les entrées invalides qui sont apparues dans la fenêtre et clique sur Supprimer sélections => Terminer => Quitter

ensuite :

&#x25B6; Télécharge Rooter (créé par l'équipe IDN) sur ton bureau.

&#x25B6; /!\ Déconnecte toi d'internet et ferme toutes les applications en cours /!\

&#x25B6; Exécute Rooter et laisse le travailler jusqu'à l'apparition du rapport dans le bloc note

&#x25B6; Ensuite poste le rapport dans ta prochaine réponse

fraggle559 · Answer

Bonjour,
Voici le rapport que tu m'as demandé. 
Par contre, j'ai complètement oublié de désactiver Antivir. J'espère que cela ne faussera pas le scan.

Peux tu m'expliquer ce que j'ai fait en cliquant sur toutes les lignes dans hitjacthis. Ca correspond à quoi ? Des indésirables dans les programmes ?




Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm)   2800+ )
BIOS : Award Modular BIOS v6.00PG
USER : 13 ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)


C:\ (Local Disk) - FAT32 - Total:37 Go (Free:1 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

25/01/2009|11:03

----------------------\  Search..

No infections found !


1 - "C:\Rooter$\Rooter_1.txt" - 25/01/2009|11:03

----------------------\  Scan completed at 11:03

geoffrey5 · Answer

Bonjour,

ce sont des lignes superflues non nécessaires au démarrage de ton PC...

Est-ce que tu as encore des problèmes ??

fraggle559 · Answer

Bonjour,

Non il semble que tout aille mieux. Je te remercie de ton aide.

J'aimerais maintenant savoir pourquoi je n'ai pas pu choisir une date de restauration lors que j'ai eu tous ces soucis. 

A l'origine, j'avais une anomalie au démarrage, il m'affichait que je n'avais plus de disque dur mais l'ordi fonctionnait. Cela fait suite au branchement d'une clé avec micro carte. J'ai donc chargé le nouveau spyboot qui a du réparer mais qui restait en marche et qui m'affichait toujours une demande de modification d'une clé de registre. C'est là que j'ai voulu restaurer et l'ordinateur ne m'a laissé comme choix que une restauration à l'heure précédent l'installation de spyboot. Je l'ai désinstallé, c'est rentré dans l'ordre sauf bien sûr les pubs intempestives que tu m'as aidé à supprimer.

Ta réponse m'aideras à comprendre encore mieux le fonctionnement de mon ordinateur.

geoffrey5 · Answer

Tu n'avais pas d'autres points de restauration que celui lors de l'installation de Spybot ?

Tu devais surement accepter la modification du registre que Spybot avait fait lors de la réparation...

fraggle559 · Answer

Non, je ne pouvais même pas naviguer avec les flèches dans le calendrier. Je n'avais absolument que cette proposition.

Pour spyboot, j'ai accepté la réparation une 1ere, j'ai redémarré le PC  et là , j'avais à nouveau la demande de modification de la clé, j'ai refusé,j'ai redémarré le PC et c'était encore là, j'ai accepté mais la demande restait alors j'ai restauré, ça n'a rien changé puis j'ai  désinstallé spyboot et tout est rentré dans l'ordre.

geoffrey5 · Answer

Ok... Donc maintenant tu n'as plus de problèmes ??

fraggle559 · Answer

Bonjour,
Non je n'ai visiblement plus de pub.

Peux tu juste me dire comment faire pour la restauration SVP pour le cas ou j'en aurais à nouveau besoin.
Merci

geoffrey5 · Answer

Bonjour,

tu peux faire ceci pour terminer stp :

Voici un excellent petit logiciel très utile qui te permettra de savoir les nouvelles mises à jour disponibles pour les différents logiciels installés sur ton PC :

&#x25B6; Télécharge Update Checker

&#x25B6; Installe le avec les paramètres par défaut en cliquant chaques fois sur Suivant.

&#x25B6; Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.

&#x25B6; Double-cliques sur l'icône pour être redirrigé sur le site de téléchargement des mises à jour.

&#x25B6; Un conseil : n'installe pas les BETA qui sont listées en dessous.

&#x25B6; Tu installes les mises à jour que tu désires, les plus importantes sont :

&#9679; Java

&#9679; Adobe Reader

&#9679; Adobe Flash Player

&#9679; Internet explorer


Ensuite :


Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :  

&#x25B6; Télécharge Toolscleaner sur ton Bureau  


&#x25B6; Double-clique sur ToolsCleaner2.exe et laisse le travailler 
&#x25B6; Clique sur Recherche et laisse le scan se terminer. 
&#x25B6; Clique sur Suppression pour finaliser. 
&#x25B6; Tu peux, si tu le souhaites, te servir des Options facultatives. 
&#x25B6; Clique sur Quitter, pour que le rapport puisse se créer. 
&#x25B6; Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse


Ensuite :


Désactive et réactive la Restauration du système :


Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire : 

 
1 Dans la barre des tâches de Windows, clique sur Démarrer.
 
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
 
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.
  
5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

(exemple : après désinfection sur CCM) puis tu valides.


Tu peux mettre ton problème résolu !! Comment mettre résolu ??


IMPORTANT : lire les quelques liens pour la prévention et la sécurité de votre PC qui se trouvent en bas de la page !!


Pour les utilisateurs de Firefox :

Voici une extension à télécharger qui vous permettra, en faisant vos recherches sur google, de savoir si le site proposé lors de vos recherches est un site de confiance ou un site à éviter car il pourrait infecter votre PC :

https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/

Il faut cliquer sur "Ajouter à Firefox"

fraggle559 · Answer

Bonjour,

j'ai voulu faire une mise a jour mais l'ordinateur me demande d'insérer le disque Microsoft que je n'ai pas. J'ai abandonné mais cela ne gène pas. Certaines mises à jour ont été faites; Il m'a donné une adresse sur le disque dur. Je ne l'ai pas encore regardé. J'ai fait le point de restauration il sera utilisable même dans plusieurs mois ?

Voici le rapport de toolcleaner.

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\13\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !


Corbeille vidée!
Fichiers temporaires nettoyés !
Restauration annulée !
---------------------------------
-->- Suppression: 
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\13\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !

fraggle559 · Answer

le programme  de contrôle de site me bloque msn qui est ma page d'accueil. Elle ne vient plus. l'ordi tourne en vain. est-ce normal ?
Comment le désinstaller car en fait, j'avais un autre contrôle intégré à firefox qui ne bloquait pas le site ?

fraggle559 · Answer

Bonjour, 
J'ai trouvé comment supprimer wot. Pour msn il semble que ce soit le site qui pose problème.
Merci infiniment pour toute ton aide geoffrey5.  a+

geoffrey5 · Answer

Bonjour,

mais de rien  ;-)

Je ne comprends pas pourquoi ça bloque ta page msn... J'ai WOT et la page msn par défaut aussi et ça ne la bloque pas..

fraggle559 · Answer

:-)


C'est msn qui marchait mal ce matin car je n'avais même plus la météo régionale; je l'ai remis en marche maintenant et tout fonctionne bien.

geoffrey5 · Answer

Ok tant meix  ;-)

Bonne journée @+

Fenêtre intempestives

23 réponses

Discussions similaires

Newsletters