Virus?

pupuce298 Messages postés 166 Statut Membre -
pupuce298 Messages postés 166 Statut Membre - 17 févr. 2009 à 22:52

Bonjour, voilà je ne sais pas ce qui ce passe avec mon pc. il est de plus en plus lent. mais il faut que je dise que je suis une novice, pleine de bonne volonté je n'est jamais guéri un virus alors ne vous fachez pas si je ne comprend pas du 1er coup. je vous demande de l'aide. bien à vous j'ai Norton en anti virus

Configuration: Windows Vista
Internet Explorer 7.0

Afficher la suite

45 réponses

Résumé de la discussion

Une utilisatrice novice demande de l’aide pour un PC de plus en plus lent, sous Windows Vista avec Norton antivirus et Internet Explorer 7, soupçonné d’une infection virale. Plusieurs conseils privilégient l’analyse puis nettoyage profond: relancer HijackThis en mode scan only et cocher les éléments détectés, puis employer RegCleaner pour nettoyer le registre et stabiliser le système. Des analyses en ligne, notamment BitDefender, indiquent zéro fichier infecté, ce qui suggère que la lenteur peut provenir d’autres causes et qu’il faut poursuivre la désinfection jusqu’au bout.

Réponse 1 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Bonsoir,

▶ Télécharge hijackthis

▶ Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

▶ Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.

Comment copier/coller le rapport :

▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

▶ ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
0
1. pupuce298 Messages postés 166 Statut Membre
  
  je voulais te dire que je suis sous vista et que le programme ne s'installe pas correctement . il n'y aurait pas une autre solution
  
  0
Réponse 2 / 45
pupuce298 Messages postés 166 Statut Membre

Bonjour, je n'y arrive pas soit j'ai mal telecharger hijackthis poutant l'icone est sur mon bureau soit j'ai pas suivie les instructions à la lette je vais essayer de recommencer merci de m'avoir repondu
0
Réponse 3 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Bonjour,

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

fais un clic droit sur hijackthis et sélectionne "exécuter en tant qu'administrateur"
0
Réponse 4 / 45
pupuce298 Messages postés 166 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:50, on 09/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\thalie\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\vVX1000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\thalie\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\thalie\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
0
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Réponse 5 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Commence par faire ceci stp :

▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

▶ Lance l'installation du programme en exécutant le fichier téléchargé.

▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.

▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

▶ Poste le rapport généré. (C:\TB.txt)
0
1. pupuce298 Messages postés 166 Statut Membre
  
  j'ai validé recherche, il ne se passe rien c'est normal?
  
  0
2. pupuce298 Messages postés 166 Statut Membre
  
  j'ai validé (1) et là ça commence
  
  0
3. pupuce298 Messages postés 166 Statut Membre
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:58:50, on 09/02/2009
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal
  
  Running processes:
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Windows\system32\taskeng.exe
  C:\Users\thalie\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Windows\System32\SysMonitor.exe
  C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Windows\vVX1000.exe
  C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
  C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
  C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Windows\system32\WerCon.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
  O1 - Hosts: ::1 localhost
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
  O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
  O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
  O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
  O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
  O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
  O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
  O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
  O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
  O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
  O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
  O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\thalie\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [?????????] ??????????????e
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
  O4 - Global Startup: Empowering Technology Launcher.lnk = ?
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\thalie\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
  O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
  O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
  O13 - Gopher Prefix:
  O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
  O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
  O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
  O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
  
  0
Réponse 6 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Re,

as-tu fais toolbarSD ??
0
1. pupuce298 Messages postés 166 Statut Membre
  
  oui j'ai mis le rapport hier à 16h26
  
  0
2. pupuce298 Messages postés 166 Statut Membre
  
  au cas ou je le reposte
  -----------\\ ToolBar S&D 1.2.8 XP/Vista
  
  Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
  X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
  BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
  USER : thalie ( Administrator )
  BOOT : Normal boot
  Antivirus : Norton Internet Security 2007 (Activated)
  Firewall : Norton Internet Security 2007 (Activated)
  C:\ (Local Disk) - NTFS - Total:113 Go (Free:75 Go)
  D:\ (Local Disk) - NTFS - Total:112 Go (Free:106 Go)
  E:\ (CD or DVD)
  F:\ (CD or DVD)
  G:\ (USB)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (Local Disk) - NTFS - Total:298 Go (Free:129 Go)
  
  "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
  Option : [1] ( 09/02/2009|16:23 )
  
  [ UAC => 0 ]
  
  -----------\\ Recherche de Fichiers / Dossiers ...
  
  C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
  C:\Program Files\Dealio
  C:\Program Files\Dealio\DealioAU.exe
  C:\Program Files\Dealio\kb127
  C:\Program Files\Dealio\SearchSettingsKit.exe
  C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
  C:\Program Files\Dealio\kb127\Dealio.dll
  C:\Program Files\Dealio\kb127\DealioRes409.dll
  C:\Program Files\Dealio\kb127\res
  C:\Program Files\Dealio\kb127\resDN
  C:\Program Files\Dealio\kb127\rules
  C:\Program Files\Dealio\kb127\temp
  C:\Program Files\Dealio\kb127\res\alerts.gif
  C:\Program Files\Dealio\kb127\res\alerts_over.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
  C:\Program Files\Dealio\kb127\res\chevron-small.gif
  C:\Program Files\Dealio\kb127\res\DealioSearch.html
  C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
  C:\Program Files\Dealio\kb127\res\deal_report.jpg
  C:\Program Files\Dealio\kb127\res\ebay_login.jpg
  C:\Program Files\Dealio\kb127\res\err_mainwindow.html
  C:\Program Files\Dealio\kb127\res\err_toolbar.html
  C:\Program Files\Dealio\kb127\res\global_scripts.js
  C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
  C:\Program Files\Dealio\kb127\res\highlight-bg.png
  C:\Program Files\Dealio\kb127\res\logo.gif
  C:\Program Files\Dealio\kb127\res\logo_over.gif
  C:\Program Files\Dealio\kb127\res\man_toolbar.css
  C:\Program Files\Dealio\kb127\res\man_toolbar.html
  C:\Program Files\Dealio\kb127\res\man_toolbar.js
  C:\Program Files\Dealio\kb127\res\man_toolbarl.js
  C:\Program Files\Dealio\kb127\res\post-this-deal.gif
  C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
  C:\Program Files\Dealio\kb127\res\scripts.js
  C:\Program Files\Dealio\kb127\res\scroller.js
  C:\Program Files\Dealio\kb127\res\search-chevron.gif
  C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
  C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
  C:\Program Files\Dealio\kb127\res\separator.gif
  C:\Program Files\Dealio\kb127\res\settings.gif
  C:\Program Files\Dealio\kb127\res\settings_over.gif
  C:\Program Files\Dealio\kb127\res\yahoo-search.png
  C:\Program Files\Dealio\kb127\resDN\bottom.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
  C:\Program Files\Dealio\kb127\resDN\close.gif
  C:\Program Files\Dealio\kb127\resDN\deskbar.css
  C:\Program Files\Dealio\kb127\resDN\deskbar.js
  C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
  C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
  C:\Program Files\Dealio\kb127\resDN\logo.gif
  C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\losing.gif
  C:\Program Files\Dealio\kb127\resDN\lost.gif
  C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
  C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
  C:\Program Files\Dealio\kb127\resDN\menu_check.gif
  C:\Program Files\Dealio\kb127\resDN\no_image.gif
  C:\Program Files\Dealio\kb127\resDN\prod_img.gif
  C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
  C:\Program Files\Dealio\kb127\resDN\spacer.gif
  C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\top.gif
  C:\Program Files\Dealio\kb127\resDN\unknown.gif
  C:\Program Files\Dealio\kb127\resDN\winning.gif
  C:\Program Files\Dealio\kb127\resDN\won.gif
  C:\Program Files\Dealio\kb127\rules\index.76.35
  C:\Program Files\Dealio\kb127\rules\rules.1.10.76
  C:\Program Files\Dealio\kb127\rules\rules.1.109.43
  C:\Program Files\Dealio\kb127\rules\rules.1.110.43
  C:\Program Files\Dealio\kb127\rules\rules.1.12.52
  C:\Program Files\Dealio\kb127\rules\rules.1.13.58
  C:\Program Files\Dealio\kb127\rules\rules.1.130.58
  C:\Program Files\Dealio\kb127\rules\rules.1.135.50
  C:\Program Files\Dealio\kb127\rules\rules.1.153.44
  C:\Program Files\Dealio\kb127\rules\rules.1.155.43
  C:\Program Files\Dealio\kb127\rules\rules.1.156.49
  C:\Program Files\Dealio\kb127\rules\rules.1.16.60
  C:\Program Files\Dealio\kb127\rules\rules.1.161.52
  C:\Program Files\Dealio\kb127\rules\rules.1.178.66
  C:\Program Files\Dealio\kb127\rules\rules.1.184.55
  C:\Program Files\Dealio\kb127\rules\rules.1.188.52
  C:\Program Files\Dealio\kb127\rules\rules.1.189.45
  C:\Program Files\Dealio\kb127\rules\rules.1.196.43
  C:\Program Files\Dealio\kb127\rules\rules.1.198.56
  C:\Program Files\Dealio\kb127\rules\rules.1.199.43
  C:\Program Files\Dealio\kb127\rules\rules.1.200.53
  C:\Program Files\Dealio\kb127\rules\rules.1.201.43
  C:\Program Files\Dealio\kb127\rules\rules.1.202.43
  C:\Program Files\Dealio\kb127\rules\rules.1.203.71
  C:\Program Files\Dealio\kb127\rules\rules.1.205.62
  C:\Program Files\Dealio\kb127\rules\rules.1.213.71
  C:\Program Files\Dealio\kb127\rules\rules.1.214.49
  C:\Program Files\Dealio\kb127\rules\rules.1.215.43
  C:\Program Files\Dealio\kb127\rules\rules.1.216.67
  C:\Program Files\Dealio\kb127\rules\rules.1.217.67
  C:\Program Files\Dealio\kb127\rules\rules.1.218.52
  C:\Program Files\Dealio\kb127\rules\rules.1.219.43
  C:\Program Files\Dealio\kb127\rules\rules.1.220.43
  C:\Program Files\Dealio\kb127\rules\rules.1.221.57
  C:\Program Files\Dealio\kb127\rules\rules.1.222.43
  C:\Program Files\Dealio\kb127\rules\rules.1.223.68
  C:\Program Files\Dealio\kb127\rules\rules.1.226.68
  C:\Program Files\Dealio\kb127\rules\rules.1.227.43
  C:\Program Files\Dealio\kb127\rules\rules.1.228.62
  C:\Program Files\Dealio\kb127\rules\rules.1.229.76
  C:\Program Files\Dealio\kb127\rules\rules.1.23.63
  C:\Program Files\Dealio\kb127\rules\rules.1.239.43
  C:\Program Files\Dealio\kb127\rules\rules.1.24.43
  C:\Program Files\Dealio\kb127\rules\rules.1.240.43
  C:\Program Files\Dealio\kb127\rules\rules.1.241.43
  C:\Program Files\Dealio\kb127\rules\rules.1.242.43
  C:\Program Files\Dealio\kb127\rules\rules.1.243.43
  C:\Program Files\Dealio\kb127\rules\rules.1.244.63
  C:\Program Files\Dealio\kb127\rules\rules.1.245.43
  C:\Program Files\Dealio\kb127\rules\rules.1.247.43
  C:\Program Files\Dealio\kb127\rules\rules.1.248.43
  C:\Program Files\Dealio\kb127\rules\rules.1.249.43
  C:\Program Files\Dealio\kb127\rules\rules.1.250.43
  C:\Program Files\Dealio\kb127\rules\rules.1.251.43
  C:\Program Files\Dealio\kb127\rules\rules.1.252.43
  C:\Program Files\Dealio\kb127\rules\rules.1.253.43
  C:\Program Files\Dealio\kb127\rules\rules.1.254.43
  C:\Program Files\Dealio\kb127\rules\rules.1.255.43
  C:\Program Files\Dealio\kb127\rules\rules.1.256.43
  C:\Program Files\Dealio\kb127\rules\rules.1.257.43
  C:\Program Files\Dealio\kb127\rules\rules.1.279.43
  C:\Program Files\Dealio\kb127\rules\rules.1.28.58
  C:\Program Files\Dealio\kb127\rules\rules.1.282.75
  C:\Program Files\Dealio\kb127\rules\rules.1.283.43
  C:\Program Files\Dealio\kb127\rules\rules.1.284.43
  C:\Program Files\Dealio\kb127\rules\rules.1.289.67
  C:\Program Files\Dealio\kb127\rules\rules.1.290.62
  C:\Program Files\Dealio\kb127\rules\rules.1.291.61
  C:\Program Files\Dealio\kb127\rules\rules.1.296.43
  C:\Program Files\Dealio\kb127\rules\rules.1.297.43
  C:\Program Files\Dealio\kb127\rules\rules.1.304.43
  C:\Program Files\Dealio\kb127\rules\rules.1.307.43
  C:\Program Files\Dealio\kb127\rules\rules.1.308.75
  C:\Program Files\Dealio\kb127\rules\rules.1.31.47
  C:\Program Files\Dealio\kb127\rules\rules.1.310.46
  C:\Program Files\Dealio\kb127\rules\rules.1.311.43
  C:\Program Files\Dealio\kb127\rules\rules.1.315.43
  C:\Program Files\Dealio\kb127\rules\rules.1.316.43
  C:\Program Files\Dealio\kb127\rules\rules.1.317.43
  C:\Program Files\Dealio\kb127\rules\rules.1.318.43
  C:\Program Files\Dealio\kb127\rules\rules.1.319.49
  C:\Program Files\Dealio\kb127\rules\rules.1.32.48
  C:\Program Files\Dealio\kb127\rules\rules.1.334.44
  C:\Program Files\Dealio\kb127\rules\rules.1.335.60
  C:\Program Files\Dealio\kb127\rules\rules.1.336.44
  C:\Program Files\Dealio\kb127\rules\rules.1.337.44
  C:\Program Files\Dealio\kb127\rules\rules.1.338.75
  C:\Program Files\Dealio\kb127\rules\rules.1.339.47
  C:\Program Files\Dealio\kb127\rules\rules.1.34.43
  C:\Program Files\Dealio\kb127\rules\rules.1.340.47
  C:\Program Files\Dealio\kb127\rules\rules.1.341.47
  C:\Program Files\Dealio\kb127\rules\rules.1.349.50
  C:\Program Files\Dealio\kb127\rules\rules.1.35.48
  C:\Program Files\Dealio\kb127\rules\rules.1.350.50
  C:\Program Files\Dealio\kb127\rules\rules.1.351.51
  C:\Program Files\Dealio\kb127\rules\rules.1.352.54
  C:\Program Files\Dealio\kb127\rules\rules.1.353.51
  C:\Program Files\Dealio\kb127\rules\rules.1.354.51
  C:\Program Files\Dealio\kb127\rules\rules.1.357.62
  C:\Program Files\Dealio\kb127\rules\rules.1.358.52
  C:\Program Files\Dealio\kb127\rules\rules.1.359.52
  C:\Program Files\Dealio\kb127\rules\rules.1.360.53
  C:\Program Files\Dealio\kb127\rules\rules.1.361.54
  C:\Program Files\Dealio\kb127\rules\rules.1.362.68
  C:\Program Files\Dealio\kb127\rules\rules.1.363.58
  C:\Program Files\Dealio\kb127\rules\rules.1.364.54
  C:\Program Files\Dealio\kb127\rules\rules.1.365.53
  C:\Program Files\Dealio\kb127\rules\rules.1.367.56
  C:\Program Files\Dealio\kb127\rules\rules.1.368.58
  C:\Program Files\Dealio\kb127\rules\rules.1.369.55
  C:\Program Files\Dealio\kb127\rules\rules.1.370.56
  C:\Program Files\Dealio\kb127\rules\rules.1.371.56
  C:\Program Files\Dealio\kb127\rules\rules.1.372.57
  C:\Program Files\Dealio\kb127\rules\rules.1.373.55
  C:\Program Files\Dealio\kb127\rules\rules.1.375.56
  C:\Program Files\Dealio\kb127\rules\rules.1.376.57
  C:\Program Files\Dealio\kb127\rules\rules.1.377.55
  C:\Program Files\Dealio\kb127\rules\rules.1.378.65
  C:\Program Files\Dealio\kb127\rules\rules.1.384.58
  C:\Program Files\Dealio\kb127\rules\rules.1.386.71
  C:\Program Files\Dealio\kb127\rules\rules.1.387.59
  C:\Program Files\Dealio\kb127\rules\rules.1.388.59
  C:\Program Files\Dealio\kb127\rules\rules.1.389.59
  C:\Program Files\Dealio\kb127\rules\rules.1.390.60
  C:\Program Files\Dealio\kb127\rules\rules.1.391.60
  C:\Program Files\Dealio\kb127\rules\rules.1.392.60
  C:\Program Files\Dealio\kb127\rules\rules.1.393.60
  C:\Program Files\Dealio\kb127\rules\rules.1.394.60
  C:\Program Files\Dealio\kb127\rules\rules.1.396.61
  C:\Program Files\Dealio\kb127\rules\rules.1.397.61
  C:\Program Files\Dealio\kb127\rules\rules.1.398.60
  C:\Program Files\Dealio\kb127\rules\rules.1.399.60
  C:\Program Files\Dealio\kb127\rules\rules.1.403.61
  C:\Program Files\Dealio\kb127\rules\rules.1.404.63
  C:\Program Files\Dealio\kb127\rules\rules.1.405.61
  C:\Program Files\Dealio\kb127\rules\rules.1.406.61
  C:\Program Files\Dealio\kb127\rules\rules.1.407.76
  C:\Program Files\Dealio\kb127\rules\rules.1.408.63
  C:\Program Files\Dealio\kb127\rules\rules.1.409.61
  C:\Program Files\Dealio\kb127\rules\rules.1.412.62
  C:\Program Files\Dealio\kb127\rules\rules.1.413.62
  C:\Program Files\Dealio\kb127\rules\rules.1.414.62
  C:\Program Files\Dealio\kb127\rules\rules.1.415.62
  C:\Program Files\Dealio\kb127\rules\rules.1.416.62
  C:\Program Files\Dealio\kb127\rules\rules.1.417.62
  C:\Program Files\Dealio\kb127\rules\rules.1.418.62
  C:\Program Files\Dealio\kb127\rules\rules.1.419.62
  C:\Program Files\Dealio\kb127\rules\rules.1.420.62
  C:\Program Files\Dealio\kb127\rules\rules.1.421.62
  C:\Program Files\Dealio\kb127\rules\rules.1.423.63
  C:\Program Files\Dealio\kb127\rules\rules.1.424.63
  C:\Program Files\Dealio\kb127\rules\rules.1.425.63
  C:\Program Files\Dealio\kb127\rules\rules.1.426.63
  C:\Program Files\Dealio\kb127\rules\rules.1.427.63
  C:\Program Files\Dealio\kb127\rules\rules.1.428.65
  C:\Program Files\Dealio\kb127\rules\rules.1.429.63
  C:\Program Files\Dealio\kb127\rules\rules.1.430.63
  C:\Program Files\Dealio\kb127\rules\rules.1.432.65
  C:\Program Files\Dealio\kb127\rules\rules.1.433.64
  C:\Program Files\Dealio\kb127\rules\rules.1.434.65
  C:\Program Files\Dealio\kb127\rules\rules.1.435.64
  C:\Program Files\Dealio\kb127\rules\rules.1.436.76
  C:\Program Files\Dealio\kb127\rules\rules.1.437.64
  C:\Program Files\Dealio\kb127\rules\rules.1.438.71
  C:\Program Files\Dealio\kb127\rules\rules.1.439.71
  C:\Program Files\Dealio\kb127\rules\rules.1.440.75
  C:\Program Files\Dealio\kb127\rules\rules.1.442.73
  C:\Program Files\Dealio\kb127\rules\rules.1.443.73
  C:\Program Files\Dealio\kb127\rules\rules.1.444.73
  C:\Program Files\Dealio\kb127\rules\rules.1.445.68
  C:\Program Files\Dealio\kb127\rules\rules.1.446.69
  C:\Program Files\Dealio\kb127\rules\rules.1.450.67
  C:\Program Files\Dealio\kb127\rules\rules.1.451.67
  C:\Program Files\Dealio\kb127\rules\rules.1.452.68
  C:\Program Files\Dealio\kb127\rules\rules.1.453.68
  C:\Program Files\Dealio\kb127\rules\rules.1.454.69
  C:\Program Files\Dealio\kb127\rules\rules.1.456.69
  C:\Program Files\Dealio\kb127\rules\rules.1.457.75
  C:\Program Files\Dealio\kb127\rules\rules.1.458.70
  C:\Program Files\Dealio\kb127\rules\rules.1.459.70
  C:\Program Files\Dealio\kb127\rules\rules.1.460.69
  C:\Program Files\Dealio\kb127\rules\rules.1.462.74
  C:\Program Files\Dealio\kb127\rules\rules.1.463.69
  C:\Program Files\Dealio\kb127\rules\rules.1.464.70
  C:\Program Files\Dealio\kb127\rules\rules.1.465.68
  C:\Program Files\Dealio\kb127\rules\rules.1.468.70
  C:\Program Files\Dealio\kb127\rules\rules.1.469.70
  C:\Program Files\Dealio\kb127\rules\rules.1.470.70
  C:\Program Files\Dealio\kb127\rules\rules.1.471.73
  C:\Program Files\Dealio\kb127\rules\rules.1.472.70
  C:\Program Files\Dealio\kb127\rules\rules.1.478.74
  C:\Program Files\Dealio\kb127\rules\rules.1.479.73
  C:\Program Files\Dealio\kb127\rules\rules.1.480.68
  C:\Program Files\Dealio\kb127\rules\rules.1.481.71
  C:\Program Files\Dealio\kb127\rules\rules.1.482.74
  C:\Program Files\Dealio\kb127\rules\rules.1.49.67
  C:\Program Files\Dealio\kb127\rules\rules.1.50.43
  C:\Program Files\Dealio\kb127\rules\rules.1.500.71
  C:\Program Files\Dealio\kb127\rules\rules.1.501.74
  C:\Program Files\Dealio\kb127\rules\rules.1.502.71
  C:\Program Files\Dealio\kb127\rules\rules.1.51.69
  C:\Program Files\Dealio\kb127\rules\rules.1.52.72
  C:\Program Files\Dealio\kb127\rules\rules.1.520.76
  C:\Program Files\Dealio\kb127\rules\rules.1.521.76
  C:\Program Files\Dealio\kb127\rules\rules.1.522.76
  C:\Program Files\Dealio\kb127\rules\rules.1.53.51
  C:\Program Files\Dealio\kb127\rules\rules.1.531.76
  C:\Program Files\Dealio\kb127\rules\rules.1.532.75
  C:\Program Files\Dealio\kb127\rules\rules.1.534.75
  C:\Program Files\Dealio\kb127\rules\rules.1.54.47
  C:\Program Files\Dealio\kb127\rules\rules.1.55.45
  C:\Program Files\Dealio\kb127\rules\rules.1.56.69
  C:\Program Files\Dealio\kb127\rules\rules.1.57.43
  C:\Program Files\Dealio\kb127\rules\rules.1.58.47
  C:\Program Files\Dealio\kb127\rules\rules.1.593.76
  C:\Program Files\Dealio\kb127\rules\rules.1.595.76
  C:\Program Files\Dealio\kb127\rules\rules.1.63.57
  C:\Program Files\Dealio\kb127\rules\rules.1.66.47
  C:\Program Files\Dealio\kb127\rules\rules.1.70.75
  C:\Program Files\Dealio\kb127\rules\rules.1.71.43
  
  -----------\\ [..\Internet Explorer\Main]
  
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://www.msn.com/fr-fr"
  "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Local Page"="C:\\Windows\\system32\\blank.htm"
  "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
  "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Url"="https://www.msn.com/fr-fr/actualite/"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://fr.yahoo.com/"
  "Default_Page_URL"="https://fr.yahoo.com/"
  "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  
  --------------------\\ Recherche d'autres infections
  
  Aucune autre infection trouvée !
  
  [ UAC => 1 ]
  
  1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:23 - Option : [1]
  
  -----------\\ Fin du rapport a 16:23:47,56
  
  0
Réponse 7 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Bonjour,

maintenant fais ceci stp :

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci.

▶ Tape sur "2" puis valide en appuyant sur "Entrée".

/!\ Ne ferme pas la fenêtre lors de la suppression /!\

▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Ce qu'il faut savoir sur les toolbars (barres d'outils)
0
1. pupuce298 Messages postés 166 Statut Membre
  
  -----------\\ ToolBar S&D 1.2.8 XP/Vista
  
  Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
  X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
  BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
  USER : thalie ( Administrator )
  BOOT : Normal boot
  Antivirus : Norton Internet Security 2007 (Activated)
  Firewall : Norton Internet Security 2007 (Activated)
  C:\ (Local Disk) - NTFS - Total:113 Go (Free:75 Go)
  D:\ (Local Disk) - NTFS - Total:112 Go (Free:106 Go)
  E:\ (CD or DVD)
  F:\ (CD or DVD)
  G:\ (USB)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (Local Disk) - NTFS - Total:298 Go (Free:129 Go)
  
  "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
  Option : [1] ( 09/02/2009|16:23 )
  
  [ UAC => 0 ]
  
  -----------\\ Recherche de Fichiers / Dossiers ...
  
  C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
  C:\Program Files\Dealio
  C:\Program Files\Dealio\DealioAU.exe
  C:\Program Files\Dealio\kb127
  C:\Program Files\Dealio\SearchSettingsKit.exe
  C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
  C:\Program Files\Dealio\kb127\Dealio.dll
  C:\Program Files\Dealio\kb127\DealioRes409.dll
  C:\Program Files\Dealio\kb127\res
  C:\Program Files\Dealio\kb127\resDN
  C:\Program Files\Dealio\kb127\rules
  C:\Program Files\Dealio\kb127\temp
  C:\Program Files\Dealio\kb127\res\alerts.gif
  C:\Program Files\Dealio\kb127\res\alerts_over.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
  C:\Program Files\Dealio\kb127\res\chevron-small.gif
  C:\Program Files\Dealio\kb127\res\DealioSearch.html
  C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
  C:\Program Files\Dealio\kb127\res\deal_report.jpg
  C:\Program Files\Dealio\kb127\res\ebay_login.jpg
  C:\Program Files\Dealio\kb127\res\err_mainwindow.html
  C:\Program Files\Dealio\kb127\res\err_toolbar.html
  C:\Program Files\Dealio\kb127\res\global_scripts.js
  C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
  C:\Program Files\Dealio\kb127\res\highlight-bg.png
  C:\Program Files\Dealio\kb127\res\logo.gif
  C:\Program Files\Dealio\kb127\res\logo_over.gif
  C:\Program Files\Dealio\kb127\res\man_toolbar.css
  C:\Program Files\Dealio\kb127\res\man_toolbar.html
  C:\Program Files\Dealio\kb127\res\man_toolbar.js
  C:\Program Files\Dealio\kb127\res\man_toolbarl.js
  C:\Program Files\Dealio\kb127\res\post-this-deal.gif
  C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
  C:\Program Files\Dealio\kb127\res\scripts.js
  C:\Program Files\Dealio\kb127\res\scroller.js
  C:\Program Files\Dealio\kb127\res\search-chevron.gif
  C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
  C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
  C:\Program Files\Dealio\kb127\res\separator.gif
  C:\Program Files\Dealio\kb127\res\settings.gif
  C:\Program Files\Dealio\kb127\res\settings_over.gif
  C:\Program Files\Dealio\kb127\res\yahoo-search.png
  C:\Program Files\Dealio\kb127\resDN\bottom.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
  C:\Program Files\Dealio\kb127\resDN\close.gif
  C:\Program Files\Dealio\kb127\resDN\deskbar.css
  C:\Program Files\Dealio\kb127\resDN\deskbar.js
  C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
  C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
  C:\Program Files\Dealio\kb127\resDN\logo.gif
  C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\losing.gif
  C:\Program Files\Dealio\kb127\resDN\lost.gif
  C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
  C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
  C:\Program Files\Dealio\kb127\resDN\menu_check.gif
  C:\Program Files\Dealio\kb127\resDN\no_image.gif
  C:\Program Files\Dealio\kb127\resDN\prod_img.gif
  C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
  C:\Program Files\Dealio\kb127\resDN\spacer.gif
  C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\top.gif
  C:\Program Files\Dealio\kb127\resDN\unknown.gif
  C:\Program Files\Dealio\kb127\resDN\winning.gif
  C:\Program Files\Dealio\kb127\resDN\won.gif
  C:\Program Files\Dealio\kb127\rules\index.76.35
  C:\Program Files\Dealio\kb127\rules\rules.1.10.76
  C:\Program Files\Dealio\kb127\rules\rules.1.109.43
  C:\Program Files\Dealio\kb127\rules\rules.1.110.43
  C:\Program Files\Dealio\kb127\rules\rules.1.12.52
  C:\Program Files\Dealio\kb127\rules\rules.1.13.58
  C:\Program Files\Dealio\kb127\rules\rules.1.130.58
  C:\Program Files\Dealio\kb127\rules\rules.1.135.50
  C:\Program Files\Dealio\kb127\rules\rules.1.153.44
  C:\Program Files\Dealio\kb127\rules\rules.1.155.43
  C:\Program Files\Dealio\kb127\rules\rules.1.156.49
  C:\Program Files\Dealio\kb127\rules\rules.1.16.60
  C:\Program Files\Dealio\kb127\rules\rules.1.161.52
  C:\Program Files\Dealio\kb127\rules\rules.1.178.66
  C:\Program Files\Dealio\kb127\rules\rules.1.184.55
  C:\Program Files\Dealio\kb127\rules\rules.1.188.52
  C:\Program Files\Dealio\kb127\rules\rules.1.189.45
  C:\Program Files\Dealio\kb127\rules\rules.1.196.43
  C:\Program Files\Dealio\kb127\rules\rules.1.198.56
  C:\Program Files\Dealio\kb127\rules\rules.1.199.43
  C:\Program Files\Dealio\kb127\rules\rules.1.200.53
  C:\Program Files\Dealio\kb127\rules\rules.1.201.43
  C:\Program Files\Dealio\kb127\rules\rules.1.202.43
  C:\Program Files\Dealio\kb127\rules\rules.1.203.71
  C:\Program Files\Dealio\kb127\rules\rules.1.205.62
  C:\Program Files\Dealio\kb127\rules\rules.1.213.71
  C:\Program Files\Dealio\kb127\rules\rules.1.214.49
  C:\Program Files\Dealio\kb127\rules\rules.1.215.43
  C:\Program Files\Dealio\kb127\rules\rules.1.216.67
  C:\Program Files\Dealio\kb127\rules\rules.1.217.67
  C:\Program Files\Dealio\kb127\rules\rules.1.218.52
  C:\Program Files\Dealio\kb127\rules\rules.1.219.43
  C:\Program Files\Dealio\kb127\rules\rules.1.220.43
  C:\Program Files\Dealio\kb127\rules\rules.1.221.57
  C:\Program Files\Dealio\kb127\rules\rules.1.222.43
  C:\Program Files\Dealio\kb127\rules\rules.1.223.68
  C:\Program Files\Dealio\kb127\rules\rules.1.226.68
  C:\Program Files\Dealio\kb127\rules\rules.1.227.43
  C:\Program Files\Dealio\kb127\rules\rules.1.228.62
  C:\Program Files\Dealio\kb127\rules\rules.1.229.76
  C:\Program Files\Dealio\kb127\rules\rules.1.23.63
  C:\Program Files\Dealio\kb127\rules\rules.1.239.43
  C:\Program Files\Dealio\kb127\rules\rules.1.24.43
  C:\Program Files\Dealio\kb127\rules\rules.1.240.43
  C:\Program Files\Dealio\kb127\rules\rules.1.241.43
  C:\Program Files\Dealio\kb127\rules\rules.1.242.43
  C:\Program Files\Dealio\kb127\rules\rules.1.243.43
  C:\Program Files\Dealio\kb127\rules\rules.1.244.63
  C:\Program Files\Dealio\kb127\rules\rules.1.245.43
  C:\Program Files\Dealio\kb127\rules\rules.1.247.43
  C:\Program Files\Dealio\kb127\rules\rules.1.248.43
  C:\Program Files\Dealio\kb127\rules\rules.1.249.43
  C:\Program Files\Dealio\kb127\rules\rules.1.250.43
  C:\Program Files\Dealio\kb127\rules\rules.1.251.43
  C:\Program Files\Dealio\kb127\rules\rules.1.252.43
  C:\Program Files\Dealio\kb127\rules\rules.1.253.43
  C:\Program Files\Dealio\kb127\rules\rules.1.254.43
  C:\Program Files\Dealio\kb127\rules\rules.1.255.43
  C:\Program Files\Dealio\kb127\rules\rules.1.256.43
  C:\Program Files\Dealio\kb127\rules\rules.1.257.43
  C:\Program Files\Dealio\kb127\rules\rules.1.279.43
  C:\Program Files\Dealio\kb127\rules\rules.1.28.58
  C:\Program Files\Dealio\kb127\rules\rules.1.282.75
  C:\Program Files\Dealio\kb127\rules\rules.1.283.43
  C:\Program Files\Dealio\kb127\rules\rules.1.284.43
  C:\Program Files\Dealio\kb127\rules\rules.1.289.67
  C:\Program Files\Dealio\kb127\rules\rules.1.290.62
  C:\Program Files\Dealio\kb127\rules\rules.1.291.61
  C:\Program Files\Dealio\kb127\rules\rules.1.296.43
  C:\Program Files\Dealio\kb127\rules\rules.1.297.43
  C:\Program Files\Dealio\kb127\rules\rules.1.304.43
  C:\Program Files\Dealio\kb127\rules\rules.1.307.43
  C:\Program Files\Dealio\kb127\rules\rules.1.308.75
  C:\Program Files\Dealio\kb127\rules\rules.1.31.47
  C:\Program Files\Dealio\kb127\rules\rules.1.310.46
  C:\Program Files\Dealio\kb127\rules\rules.1.311.43
  C:\Program Files\Dealio\kb127\rules\rules.1.315.43
  C:\Program Files\Dealio\kb127\rules\rules.1.316.43
  C:\Program Files\Dealio\kb127\rules\rules.1.317.43
  C:\Program Files\Dealio\kb127\rules\rules.1.318.43
  C:\Program Files\Dealio\kb127\rules\rules.1.319.49
  C:\Program Files\Dealio\kb127\rules\rules.1.32.48
  C:\Program Files\Dealio\kb127\rules\rules.1.334.44
  C:\Program Files\Dealio\kb127\rules\rules.1.335.60
  C:\Program Files\Dealio\kb127\rules\rules.1.336.44
  C:\Program Files\Dealio\kb127\rules\rules.1.337.44
  C:\Program Files\Dealio\kb127\rules\rules.1.338.75
  C:\Program Files\Dealio\kb127\rules\rules.1.339.47
  C:\Program Files\Dealio\kb127\rules\rules.1.34.43
  C:\Program Files\Dealio\kb127\rules\rules.1.340.47
  C:\Program Files\Dealio\kb127\rules\rules.1.341.47
  C:\Program Files\Dealio\kb127\rules\rules.1.349.50
  C:\Program Files\Dealio\kb127\rules\rules.1.35.48
  C:\Program Files\Dealio\kb127\rules\rules.1.350.50
  C:\Program Files\Dealio\kb127\rules\rules.1.351.51
  C:\Program Files\Dealio\kb127\rules\rules.1.352.54
  C:\Program Files\Dealio\kb127\rules\rules.1.353.51
  C:\Program Files\Dealio\kb127\rules\rules.1.354.51
  C:\Program Files\Dealio\kb127\rules\rules.1.357.62
  C:\Program Files\Dealio\kb127\rules\rules.1.358.52
  C:\Program Files\Dealio\kb127\rules\rules.1.359.52
  C:\Program Files\Dealio\kb127\rules\rules.1.360.53
  C:\Program Files\Dealio\kb127\rules\rules.1.361.54
  C:\Program Files\Dealio\kb127\rules\rules.1.362.68
  C:\Program Files\Dealio\kb127\rules\rules.1.363.58
  C:\Program Files\Dealio\kb127\rules\rules.1.364.54
  C:\Program Files\Dealio\kb127\rules\rules.1.365.53
  C:\Program Files\Dealio\kb127\rules\rules.1.367.56
  C:\Program Files\Dealio\kb127\rules\rules.1.368.58
  C:\Program Files\Dealio\kb127\rules\rules.1.369.55
  C:\Program Files\Dealio\kb127\rules\rules.1.370.56
  C:\Program Files\Dealio\kb127\rules\rules.1.371.56
  C:\Program Files\Dealio\kb127\rules\rules.1.372.57
  C:\Program Files\Dealio\kb127\rules\rules.1.373.55
  C:\Program Files\Dealio\kb127\rules\rules.1.375.56
  C:\Program Files\Dealio\kb127\rules\rules.1.376.57
  C:\Program Files\Dealio\kb127\rules\rules.1.377.55
  C:\Program Files\Dealio\kb127\rules\rules.1.378.65
  C:\Program Files\Dealio\kb127\rules\rules.1.384.58
  C:\Program Files\Dealio\kb127\rules\rules.1.386.71
  C:\Program Files\Dealio\kb127\rules\rules.1.387.59
  C:\Program Files\Dealio\kb127\rules\rules.1.388.59
  C:\Program Files\Dealio\kb127\rules\rules.1.389.59
  C:\Program Files\Dealio\kb127\rules\rules.1.390.60
  C:\Program Files\Dealio\kb127\rules\rules.1.391.60
  C:\Program Files\Dealio\kb127\rules\rules.1.392.60
  C:\Program Files\Dealio\kb127\rules\rules.1.393.60
  C:\Program Files\Dealio\kb127\rules\rules.1.394.60
  C:\Program Files\Dealio\kb127\rules\rules.1.396.61
  C:\Program Files\Dealio\kb127\rules\rules.1.397.61
  C:\Program Files\Dealio\kb127\rules\rules.1.398.60
  C:\Program Files\Dealio\kb127\rules\rules.1.399.60
  C:\Program Files\Dealio\kb127\rules\rules.1.403.61
  C:\Program Files\Dealio\kb127\rules\rules.1.404.63
  C:\Program Files\Dealio\kb127\rules\rules.1.405.61
  C:\Program Files\Dealio\kb127\rules\rules.1.406.61
  C:\Program Files\Dealio\kb127\rules\rules.1.407.76
  C:\Program Files\Dealio\kb127\rules\rules.1.408.63
  C:\Program Files\Dealio\kb127\rules\rules.1.409.61
  C:\Program Files\Dealio\kb127\rules\rules.1.412.62
  C:\Program Files\Dealio\kb127\rules\rules.1.413.62
  C:\Program Files\Dealio\kb127\rules\rules.1.414.62
  C:\Program Files\Dealio\kb127\rules\rules.1.415.62
  C:\Program Files\Dealio\kb127\rules\rules.1.416.62
  C:\Program Files\Dealio\kb127\rules\rules.1.417.62
  C:\Program Files\Dealio\kb127\rules\rules.1.418.62
  C:\Program Files\Dealio\kb127\rules\rules.1.419.62
  C:\Program Files\Dealio\kb127\rules\rules.1.420.62
  C:\Program Files\Dealio\kb127\rules\rules.1.421.62
  C:\Program Files\Dealio\kb127\rules\rules.1.423.63
  C:\Program Files\Dealio\kb127\rules\rules.1.424.63
  C:\Program Files\Dealio\kb127\rules\rules.1.425.63
  C:\Program Files\Dealio\kb127\rules\rules.1.426.63
  C:\Program Files\Dealio\kb127\rules\rules.1.427.63
  C:\Program Files\Dealio\kb127\rules\rules.1.428.65
  C:\Program Files\Dealio\kb127\rules\rules.1.429.63
  C:\Program Files\Dealio\kb127\rules\rules.1.430.63
  C:\Program Files\Dealio\kb127\rules\rules.1.432.65
  C:\Program Files\Dealio\kb127\rules\rules.1.433.64
  C:\Program Files\Dealio\kb127\rules\rules.1.434.65
  C:\Program Files\Dealio\kb127\rules\rules.1.435.64
  C:\Program Files\Dealio\kb127\rules\rules.1.436.76
  C:\Program Files\Dealio\kb127\rules\rules.1.437.64
  C:\Program Files\Dealio\kb127\rules\rules.1.438.71
  C:\Program Files\Dealio\kb127\rules\rules.1.439.71
  C:\Program Files\Dealio\kb127\rules\rules.1.440.75
  C:\Program Files\Dealio\kb127\rules\rules.1.442.73
  C:\Program Files\Dealio\kb127\rules\rules.1.443.73
  C:\Program Files\Dealio\kb127\rules\rules.1.444.73
  C:\Program Files\Dealio\kb127\rules\rules.1.445.68
  C:\Program Files\Dealio\kb127\rules\rules.1.446.69
  C:\Program Files\Dealio\kb127\rules\rules.1.450.67
  C:\Program Files\Dealio\kb127\rules\rules.1.451.67
  C:\Program Files\Dealio\kb127\rules\rules.1.452.68
  C:\Program Files\Dealio\kb127\rules\rules.1.453.68
  C:\Program Files\Dealio\kb127\rules\rules.1.454.69
  C:\Program Files\Dealio\kb127\rules\rules.1.456.69
  C:\Program Files\Dealio\kb127\rules\rules.1.457.75
  C:\Program Files\Dealio\kb127\rules\rules.1.458.70
  C:\Program Files\Dealio\kb127\rules\rules.1.459.70
  C:\Program Files\Dealio\kb127\rules\rules.1.460.69
  C:\Program Files\Dealio\kb127\rules\rules.1.462.74
  C:\Program Files\Dealio\kb127\rules\rules.1.463.69
  C:\Program Files\Dealio\kb127\rules\rules.1.464.70
  C:\Program Files\Dealio\kb127\rules\rules.1.465.68
  C:\Program Files\Dealio\kb127\rules\rules.1.468.70
  C:\Program Files\Dealio\kb127\rules\rules.1.469.70
  C:\Program Files\Dealio\kb127\rules\rules.1.470.70
  C:\Program Files\Dealio\kb127\rules\rules.1.471.73
  C:\Program Files\Dealio\kb127\rules\rules.1.472.70
  C:\Program Files\Dealio\kb127\rules\rules.1.478.74
  C:\Program Files\Dealio\kb127\rules\rules.1.479.73
  C:\Program Files\Dealio\kb127\rules\rules.1.480.68
  C:\Program Files\Dealio\kb127\rules\rules.1.481.71
  C:\Program Files\Dealio\kb127\rules\rules.1.482.74
  C:\Program Files\Dealio\kb127\rules\rules.1.49.67
  C:\Program Files\Dealio\kb127\rules\rules.1.50.43
  C:\Program Files\Dealio\kb127\rules\rules.1.500.71
  C:\Program Files\Dealio\kb127\rules\rules.1.501.74
  C:\Program Files\Dealio\kb127\rules\rules.1.502.71
  C:\Program Files\Dealio\kb127\rules\rules.1.51.69
  C:\Program Files\Dealio\kb127\rules\rules.1.52.72
  C:\Program Files\Dealio\kb127\rules\rules.1.520.76
  C:\Program Files\Dealio\kb127\rules\rules.1.521.76
  C:\Program Files\Dealio\kb127\rules\rules.1.522.76
  C:\Program Files\Dealio\kb127\rules\rules.1.53.51
  C:\Program Files\Dealio\kb127\rules\rules.1.531.76
  C:\Program Files\Dealio\kb127\rules\rules.1.532.75
  C:\Program Files\Dealio\kb127\rules\rules.1.534.75
  C:\Program Files\Dealio\kb127\rules\rules.1.54.47
  C:\Program Files\Dealio\kb127\rules\rules.1.55.45
  C:\Program Files\Dealio\kb127\rules\rules.1.56.69
  C:\Program Files\Dealio\kb127\rules\rules.1.57.43
  C:\Program Files\Dealio\kb127\rules\rules.1.58.47
  C:\Program Files\Dealio\kb127\rules\rules.1.593.76
  C:\Program Files\Dealio\kb127\rules\rules.1.595.76
  C:\Program Files\Dealio\kb127\rules\rules.1.63.57
  C:\Program Files\Dealio\kb127\rules\rules.1.66.47
  C:\Program Files\Dealio\kb127\rules\rules.1.70.75
  C:\Program Files\Dealio\kb127\rules\rules.1.71.43
  
  -----------\\ [..\Internet Explorer\Main]
  
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://www.msn.com/fr-fr"
  "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Local Page"="C:\\Windows\\system32\\blank.htm"
  "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
  "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Url"="https://www.msn.com/fr-fr/actualite/"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://fr.yahoo.com/"
  "Default_Page_URL"="https://fr.yahoo.com/"
  "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  
  --------------------\\ Recherche d'autres infections
  
  Aucune autre infection trouvée !
  
  [ UAC => 1 ]
  
  1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:23 - Option : [1]
  
  -----------\\ Fin du rapport a 16:23:47,56
  
  0
Réponse 8 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Tu n'as pas posté le bon rapport... Celui que tu as envoyé est celui de la recherche d'hier.
0
1. pupuce298 Messages postés 166 Statut Membre
  
  alors je fais quoi ?
  
  0
Réponse 9 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

vas voir là : C:\ToolBar SD\TB_2.txt

et poste ce rapport stp
0
1. pupuce298 Messages postés 166 Statut Membre
  
  j'ai du faire une erreur ou je vois pas clair je le trouve pas TOLBAR SD TB 2txt dans mon disque dur C
  
  0
Réponse 10 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Tu as bien un dossier ToolbarSD ?? Dedans tu dois avoir 2 fichiers texte
0
1. pupuce298 Messages postés 166 Statut Membre
  
  non j'ai que le raccourci sur le bureau
  
  0
Réponse 11 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

- Ouvre ton poste de travail et ouvre ton disque C:

- tu dois avoir un dossier Toolbar SD
0
1. pupuce298 Messages postés 166 Statut Membre
  
  je ne le voit pas
  
  0
2. pupuce298 Messages postés 166 Statut Membre
  
  c'est tout ce que je peux te donne
  -----------\\ ToolBar S&D 1.2.8 XP/Vista
  
  Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
  X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
  BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
  USER : thalie ( Administrator )
  BOOT : Normal boot
  Antivirus : Norton Internet Security 2007 (Activated)
  Firewall : Norton Internet Security 2007 (Activated)
  C:\ (Local Disk) - NTFS - Total:113 Go (Free:75 Go)
  D:\ (Local Disk) - NTFS - Total:112 Go (Free:106 Go)
  E:\ (CD or DVD)
  F:\ (CD or DVD)
  G:\ (USB)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (Local Disk) - NTFS - Total:298 Go (Free:129 Go)
  
  "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
  Option : [1] ( 09/02/2009|16:23 )
  
  [ UAC => 0 ]
  
  -----------\\ Recherche de Fichiers / Dossiers ...
  
  C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
  C:\Program Files\Dealio
  C:\Program Files\Dealio\DealioAU.exe
  C:\Program Files\Dealio\kb127
  C:\Program Files\Dealio\SearchSettingsKit.exe
  C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
  C:\Program Files\Dealio\kb127\Dealio.dll
  C:\Program Files\Dealio\kb127\DealioRes409.dll
  C:\Program Files\Dealio\kb127\res
  C:\Program Files\Dealio\kb127\resDN
  C:\Program Files\Dealio\kb127\rules
  C:\Program Files\Dealio\kb127\temp
  C:\Program Files\Dealio\kb127\res\alerts.gif
  C:\Program Files\Dealio\kb127\res\alerts_over.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
  C:\Program Files\Dealio\kb127\res\chevron-small.gif
  C:\Program Files\Dealio\kb127\res\DealioSearch.html
  C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
  C:\Program Files\Dealio\kb127\res\deal_report.jpg
  C:\Program Files\Dealio\kb127\res\ebay_login.jpg
  C:\Program Files\Dealio\kb127\res\err_mainwindow.html
  C:\Program Files\Dealio\kb127\res\err_toolbar.html
  C:\Program Files\Dealio\kb127\res\global_scripts.js
  C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
  C:\Program Files\Dealio\kb127\res\highlight-bg.png
  C:\Program Files\Dealio\kb127\res\logo.gif
  C:\Program Files\Dealio\kb127\res\logo_over.gif
  C:\Program Files\Dealio\kb127\res\man_toolbar.css
  C:\Program Files\Dealio\kb127\res\man_toolbar.html
  C:\Program Files\Dealio\kb127\res\man_toolbar.js
  C:\Program Files\Dealio\kb127\res\man_toolbarl.js
  C:\Program Files\Dealio\kb127\res\post-this-deal.gif
  C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
  C:\Program Files\Dealio\kb127\res\scripts.js
  C:\Program Files\Dealio\kb127\res\scroller.js
  C:\Program Files\Dealio\kb127\res\search-chevron.gif
  C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
  C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
  C:\Program Files\Dealio\kb127\res\separator.gif
  C:\Program Files\Dealio\kb127\res\settings.gif
  C:\Program Files\Dealio\kb127\res\settings_over.gif
  C:\Program Files\Dealio\kb127\res\yahoo-search.png
  C:\Program Files\Dealio\kb127\resDN\bottom.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
  C:\Program Files\Dealio\kb127\resDN\close.gif
  C:\Program Files\Dealio\kb127\resDN\deskbar.css
  C:\Program Files\Dealio\kb127\resDN\deskbar.js
  C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
  C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
  C:\Program Files\Dealio\kb127\resDN\logo.gif
  C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\losing.gif
  C:\Program Files\Dealio\kb127\resDN\lost.gif
  C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
  C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
  C:\Program Files\Dealio\kb127\resDN\menu_check.gif
  C:\Program Files\Dealio\kb127\resDN\no_image.gif
  C:\Program Files\Dealio\kb127\resDN\prod_img.gif
  C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
  C:\Program Files\Dealio\kb127\resDN\spacer.gif
  C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\top.gif
  C:\Program Files\Dealio\kb127\resDN\unknown.gif
  C:\Program Files\Dealio\kb127\resDN\winning.gif
  C:\Program Files\Dealio\kb127\resDN\won.gif
  C:\Program Files\Dealio\kb127\rules\index.76.35
  C:\Program Files\Dealio\kb127\rules\rules.1.10.76
  C:\Program Files\Dealio\kb127\rules\rules.1.109.43
  C:\Program Files\Dealio\kb127\rules\rules.1.110.43
  C:\Program Files\Dealio\kb127\rules\rules.1.12.52
  C:\Program Files\Dealio\kb127\rules\rules.1.13.58
  C:\Program Files\Dealio\kb127\rules\rules.1.130.58
  C:\Program Files\Dealio\kb127\rules\rules.1.135.50
  C:\Program Files\Dealio\kb127\rules\rules.1.153.44
  C:\Program Files\Dealio\kb127\rules\rules.1.155.43
  C:\Program Files\Dealio\kb127\rules\rules.1.156.49
  C:\Program Files\Dealio\kb127\rules\rules.1.16.60
  C:\Program Files\Dealio\kb127\rules\rules.1.161.52
  C:\Program Files\Dealio\kb127\rules\rules.1.178.66
  C:\Program Files\Dealio\kb127\rules\rules.1.184.55
  C:\Program Files\Dealio\kb127\rules\rules.1.188.52
  C:\Program Files\Dealio\kb127\rules\rules.1.189.45
  C:\Program Files\Dealio\kb127\rules\rules.1.196.43
  C:\Program Files\Dealio\kb127\rules\rules.1.198.56
  C:\Program Files\Dealio\kb127\rules\rules.1.199.43
  C:\Program Files\Dealio\kb127\rules\rules.1.200.53
  C:\Program Files\Dealio\kb127\rules\rules.1.201.43
  C:\Program Files\Dealio\kb127\rules\rules.1.202.43
  C:\Program Files\Dealio\kb127\rules\rules.1.203.71
  C:\Program Files\Dealio\kb127\rules\rules.1.205.62
  C:\Program Files\Dealio\kb127\rules\rules.1.213.71
  C:\Program Files\Dealio\kb127\rules\rules.1.214.49
  C:\Program Files\Dealio\kb127\rules\rules.1.215.43
  C:\Program Files\Dealio\kb127\rules\rules.1.216.67
  C:\Program Files\Dealio\kb127\rules\rules.1.217.67
  C:\Program Files\Dealio\kb127\rules\rules.1.218.52
  C:\Program Files\Dealio\kb127\rules\rules.1.219.43
  C:\Program Files\Dealio\kb127\rules\rules.1.220.43
  C:\Program Files\Dealio\kb127\rules\rules.1.221.57
  C:\Program Files\Dealio\kb127\rules\rules.1.222.43
  C:\Program Files\Dealio\kb127\rules\rules.1.223.68
  C:\Program Files\Dealio\kb127\rules\rules.1.226.68
  C:\Program Files\Dealio\kb127\rules\rules.1.227.43
  C:\Program Files\Dealio\kb127\rules\rules.1.228.62
  C:\Program Files\Dealio\kb127\rules\rules.1.229.76
  C:\Program Files\Dealio\kb127\rules\rules.1.23.63
  C:\Program Files\Dealio\kb127\rules\rules.1.239.43
  C:\Program Files\Dealio\kb127\rules\rules.1.24.43
  C:\Program Files\Dealio\kb127\rules\rules.1.240.43
  C:\Program Files\Dealio\kb127\rules\rules.1.241.43
  C:\Program Files\Dealio\kb127\rules\rules.1.242.43
  C:\Program Files\Dealio\kb127\rules\rules.1.243.43
  C:\Program Files\Dealio\kb127\rules\rules.1.244.63
  C:\Program Files\Dealio\kb127\rules\rules.1.245.43
  C:\Program Files\Dealio\kb127\rules\rules.1.247.43
  C:\Program Files\Dealio\kb127\rules\rules.1.248.43
  C:\Program Files\Dealio\kb127\rules\rules.1.249.43
  C:\Program Files\Dealio\kb127\rules\rules.1.250.43
  C:\Program Files\Dealio\kb127\rules\rules.1.251.43
  C:\Program Files\Dealio\kb127\rules\rules.1.252.43
  C:\Program Files\Dealio\kb127\rules\rules.1.253.43
  C:\Program Files\Dealio\kb127\rules\rules.1.254.43
  C:\Program Files\Dealio\kb127\rules\rules.1.255.43
  C:\Program Files\Dealio\kb127\rules\rules.1.256.43
  C:\Program Files\Dealio\kb127\rules\rules.1.257.43
  C:\Program Files\Dealio\kb127\rules\rules.1.279.43
  C:\Program Files\Dealio\kb127\rules\rules.1.28.58
  C:\Program Files\Dealio\kb127\rules\rules.1.282.75
  C:\Program Files\Dealio\kb127\rules\rules.1.283.43
  C:\Program Files\Dealio\kb127\rules\rules.1.284.43
  C:\Program Files\Dealio\kb127\rules\rules.1.289.67
  C:\Program Files\Dealio\kb127\rules\rules.1.290.62
  C:\Program Files\Dealio\kb127\rules\rules.1.291.61
  C:\Program Files\Dealio\kb127\rules\rules.1.296.43
  C:\Program Files\Dealio\kb127\rules\rules.1.297.43
  C:\Program Files\Dealio\kb127\rules\rules.1.304.43
  C:\Program Files\Dealio\kb127\rules\rules.1.307.43
  C:\Program Files\Dealio\kb127\rules\rules.1.308.75
  C:\Program Files\Dealio\kb127\rules\rules.1.31.47
  C:\Program Files\Dealio\kb127\rules\rules.1.310.46
  C:\Program Files\Dealio\kb127\rules\rules.1.311.43
  C:\Program Files\Dealio\kb127\rules\rules.1.315.43
  C:\Program Files\Dealio\kb127\rules\rules.1.316.43
  C:\Program Files\Dealio\kb127\rules\rules.1.317.43
  C:\Program Files\Dealio\kb127\rules\rules.1.318.43
  C:\Program Files\Dealio\kb127\rules\rules.1.319.49
  C:\Program Files\Dealio\kb127\rules\rules.1.32.48
  C:\Program Files\Dealio\kb127\rules\rules.1.334.44
  C:\Program Files\Dealio\kb127\rules\rules.1.335.60
  C:\Program Files\Dealio\kb127\rules\rules.1.336.44
  C:\Program Files\Dealio\kb127\rules\rules.1.337.44
  C:\Program Files\Dealio\kb127\rules\rules.1.338.75
  C:\Program Files\Dealio\kb127\rules\rules.1.339.47
  C:\Program Files\Dealio\kb127\rules\rules.1.34.43
  C:\Program Files\Dealio\kb127\rules\rules.1.340.47
  C:\Program Files\Dealio\kb127\rules\rules.1.341.47
  C:\Program Files\Dealio\kb127\rules\rules.1.349.50
  C:\Program Files\Dealio\kb127\rules\rules.1.35.48
  C:\Program Files\Dealio\kb127\rules\rules.1.350.50
  C:\Program Files\Dealio\kb127\rules\rules.1.351.51
  C:\Program Files\Dealio\kb127\rules\rules.1.352.54
  C:\Program Files\Dealio\kb127\rules\rules.1.353.51
  C:\Program Files\Dealio\kb127\rules\rules.1.354.51
  C:\Program Files\Dealio\kb127\rules\rules.1.357.62
  C:\Program Files\Dealio\kb127\rules\rules.1.358.52
  C:\Program Files\Dealio\kb127\rules\rules.1.359.52
  C:\Program Files\Dealio\kb127\rules\rules.1.360.53
  C:\Program Files\Dealio\kb127\rules\rules.1.361.54
  C:\Program Files\Dealio\kb127\rules\rules.1.362.68
  C:\Program Files\Dealio\kb127\rules\rules.1.363.58
  C:\Program Files\Dealio\kb127\rules\rules.1.364.54
  C:\Program Files\Dealio\kb127\rules\rules.1.365.53
  C:\Program Files\Dealio\kb127\rules\rules.1.367.56
  C:\Program Files\Dealio\kb127\rules\rules.1.368.58
  C:\Program Files\Dealio\kb127\rules\rules.1.369.55
  C:\Program Files\Dealio\kb127\rules\rules.1.370.56
  C:\Program Files\Dealio\kb127\rules\rules.1.371.56
  C:\Program Files\Dealio\kb127\rules\rules.1.372.57
  C:\Program Files\Dealio\kb127\rules\rules.1.373.55
  C:\Program Files\Dealio\kb127\rules\rules.1.375.56
  C:\Program Files\Dealio\kb127\rules\rules.1.376.57
  C:\Program Files\Dealio\kb127\rules\rules.1.377.55
  C:\Program Files\Dealio\kb127\rules\rules.1.378.65
  C:\Program Files\Dealio\kb127\rules\rules.1.384.58
  C:\Program Files\Dealio\kb127\rules\rules.1.386.71
  C:\Program Files\Dealio\kb127\rules\rules.1.387.59
  C:\Program Files\Dealio\kb127\rules\rules.1.388.59
  C:\Program Files\Dealio\kb127\rules\rules.1.389.59
  C:\Program Files\Dealio\kb127\rules\rules.1.390.60
  C:\Program Files\Dealio\kb127\rules\rules.1.391.60
  C:\Program Files\Dealio\kb127\rules\rules.1.392.60
  C:\Program Files\Dealio\kb127\rules\rules.1.393.60
  C:\Program Files\Dealio\kb127\rules\rules.1.394.60
  C:\Program Files\Dealio\kb127\rules\rules.1.396.61
  C:\Program Files\Dealio\kb127\rules\rules.1.397.61
  C:\Program Files\Dealio\kb127\rules\rules.1.398.60
  C:\Program Files\Dealio\kb127\rules\rules.1.399.60
  C:\Program Files\Dealio\kb127\rules\rules.1.403.61
  C:\Program Files\Dealio\kb127\rules\rules.1.404.63
  C:\Program Files\Dealio\kb127\rules\rules.1.405.61
  C:\Program Files\Dealio\kb127\rules\rules.1.406.61
  C:\Program Files\Dealio\kb127\rules\rules.1.407.76
  C:\Program Files\Dealio\kb127\rules\rules.1.408.63
  C:\Program Files\Dealio\kb127\rules\rules.1.409.61
  C:\Program Files\Dealio\kb127\rules\rules.1.412.62
  C:\Program Files\Dealio\kb127\rules\rules.1.413.62
  C:\Program Files\Dealio\kb127\rules\rules.1.414.62
  C:\Program Files\Dealio\kb127\rules\rules.1.415.62
  C:\Program Files\Dealio\kb127\rules\rules.1.416.62
  C:\Program Files\Dealio\kb127\rules\rules.1.417.62
  C:\Program Files\Dealio\kb127\rules\rules.1.418.62
  C:\Program Files\Dealio\kb127\rules\rules.1.419.62
  C:\Program Files\Dealio\kb127\rules\rules.1.420.62
  C:\Program Files\Dealio\kb127\rules\rules.1.421.62
  C:\Program Files\Dealio\kb127\rules\rules.1.423.63
  C:\Program Files\Dealio\kb127\rules\rules.1.424.63
  C:\Program Files\Dealio\kb127\rules\rules.1.425.63
  C:\Program Files\Dealio\kb127\rules\rules.1.426.63
  C:\Program Files\Dealio\kb127\rules\rules.1.427.63
  C:\Program Files\Dealio\kb127\rules\rules.1.428.65
  C:\Program Files\Dealio\kb127\rules\rules.1.429.63
  C:\Program Files\Dealio\kb127\rules\rules.1.430.63
  C:\Program Files\Dealio\kb127\rules\rules.1.432.65
  C:\Program Files\Dealio\kb127\rules\rules.1.433.64
  C:\Program Files\Dealio\kb127\rules\rules.1.434.65
  C:\Program Files\Dealio\kb127\rules\rules.1.435.64
  C:\Program Files\Dealio\kb127\rules\rules.1.436.76
  C:\Program Files\Dealio\kb127\rules\rules.1.437.64
  C:\Program Files\Dealio\kb127\rules\rules.1.438.71
  C:\Program Files\Dealio\kb127\rules\rules.1.439.71
  C:\Program Files\Dealio\kb127\rules\rules.1.440.75
  C:\Program Files\Dealio\kb127\rules\rules.1.442.73
  C:\Program Files\Dealio\kb127\rules\rules.1.443.73
  C:\Program Files\Dealio\kb127\rules\rules.1.444.73
  C:\Program Files\Dealio\kb127\rules\rules.1.445.68
  C:\Program Files\Dealio\kb127\rules\rules.1.446.69
  C:\Program Files\Dealio\kb127\rules\rules.1.450.67
  C:\Program Files\Dealio\kb127\rules\rules.1.451.67
  C:\Program Files\Dealio\kb127\rules\rules.1.452.68
  C:\Program Files\Dealio\kb127\rules\rules.1.453.68
  C:\Program Files\Dealio\kb127\rules\rules.1.454.69
  C:\Program Files\Dealio\kb127\rules\rules.1.456.69
  C:\Program Files\Dealio\kb127\rules\rules.1.457.75
  C:\Program Files\Dealio\kb127\rules\rules.1.458.70
  C:\Program Files\Dealio\kb127\rules\rules.1.459.70
  C:\Program Files\Dealio\kb127\rules\rules.1.460.69
  C:\Program Files\Dealio\kb127\rules\rules.1.462.74
  C:\Program Files\Dealio\kb127\rules\rules.1.463.69
  C:\Program Files\Dealio\kb127\rules\rules.1.464.70
  C:\Program Files\Dealio\kb127\rules\rules.1.465.68
  C:\Program Files\Dealio\kb127\rules\rules.1.468.70
  C:\Program Files\Dealio\kb127\rules\rules.1.469.70
  C:\Program Files\Dealio\kb127\rules\rules.1.470.70
  C:\Program Files\Dealio\kb127\rules\rules.1.471.73
  C:\Program Files\Dealio\kb127\rules\rules.1.472.70
  C:\Program Files\Dealio\kb127\rules\rules.1.478.74
  C:\Program Files\Dealio\kb127\rules\rules.1.479.73
  C:\Program Files\Dealio\kb127\rules\rules.1.480.68
  C:\Program Files\Dealio\kb127\rules\rules.1.481.71
  C:\Program Files\Dealio\kb127\rules\rules.1.482.74
  C:\Program Files\Dealio\kb127\rules\rules.1.49.67
  C:\Program Files\Dealio\kb127\rules\rules.1.50.43
  C:\Program Files\Dealio\kb127\rules\rules.1.500.71
  C:\Program Files\Dealio\kb127\rules\rules.1.501.74
  C:\Program Files\Dealio\kb127\rules\rules.1.502.71
  C:\Program Files\Dealio\kb127\rules\rules.1.51.69
  C:\Program Files\Dealio\kb127\rules\rules.1.52.72
  C:\Program Files\Dealio\kb127\rules\rules.1.520.76
  C:\Program Files\Dealio\kb127\rules\rules.1.521.76
  C:\Program Files\Dealio\kb127\rules\rules.1.522.76
  C:\Program Files\Dealio\kb127\rules\rules.1.53.51
  C:\Program Files\Dealio\kb127\rules\rules.1.531.76
  C:\Program Files\Dealio\kb127\rules\rules.1.532.75
  C:\Program Files\Dealio\kb127\rules\rules.1.534.75
  C:\Program Files\Dealio\kb127\rules\rules.1.54.47
  C:\Program Files\Dealio\kb127\rules\rules.1.55.45
  C:\Program Files\Dealio\kb127\rules\rules.1.56.69
  C:\Program Files\Dealio\kb127\rules\rules.1.57.43
  C:\Program Files\Dealio\kb127\rules\rules.1.58.47
  C:\Program Files\Dealio\kb127\rules\rules.1.593.76
  C:\Program Files\Dealio\kb127\rules\rules.1.595.76
  C:\Program Files\Dealio\kb127\rules\rules.1.63.57
  C:\Program Files\Dealio\kb127\rules\rules.1.66.47
  C:\Program Files\Dealio\kb127\rules\rules.1.70.75
  C:\Program Files\Dealio\kb127\rules\rules.1.71.43
  
  -----------\\ [..\Internet Explorer\Main]
  
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://www.msn.com/fr-fr"
  "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Local Page"="C:\\Windows\\system32\\blank.htm"
  "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
  "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Url"="https://www.msn.com/fr-fr/actualite/"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://fr.yahoo.com/"
  "Default_Page_URL"="https://fr.yahoo.com/"
  "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  
  --------------------\\ Recherche d'autres infections
  
  Aucune autre infection trouvée !
  
  [ UAC => 1 ]
  
  1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:23 - Option : [1]
  
  -----------\\ Fin du rapport a 16:23:47,56
  
  r
  
  0
Réponse 12 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci.

▶ Tape sur "2" puis valide en appuyant sur "Entrée".

/!\ Ne ferme pas la fenêtre lors de la suppression /!\

▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
0
1. pupuce298 Messages postés 166 Statut Membre
  
  bonsoir, j'ai tapé le choix 2 puis j'ai validé et enfin j'ai copier / coller: j'espère que cette fois ça va aller. sinon je suis à tes ordres
  -----------\\ ToolBar S&D 1.2.8 XP/Vista
  
  Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
  X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
  BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
  USER : thalie ( Administrator )
  BOOT : Normal boot
  Antivirus : Norton Internet Security 2007 (Activated)
  Firewall : Norton Internet Security 2007 (Activated)
  C:\ (Local Disk) - NTFS - Total:113 Go (Free:75 Go)
  D:\ (Local Disk) - NTFS - Total:112 Go (Free:106 Go)
  E:\ (CD or DVD)
  F:\ (CD or DVD)
  G:\ (USB)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (Local Disk) - NTFS - Total:298 Go (Free:129 Go)
  
  "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
  Option : [1] ( 09/02/2009|16:23 )
  
  [ UAC => 0 ]
  
  -----------\\ Recherche de Fichiers / Dossiers ...
  
  C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
  C:\Program Files\Dealio
  C:\Program Files\Dealio\DealioAU.exe
  C:\Program Files\Dealio\kb127
  C:\Program Files\Dealio\SearchSettingsKit.exe
  C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
  C:\Program Files\Dealio\kb127\Dealio.dll
  C:\Program Files\Dealio\kb127\DealioRes409.dll
  C:\Program Files\Dealio\kb127\res
  C:\Program Files\Dealio\kb127\resDN
  C:\Program Files\Dealio\kb127\rules
  C:\Program Files\Dealio\kb127\temp
  C:\Program Files\Dealio\kb127\res\alerts.gif
  C:\Program Files\Dealio\kb127\res\alerts_over.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec.gif
  C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
  C:\Program Files\Dealio\kb127\res\chevron-small.gif
  C:\Program Files\Dealio\kb127\res\DealioSearch.html
  C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
  C:\Program Files\Dealio\kb127\res\deal_report.jpg
  C:\Program Files\Dealio\kb127\res\ebay_login.jpg
  C:\Program Files\Dealio\kb127\res\err_mainwindow.html
  C:\Program Files\Dealio\kb127\res\err_toolbar.html
  C:\Program Files\Dealio\kb127\res\global_scripts.js
  C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
  C:\Program Files\Dealio\kb127\res\highlight-bg.png
  C:\Program Files\Dealio\kb127\res\logo.gif
  C:\Program Files\Dealio\kb127\res\logo_over.gif
  C:\Program Files\Dealio\kb127\res\man_toolbar.css
  C:\Program Files\Dealio\kb127\res\man_toolbar.html
  C:\Program Files\Dealio\kb127\res\man_toolbar.js
  C:\Program Files\Dealio\kb127\res\man_toolbarl.js
  C:\Program Files\Dealio\kb127\res\post-this-deal.gif
  C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
  C:\Program Files\Dealio\kb127\res\scripts.js
  C:\Program Files\Dealio\kb127\res\scroller.js
  C:\Program Files\Dealio\kb127\res\search-chevron.gif
  C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
  C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
  C:\Program Files\Dealio\kb127\res\separator.gif
  C:\Program Files\Dealio\kb127\res\settings.gif
  C:\Program Files\Dealio\kb127\res\settings_over.gif
  C:\Program Files\Dealio\kb127\res\yahoo-search.png
  C:\Program Files\Dealio\kb127\resDN\bottom.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
  C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
  C:\Program Files\Dealio\kb127\resDN\close.gif
  C:\Program Files\Dealio\kb127\resDN\deskbar.css
  C:\Program Files\Dealio\kb127\resDN\deskbar.js
  C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
  C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
  C:\Program Files\Dealio\kb127\resDN\logo.gif
  C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\losing.gif
  C:\Program Files\Dealio\kb127\resDN\lost.gif
  C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
  C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
  C:\Program Files\Dealio\kb127\resDN\menu_check.gif
  C:\Program Files\Dealio\kb127\resDN\no_image.gif
  C:\Program Files\Dealio\kb127\resDN\prod_img.gif
  C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
  C:\Program Files\Dealio\kb127\resDN\spacer.gif
  C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
  C:\Program Files\Dealio\kb127\resDN\top.gif
  C:\Program Files\Dealio\kb127\resDN\unknown.gif
  C:\Program Files\Dealio\kb127\resDN\winning.gif
  C:\Program Files\Dealio\kb127\resDN\won.gif
  C:\Program Files\Dealio\kb127\rules\index.76.35
  C:\Program Files\Dealio\kb127\rules\rules.1.10.76
  C:\Program Files\Dealio\kb127\rules\rules.1.109.43
  C:\Program Files\Dealio\kb127\rules\rules.1.110.43
  C:\Program Files\Dealio\kb127\rules\rules.1.12.52
  C:\Program Files\Dealio\kb127\rules\rules.1.13.58
  C:\Program Files\Dealio\kb127\rules\rules.1.130.58
  C:\Program Files\Dealio\kb127\rules\rules.1.135.50
  C:\Program Files\Dealio\kb127\rules\rules.1.153.44
  C:\Program Files\Dealio\kb127\rules\rules.1.155.43
  C:\Program Files\Dealio\kb127\rules\rules.1.156.49
  C:\Program Files\Dealio\kb127\rules\rules.1.16.60
  C:\Program Files\Dealio\kb127\rules\rules.1.161.52
  C:\Program Files\Dealio\kb127\rules\rules.1.178.66
  C:\Program Files\Dealio\kb127\rules\rules.1.184.55
  C:\Program Files\Dealio\kb127\rules\rules.1.188.52
  C:\Program Files\Dealio\kb127\rules\rules.1.189.45
  C:\Program Files\Dealio\kb127\rules\rules.1.196.43
  C:\Program Files\Dealio\kb127\rules\rules.1.198.56
  C:\Program Files\Dealio\kb127\rules\rules.1.199.43
  C:\Program Files\Dealio\kb127\rules\rules.1.200.53
  C:\Program Files\Dealio\kb127\rules\rules.1.201.43
  C:\Program Files\Dealio\kb127\rules\rules.1.202.43
  C:\Program Files\Dealio\kb127\rules\rules.1.203.71
  C:\Program Files\Dealio\kb127\rules\rules.1.205.62
  C:\Program Files\Dealio\kb127\rules\rules.1.213.71
  C:\Program Files\Dealio\kb127\rules\rules.1.214.49
  C:\Program Files\Dealio\kb127\rules\rules.1.215.43
  C:\Program Files\Dealio\kb127\rules\rules.1.216.67
  C:\Program Files\Dealio\kb127\rules\rules.1.217.67
  C:\Program Files\Dealio\kb127\rules\rules.1.218.52
  C:\Program Files\Dealio\kb127\rules\rules.1.219.43
  C:\Program Files\Dealio\kb127\rules\rules.1.220.43
  C:\Program Files\Dealio\kb127\rules\rules.1.221.57
  C:\Program Files\Dealio\kb127\rules\rules.1.222.43
  C:\Program Files\Dealio\kb127\rules\rules.1.223.68
  C:\Program Files\Dealio\kb127\rules\rules.1.226.68
  C:\Program Files\Dealio\kb127\rules\rules.1.227.43
  C:\Program Files\Dealio\kb127\rules\rules.1.228.62
  C:\Program Files\Dealio\kb127\rules\rules.1.229.76
  C:\Program Files\Dealio\kb127\rules\rules.1.23.63
  C:\Program Files\Dealio\kb127\rules\rules.1.239.43
  C:\Program Files\Dealio\kb127\rules\rules.1.24.43
  C:\Program Files\Dealio\kb127\rules\rules.1.240.43
  C:\Program Files\Dealio\kb127\rules\rules.1.241.43
  C:\Program Files\Dealio\kb127\rules\rules.1.242.43
  C:\Program Files\Dealio\kb127\rules\rules.1.243.43
  C:\Program Files\Dealio\kb127\rules\rules.1.244.63
  C:\Program Files\Dealio\kb127\rules\rules.1.245.43
  C:\Program Files\Dealio\kb127\rules\rules.1.247.43
  C:\Program Files\Dealio\kb127\rules\rules.1.248.43
  C:\Program Files\Dealio\kb127\rules\rules.1.249.43
  C:\Program Files\Dealio\kb127\rules\rules.1.250.43
  C:\Program Files\Dealio\kb127\rules\rules.1.251.43
  C:\Program Files\Dealio\kb127\rules\rules.1.252.43
  C:\Program Files\Dealio\kb127\rules\rules.1.253.43
  C:\Program Files\Dealio\kb127\rules\rules.1.254.43
  C:\Program Files\Dealio\kb127\rules\rules.1.255.43
  C:\Program Files\Dealio\kb127\rules\rules.1.256.43
  C:\Program Files\Dealio\kb127\rules\rules.1.257.43
  C:\Program Files\Dealio\kb127\rules\rules.1.279.43
  C:\Program Files\Dealio\kb127\rules\rules.1.28.58
  C:\Program Files\Dealio\kb127\rules\rules.1.282.75
  C:\Program Files\Dealio\kb127\rules\rules.1.283.43
  C:\Program Files\Dealio\kb127\rules\rules.1.284.43
  C:\Program Files\Dealio\kb127\rules\rules.1.289.67
  C:\Program Files\Dealio\kb127\rules\rules.1.290.62
  C:\Program Files\Dealio\kb127\rules\rules.1.291.61
  C:\Program Files\Dealio\kb127\rules\rules.1.296.43
  C:\Program Files\Dealio\kb127\rules\rules.1.297.43
  C:\Program Files\Dealio\kb127\rules\rules.1.304.43
  C:\Program Files\Dealio\kb127\rules\rules.1.307.43
  C:\Program Files\Dealio\kb127\rules\rules.1.308.75
  C:\Program Files\Dealio\kb127\rules\rules.1.31.47
  C:\Program Files\Dealio\kb127\rules\rules.1.310.46
  C:\Program Files\Dealio\kb127\rules\rules.1.311.43
  C:\Program Files\Dealio\kb127\rules\rules.1.315.43
  C:\Program Files\Dealio\kb127\rules\rules.1.316.43
  C:\Program Files\Dealio\kb127\rules\rules.1.317.43
  C:\Program Files\Dealio\kb127\rules\rules.1.318.43
  C:\Program Files\Dealio\kb127\rules\rules.1.319.49
  C:\Program Files\Dealio\kb127\rules\rules.1.32.48
  C:\Program Files\Dealio\kb127\rules\rules.1.334.44
  C:\Program Files\Dealio\kb127\rules\rules.1.335.60
  C:\Program Files\Dealio\kb127\rules\rules.1.336.44
  C:\Program Files\Dealio\kb127\rules\rules.1.337.44
  C:\Program Files\Dealio\kb127\rules\rules.1.338.75
  C:\Program Files\Dealio\kb127\rules\rules.1.339.47
  C:\Program Files\Dealio\kb127\rules\rules.1.34.43
  C:\Program Files\Dealio\kb127\rules\rules.1.340.47
  C:\Program Files\Dealio\kb127\rules\rules.1.341.47
  C:\Program Files\Dealio\kb127\rules\rules.1.349.50
  C:\Program Files\Dealio\kb127\rules\rules.1.35.48
  C:\Program Files\Dealio\kb127\rules\rules.1.350.50
  C:\Program Files\Dealio\kb127\rules\rules.1.351.51
  C:\Program Files\Dealio\kb127\rules\rules.1.352.54
  C:\Program Files\Dealio\kb127\rules\rules.1.353.51
  C:\Program Files\Dealio\kb127\rules\rules.1.354.51
  C:\Program Files\Dealio\kb127\rules\rules.1.357.62
  C:\Program Files\Dealio\kb127\rules\rules.1.358.52
  C:\Program Files\Dealio\kb127\rules\rules.1.359.52
  C:\Program Files\Dealio\kb127\rules\rules.1.360.53
  C:\Program Files\Dealio\kb127\rules\rules.1.361.54
  C:\Program Files\Dealio\kb127\rules\rules.1.362.68
  C:\Program Files\Dealio\kb127\rules\rules.1.363.58
  C:\Program Files\Dealio\kb127\rules\rules.1.364.54
  C:\Program Files\Dealio\kb127\rules\rules.1.365.53
  C:\Program Files\Dealio\kb127\rules\rules.1.367.56
  C:\Program Files\Dealio\kb127\rules\rules.1.368.58
  C:\Program Files\Dealio\kb127\rules\rules.1.369.55
  C:\Program Files\Dealio\kb127\rules\rules.1.370.56
  C:\Program Files\Dealio\kb127\rules\rules.1.371.56
  C:\Program Files\Dealio\kb127\rules\rules.1.372.57
  C:\Program Files\Dealio\kb127\rules\rules.1.373.55
  C:\Program Files\Dealio\kb127\rules\rules.1.375.56
  C:\Program Files\Dealio\kb127\rules\rules.1.376.57
  C:\Program Files\Dealio\kb127\rules\rules.1.377.55
  C:\Program Files\Dealio\kb127\rules\rules.1.378.65
  C:\Program Files\Dealio\kb127\rules\rules.1.384.58
  C:\Program Files\Dealio\kb127\rules\rules.1.386.71
  C:\Program Files\Dealio\kb127\rules\rules.1.387.59
  C:\Program Files\Dealio\kb127\rules\rules.1.388.59
  C:\Program Files\Dealio\kb127\rules\rules.1.389.59
  C:\Program Files\Dealio\kb127\rules\rules.1.390.60
  C:\Program Files\Dealio\kb127\rules\rules.1.391.60
  C:\Program Files\Dealio\kb127\rules\rules.1.392.60
  C:\Program Files\Dealio\kb127\rules\rules.1.393.60
  C:\Program Files\Dealio\kb127\rules\rules.1.394.60
  C:\Program Files\Dealio\kb127\rules\rules.1.396.61
  C:\Program Files\Dealio\kb127\rules\rules.1.397.61
  C:\Program Files\Dealio\kb127\rules\rules.1.398.60
  C:\Program Files\Dealio\kb127\rules\rules.1.399.60
  C:\Program Files\Dealio\kb127\rules\rules.1.403.61
  C:\Program Files\Dealio\kb127\rules\rules.1.404.63
  C:\Program Files\Dealio\kb127\rules\rules.1.405.61
  C:\Program Files\Dealio\kb127\rules\rules.1.406.61
  C:\Program Files\Dealio\kb127\rules\rules.1.407.76
  C:\Program Files\Dealio\kb127\rules\rules.1.408.63
  C:\Program Files\Dealio\kb127\rules\rules.1.409.61
  C:\Program Files\Dealio\kb127\rules\rules.1.412.62
  C:\Program Files\Dealio\kb127\rules\rules.1.413.62
  C:\Program Files\Dealio\kb127\rules\rules.1.414.62
  C:\Program Files\Dealio\kb127\rules\rules.1.415.62
  C:\Program Files\Dealio\kb127\rules\rules.1.416.62
  C:\Program Files\Dealio\kb127\rules\rules.1.417.62
  C:\Program Files\Dealio\kb127\rules\rules.1.418.62
  C:\Program Files\Dealio\kb127\rules\rules.1.419.62
  C:\Program Files\Dealio\kb127\rules\rules.1.420.62
  C:\Program Files\Dealio\kb127\rules\rules.1.421.62
  C:\Program Files\Dealio\kb127\rules\rules.1.423.63
  C:\Program Files\Dealio\kb127\rules\rules.1.424.63
  C:\Program Files\Dealio\kb127\rules\rules.1.425.63
  C:\Program Files\Dealio\kb127\rules\rules.1.426.63
  C:\Program Files\Dealio\kb127\rules\rules.1.427.63
  C:\Program Files\Dealio\kb127\rules\rules.1.428.65
  C:\Program Files\Dealio\kb127\rules\rules.1.429.63
  C:\Program Files\Dealio\kb127\rules\rules.1.430.63
  C:\Program Files\Dealio\kb127\rules\rules.1.432.65
  C:\Program Files\Dealio\kb127\rules\rules.1.433.64
  C:\Program Files\Dealio\kb127\rules\rules.1.434.65
  C:\Program Files\Dealio\kb127\rules\rules.1.435.64
  C:\Program Files\Dealio\kb127\rules\rules.1.436.76
  C:\Program Files\Dealio\kb127\rules\rules.1.437.64
  C:\Program Files\Dealio\kb127\rules\rules.1.438.71
  C:\Program Files\Dealio\kb127\rules\rules.1.439.71
  C:\Program Files\Dealio\kb127\rules\rules.1.440.75
  C:\Program Files\Dealio\kb127\rules\rules.1.442.73
  C:\Program Files\Dealio\kb127\rules\rules.1.443.73
  C:\Program Files\Dealio\kb127\rules\rules.1.444.73
  C:\Program Files\Dealio\kb127\rules\rules.1.445.68
  C:\Program Files\Dealio\kb127\rules\rules.1.446.69
  C:\Program Files\Dealio\kb127\rules\rules.1.450.67
  C:\Program Files\Dealio\kb127\rules\rules.1.451.67
  C:\Program Files\Dealio\kb127\rules\rules.1.452.68
  C:\Program Files\Dealio\kb127\rules\rules.1.453.68
  C:\Program Files\Dealio\kb127\rules\rules.1.454.69
  C:\Program Files\Dealio\kb127\rules\rules.1.456.69
  C:\Program Files\Dealio\kb127\rules\rules.1.457.75
  C:\Program Files\Dealio\kb127\rules\rules.1.458.70
  C:\Program Files\Dealio\kb127\rules\rules.1.459.70
  C:\Program Files\Dealio\kb127\rules\rules.1.460.69
  C:\Program Files\Dealio\kb127\rules\rules.1.462.74
  C:\Program Files\Dealio\kb127\rules\rules.1.463.69
  C:\Program Files\Dealio\kb127\rules\rules.1.464.70
  C:\Program Files\Dealio\kb127\rules\rules.1.465.68
  C:\Program Files\Dealio\kb127\rules\rules.1.468.70
  C:\Program Files\Dealio\kb127\rules\rules.1.469.70
  C:\Program Files\Dealio\kb127\rules\rules.1.470.70
  C:\Program Files\Dealio\kb127\rules\rules.1.471.73
  C:\Program Files\Dealio\kb127\rules\rules.1.472.70
  C:\Program Files\Dealio\kb127\rules\rules.1.478.74
  C:\Program Files\Dealio\kb127\rules\rules.1.479.73
  C:\Program Files\Dealio\kb127\rules\rules.1.480.68
  C:\Program Files\Dealio\kb127\rules\rules.1.481.71
  C:\Program Files\Dealio\kb127\rules\rules.1.482.74
  C:\Program Files\Dealio\kb127\rules\rules.1.49.67
  C:\Program Files\Dealio\kb127\rules\rules.1.50.43
  C:\Program Files\Dealio\kb127\rules\rules.1.500.71
  C:\Program Files\Dealio\kb127\rules\rules.1.501.74
  C:\Program Files\Dealio\kb127\rules\rules.1.502.71
  C:\Program Files\Dealio\kb127\rules\rules.1.51.69
  C:\Program Files\Dealio\kb127\rules\rules.1.52.72
  C:\Program Files\Dealio\kb127\rules\rules.1.520.76
  C:\Program Files\Dealio\kb127\rules\rules.1.521.76
  C:\Program Files\Dealio\kb127\rules\rules.1.522.76
  C:\Program Files\Dealio\kb127\rules\rules.1.53.51
  C:\Program Files\Dealio\kb127\rules\rules.1.531.76
  C:\Program Files\Dealio\kb127\rules\rules.1.532.75
  C:\Program Files\Dealio\kb127\rules\rules.1.534.75
  C:\Program Files\Dealio\kb127\rules\rules.1.54.47
  C:\Program Files\Dealio\kb127\rules\rules.1.55.45
  C:\Program Files\Dealio\kb127\rules\rules.1.56.69
  C:\Program Files\Dealio\kb127\rules\rules.1.57.43
  C:\Program Files\Dealio\kb127\rules\rules.1.58.47
  C:\Program Files\Dealio\kb127\rules\rules.1.593.76
  C:\Program Files\Dealio\kb127\rules\rules.1.595.76
  C:\Program Files\Dealio\kb127\rules\rules.1.63.57
  C:\Program Files\Dealio\kb127\rules\rules.1.66.47
  C:\Program Files\Dealio\kb127\rules\rules.1.70.75
  C:\Program Files\Dealio\kb127\rules\rules.1.71.43
  
  -----------\\ [..\Internet Explorer\Main]
  
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://www.msn.com/fr-fr"
  "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Local Page"="C:\\Windows\\system32\\blank.htm"
  "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
  "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
  "Url"="https://www.msn.com/fr-fr/actualite/"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="https://fr.yahoo.com/"
  "Default_Page_URL"="https://fr.yahoo.com/"
  "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
  
  --------------------\\ Recherche d'autres infections
  
  Aucune autre infection trouvée !
  
  [ UAC => 1 ]
  
  1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:23 - Option : [1]
  
  -----------\\ Fin du rapport a 16:23:47,56
  
  0
2. pupuce298 Messages postés 166 Statut Membre
  
  mais il doit certainement y avoir un souci car la date est le 09/02/09 à 16h23 (l'heure de la 1ere analyse) et je ne sais pas comment faire pour en faire une nouvelle:!!!
  
  0
Réponse 13 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Oui c'est à chaques fois ce rapport là que tu m'envois, c'est pas normal...

Est-ce que tu as bien fait l'option 2 ?? Si oui, refais un rapport hijackthis stp
0
1. pupuce298 Messages postés 166 Statut Membre
  
  merci c'Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:44:10, on 10/02/2009
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal
  
  Running processes:
  C:\Windows\Explorer.EXE
  C:\Windows\system32\Dwm.exe
  C:\Windows\system32\taskeng.exe
  C:\Users\thalie\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Windows\System32\SysMonitor.exe
  C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
  C:\Windows\System32\mobsync.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Windows\vVX1000.exe
  C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
  C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Program Files\LimeWire\LimeWire.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Windows\system32\conime.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Internet Explorer\ieuser.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
  C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  C:\Windows\system32\SearchFilterHost.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
  O1 - Hosts: ::1 localhost
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
  O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
  O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
  O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
  O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
  O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
  O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
  O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\thalie\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [?????????] ??????????????e
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
  O4 - Global Startup: Empowering Technology Launcher.lnk = ?
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O13 - Gopher Prefix:
  O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
  O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
  O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
  O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
  
  0
Réponse 14 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

▶ Télécharge et enregistre le fichier d installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

▶ Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

▶ Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.

▶ Au menu principal choisi l'option "A"

▶ Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
1. pupuce298 Messages postés 166 Statut Membre
  
  ------- LOGFILE OF AD-REMOVER 1.1.1.0 | ONLY XP/VISTA -------
  
  Updated by C_XX on 10/02/2009 at 18:40
  
  Start at: 23:25:59 | Tue 10/02/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
  Boot mode: Normal
  Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
  Pc: PC-DE-THALIE | User: thalie ( Current user is an administrator)
  Drive(s):
  - C:\ (File System: NTFS)
  - D:\ (File System: NTFS)
  - K:\ (File System: NTFS)
  System Drive: C:\
  Windows Directory: C:\Windows\
  System Directory: C:\Windows\System32\
  
  --- Running Processes: 73
  --- User Account Control is DISABLE
  
  +--------------------| Boonty/Boonty Games Elements Found:
  
  .
  .
  
  +--------------------| Eorezo Elements Found:
  
  HKCU\Software\EoRezo
  HKLM\Software\EoRezo
  HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
  HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
  .
  C:\Users\thalie\AppData\Roaming\EoRezo
  C:\Users\thalie\AppData\Roaming\EoRezo\db
  C:\Users\thalie\AppData\Roaming\EoRezo\eoDesktop
  C:\Users\thalie\AppData\Roaming\EoRezo\SoftwareUpdate
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@eorezo[1].txt
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@eorezo[2].txt
  
  +--------------------| Infected Poker Softwares Elements Found:
  
  .
  
  +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:
  
  .
  .
  
  +--------------------| It's TV Elements Found:
  
  .
  
  +--------------------| Sweetim Elements Found:
  
  HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
  HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
  HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
  HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
  HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
  HKCR\SWEETIE.IEToolbar
  HKCR\SWEETIE.IEToolbar.1
  HKCR\SWEETIE.SWEETIE
  HKCR\SWEETIE.SWEETIE.3
  HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
  HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
  HKCR\Toolbar3.SWEETIE
  HKCR\Toolbar3.SWEETIE.1
  HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
  HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
  HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
  HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
  HKCU\SOFTWARE\SweetIM
  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE.3
  HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
  HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
  HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE
  HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE.1
  HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\SweetIM
  HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
  HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-1832075816-3645299247-3322294753-1000\Software\Sweetim
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
  .
  C:\Windows\Installer\3883e3e.msi
  C:\Program Files\SweetIM
  C:\Program Files\SweetIM\Toolbars
  C:\Program Files\SweetIM\Toolbars\Internet Explorer
  C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
  C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
  C:\Users\thalie\Appdata\LocalLow\SweetIM
  C:\Users\thalie\Appdata\LocalLow\SweetIM\Toolbars
  C:\Users\thalie\Appdata\LocalLow\SweetIM\Toolbars\Internet Explorer
  C:\Users\thalie\Appdata\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
  C:\Windows\Prefetch\SWEETIESETUP.EXE-31331354.pf
  C:\Windows\Prefetch\SWEETIESETUP.EXE-DE940790.pf
  C:\Windows\Prefetch\SWEETIM.EXE-46801483.pf
  C:\Windows\Prefetch\SWEETIMSETUP[1].EXE-25A9FCBD.pf
  C:\Windows\Prefetch\SWEETIMSETUP[2].EXE-05EF892C.pf
  C:\Windows\Prefetch\VISTACOOKIESCOLLECTOR.EXE-70A055E8.pf
  C:\Windows\Prefetch\VISTACOOKIESCOLLECTOR.EXE-B2B04BC4.pf
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@content.sweetim[2].txt
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@sweetim[1].txt
  
  +--------------------| Added Scan:
  
  ---- Internet Explorer Version 7.0.6001.18000 ----
  
  +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
  
  Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Start page: hxxp://fr.msn.com/
  
  +-[HKEY_USERS\S-1-5-21-1832075816-3645299247-3322294753-1000\..\Internet Explorer\Main]
  
  Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Start page: hxxp://fr.msn.com/
  
  +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
  
  Default_Page_URL: hxxp://fr.fr.acer.yahoo.com
  Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
  Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
  Start page: hxxp://www.msn.com/
  
  +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
  
  Tabs: hxxp://ieframe.dll/tabswelcome.htm
  
  +---------------------------------------------------------------------------+
  
  [~7220 Bytes] - "C:\Ad-Report-Scan-10.02.2009.log"
  -
  
  End at: 23:28:42 | 10/02/2009
  .
  +--------------------| E.O.F - 127 Lines
  .
  
  0
Réponse 15 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

! Déconnectes toi et fermes toutes applications en cours !

● Relances "Ad-remover" : au menu principal choisi l'option "B" .

● Coche à l'écran de sélection :

2. Suppression Eorezo
6. Suppression Sweetim

● Tape le chiffre correspondant à la suppression demandée et valide par ENTER pour le cocher.

● Puis choisi "S" , le programme va travailler,

● Postes le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)
0
1. pupuce298 Messages postés 166 Statut Membre
  
  ------- LOGFILE OF AD-REMOVER 1.1.1.0 | ONLY XP/VISTA -------
  
  Updated by C_XX on 10/02/2009 at 18:40
  
  *** LIMITED TO ***
  
  Eorezo
  Sweetim
  
  ******************
  
  Start at: 23:41:44 | Tue 10/02/2009 | Microsoft® Windows Vista™ Home Premium SP1 (V6.0.6001)
  Boot mode: Normal
  Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
  Pc: PC-DE-THALIE | User: thalie ( Current user is an administrator)
  Drive(s):
  - C:\ (File System: NTFS)
  - D:\ (File System: NTFS)
  - K:\ (File System: NTFS)
  System Drive: C:\
  Windows Directory: C:\Windows\
  System Directory: C:\Windows\System32\
  
  --- Running Processes: 72
  --- User Account Control is DISABLE
  
  (!) ---- IE start pages/Tabs reset
  
  +--------------------| Eorezo Elements Deleted :
  
  HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
  HKCU\Software\EoRezo
  HKLM\Software\EoRezo
  HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
  .
  C:\Users\thalie\AppData\Roaming\EoRezo
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@eorezo[1].txt
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@eorezo[2].txt
  
  +--------------------| Sweetim Elements Deleted :
  
  HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
  HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCU\Software\Microsoft\Internet Explorer\Internetregistry\Registry\User\S-1-5-21-1832075816-3645299247-3322294753-1000\Software\Sweetim
  HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
  HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
  HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
  HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
  HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
  HKCR\SWEETIE.IEToolbar
  HKCR\SWEETIE.IEToolbar.1
  HKCR\SWEETIE.SWEETIE
  HKCR\SWEETIE.SWEETIE.3
  HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
  HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
  HKCR\Toolbar3.SWEETIE
  HKCR\Toolbar3.SWEETIE.1
  HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
  HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
  HKCU\SOFTWARE\SweetIM
  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
  HKLM\SOFTWARE\SweetIM
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
  HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
  .
  C:\Windows\Installer\3883e3e.msi
  C:\Program Files\SweetIM
  C:\Users\thalie\Appdata\LocalLow\SweetIM
  C:\Windows\Prefetch\SWEETIESETUP.EXE-31331354.pf
  C:\Windows\Prefetch\SWEETIESETUP.EXE-DE940790.pf
  C:\Windows\Prefetch\SWEETIM.EXE-46801483.pf
  C:\Windows\Prefetch\SWEETIMSETUP[1].EXE-25A9FCBD.pf
  C:\Windows\Prefetch\SWEETIMSETUP[2].EXE-05EF892C.pf
  C:\Windows\Prefetch\VISTACOOKIESCOLLECTOR.EXE-70A055E8.pf
  C:\Windows\Prefetch\VISTACOOKIESCOLLECTOR.EXE-B2B04BC4.pf
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@content.sweetim[2].txt
  C:\Users\thalie\AppData\Roaming\Microsoft\Windows\Cookies\thalie@sweetim[1].txt
  
  (!) ---- Temp files deleted.
  (!) ---- Recycle bin emptied in all drives.
  
  +--------------------| Added Scan :
  
  ---- Internet Explorer Version 7.0.6001.18000 ----
  
  +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
  
  Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
  Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  
  +-[HKEY_USERS\S-1-5-21-1832075816-3645299247-3322294753-1000\..\Internet Explorer\Main]
  
  Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
  Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  
  +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
  
  Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Search bar: hxxp://search.msn.com/spbasic.htm
  Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  Start page: hxxp://fr.msn.com/
  
  +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
  
  Tabs: hxxp://ieframe.dll/tabswelcome.htm
  
  +---------------------------------------------------------------------------+
  
  [~6131 Bytes] - "C:\Ad-Report-Clean-10.02.2009.log"
  [~7356 Bytes] - "C:\Ad-Report-Scan-10.02.2009.log"
  -
  
  End at: 23:44:16 | 10/02/2009
  .
  +--------------------| E.O.F - 103 Lines
  .
  
  0
Réponse 16 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

ok maintenant :

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

Et ensuite refais un nouveau rapport hijackthis stp
0
1. pupuce298 Messages postés 166 Statut Membre
  
  Malwarebytes' Anti-Malware 1.33
  Version de la base de données: 1742
  Windows 6.0.6001 Service Pack 1
  
  11/02/2009 01:29:55
  mbam-log-2009-02-11 (01-29-55).txt
  
  Type de recherche: Examen complet (C:\|D:\|K:\|)
  Eléments examinés: 123891
  Temps écoulé: 50 minute(s), 31 second(s)
  
  Processus mémoire infecté(s): 0
  Module(s) mémoire infecté(s): 0
  Clé(s) du Registre infectée(s): 0
  Valeur(s) du Registre infectée(s): 0
  Elément(s) de données du Registre infecté(s): 0
  Dossier(s) infecté(s): 0
  Fichier(s) infecté(s): 0
  
  Processus mémoire infecté(s):
  (Aucun élément nuisible détecté)
  
  Module(s) mémoire infecté(s):
  (Aucun élément nuisible détecté)
  
  Clé(s) du Registre infectée(s):
  (Aucun élément nuisible détecté)
  
  Valeur(s) du Registre infectée(s):
  (Aucun élément nuisible détecté)
  
  Elément(s) de données du Registre infecté(s):
  (Aucun élément nuisible détecté)
  
  Dossier(s) infecté(s):
  (Aucun élément nuisible détecté)
  
  Fichier(s) infecté(s):
  (Aucun élément nuisible détecté)
  
  0
2. pupuce298 Messages postés 166 Statut Membre
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 01:32:17, on 11/02/2009
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal
  
  Running processes:
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Windows\System32\SysMonitor.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
  C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Windows\vVX1000.exe
  C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
  C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Windows\system32\conime.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Windows\explorer.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  C:\Windows\system32\wermgr.exe
  C:\Windows\system32\NOTEPAD.EXE
  C:\Windows\system32\SearchFilterHost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O1 - Hosts: ::1 localhost
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
  O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
  O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
  O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
  O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
  O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [?????????] ??????????????e
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
  O4 - Global Startup: Empowering Technology Launcher.lnk = ?
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O13 - Gopher Prefix:
  O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
  O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
  O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
  
  0
Réponse 17 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

▶ Télécharge Combofix de sUBs

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

▶ Je te conseille d'installer la console de récupération !!

ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0
1. pupuce298 Messages postés 166 Statut Membre
  
  ComboFix 09-02-10.03 - thalie 2009-02-11 11:54:56.1 - NTFSx86
  Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.894.341 [GMT 1:00]
  Lancé depuis: c:\users\thalie\Desktop\ComboFix.exe
  AV: Norton Internet Security *On-access scanning disabled* (Updated)
  FW: Norton Internet Security *disabled*
  * Un nouveau point de restauration a été créé
  .
  
  (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  c:\program files\QUAD Utilities
  
  .
  ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 ))))))))))))))))))))))))))))))))))))
  .
  
  2009-02-10 23:52 . 2009-02-10 23:52 <REP> d-------- c:\users\thalie\AppData\Roaming\Malwarebytes
  2009-02-10 23:52 . 2009-02-10 23:52 <REP> d-------- c:\users\All Users\Malwarebytes
  2009-02-10 23:52 . 2009-02-10 23:52 <REP> d-------- c:\programdata\Malwarebytes
  2009-02-10 23:52 . 2009-02-10 23:52 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
  2009-02-10 23:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
  2009-02-10 23:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
  2009-02-10 23:24 . 2009-02-10 23:35 <REP> d-------- c:\program files\Ad-remover
  2009-02-09 11:39 . 2009-02-09 11:39 <REP> d-------- c:\program files\Trend Micro
  2009-01-31 16:39 . 2009-01-31 16:39 <REP> d-------- c:\program files\JRE
  2009-01-17 22:47 . 2009-01-17 22:47 <REP> d-------- c:\program files\Common Files\Adobe AIR
  2009-01-17 22:47 . 2009-01-17 22:47 <REP> d-------- c:\program files\Adobe Media Player
  2009-01-14 17:38 . 2009-01-26 22:28 921,624 --a------ C:\img2-001.raw
  2009-01-13 19:23 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
  
  .
  (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2009-02-11 10:17 --------- d-----w c:\programdata\Symantec
  2009-02-10 22:18 --------- d-----w c:\users\thalie\AppData\Roaming\LimeWire
  2009-02-08 16:36 --------- d-----w c:\users\thalie\AppData\Roaming\dvdcss
  2009-01-31 15:39 --------- d-----w c:\program files\OpenOffice.org 3
  2009-01-27 18:59 --------- d-----w c:\program files\Google
  2009-01-14 02:03 --------- d-----w c:\program files\Windows Mail
  2009-01-06 09:39 --------- d-----w c:\program files\Norton Internet Security
  2009-01-06 09:34 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
  2009-01-06 09:34 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
  2009-01-06 09:34 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
  2009-01-06 09:34 --------- d-----w c:\program files\Symantec
  2009-01-05 16:12 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
  2009-01-04 21:40 --------- d-----w c:\programdata\NOS
  2009-01-04 21:40 --------- d-----w c:\program files\NOS
  2009-01-04 21:16 --------- d-----w c:\programdata\WLInstaller
  2009-01-04 15:39 --------- d-----w c:\program files\Common Files\Adobe
  2009-01-04 15:25 --------- d-----w c:\users\thalie\AppData\Roaming\AdobeUM
  2009-01-03 02:03 --------- d-----w c:\program files\Windows Live
  2009-01-02 17:04 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
  2009-01-01 10:46 --------- d-----w c:\users\thalie\AppData\Roaming\FlySuite
  2008-12-31 16:16 --------- d-----w c:\users\thalie\AppData\Roaming\HiYo
  2008-12-30 22:06 --------- d-----w c:\program files\Full Pack Codecs
  2008-12-30 21:41 --------- d--h--w c:\program files\InstallShield Installation Information
  2008-12-30 21:38 --------- d-----w c:\programdata\PC Drivers HeadQuarters
  2008-12-30 18:01 174 --sha-w c:\program files\desktop.ini
  2008-12-30 17:50 --------- d-----w c:\program files\Windows Sidebar
  2008-12-30 17:50 --------- d-----w c:\program files\Windows Photo Gallery
  2008-12-30 17:50 --------- d-----w c:\program files\Windows Journal
  2008-12-30 17:50 --------- d-----w c:\program files\Windows Collaboration
  2008-12-30 17:50 --------- d-----w c:\program files\Windows Calendar
  2008-12-30 17:49 --------- d-----w c:\program files\Windows Defender
  2008-12-30 16:51 101,888 ----a-w c:\windows\System32\ifxcardm.dll
  2008-12-30 16:50 82,432 ----a-w c:\windows\System32\axaltocm.dll
  2008-12-29 22:38 --------- d-----w c:\programdata\HP Product Assistant
  2008-12-28 22:19 --------- d-----w c:\programdata\HP
  2008-12-28 22:11 61,440 ----a-w c:\windows\System32\winipsec.dll
  2008-12-28 22:11 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
  2008-12-28 22:11 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
  2008-12-28 22:11 272,896 ----a-w c:\windows\System32\polstore.dll
  2008-12-28 22:10 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
  2008-12-28 22:10 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
  2008-12-28 22:10 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
  2008-12-28 22:09 269,312 ----a-w c:\windows\System32\es.dll
  2008-12-28 21:58 --------- d-----w c:\users\thalie\AppData\Roaming\OpenOffice.org
  2008-12-28 21:35 --------- d-----w c:\programdata\WEBREG
  2008-12-28 21:34 --------- d-----w c:\users\thalie\AppData\Roaming\HP
  2008-12-28 21:33 --------- d-----w c:\programdata\HPSSUPPLY
  2008-12-28 21:33 --------- d-----w c:\program files\HP
  2008-12-28 21:32 --------- d-----w c:\program files\Common Files\HP
  2008-12-28 21:28 --------- d-----w c:\program files\Hewlett-Packard
  2008-12-28 21:28 --------- d-----w c:\program files\Common Files\Hewlett-Packard
  2008-12-28 21:25 --------- d-----w c:\programdata\Hewlett-Packard
  2008-12-28 17:30 --------- d-----w c:\program files\Microsoft LifeCam
  2008-12-28 17:19 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
  2008-12-28 17:08 --------- d-----w c:\program files\Free Audio Pack
  2008-12-28 17:03 --------- d-----w c:\users\thalie\AppData\Roaming\vlc
  2008-12-28 17:01 --------- d-----w c:\program files\VideoLAN
  2008-12-28 16:44 --------- d-----w c:\program files\LimeWire
  2008-12-28 16:36 410,984 ----a-w c:\windows\System32\deploytk.dll
  2008-12-28 16:36 --------- d-----w c:\program files\Java
  2008-12-28 16:05 428,544 ----a-w c:\windows\System32\EncDec.dll
  2008-12-28 16:05 293,376 ----a-w c:\windows\System32\psisdecd.dll
  2008-12-28 16:00 296,960 ----a-w c:\windows\System32\gdi32.dll
  2008-12-28 15:55 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
  2008-12-28 15:52 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
  2008-12-28 15:52 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
  2008-12-28 15:52 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
  2008-12-28 15:52 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
  2008-12-28 15:52 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
  2008-12-28 15:52 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
  2008-12-28 15:52 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
  2008-12-28 15:52 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
  2008-12-28 15:52 1,695,744 ----a-w c:\windows\System32\gameux.dll
  2008-12-28 15:50 303,616 ----a-w c:\windows\System32\wmpeffects.dll
  2008-12-28 15:48 2,032,640 ----a-w c:\windows\System32\win32k.sys
  2008-12-28 15:48 --------- d-----w c:\program files\Common Files\Java
  2008-12-28 15:47 2,048 ----a-w c:\windows\System32\msxml3r.dll
  2008-12-28 15:47 1,191,936 ----a-w c:\windows\System32\msxml3.dll
  2008-12-28 15:42 2,048 ----a-w c:\windows\System32\tzres.dll
  2008-12-28 15:36 2,927,104 ----a-w c:\windows\explorer.exe
  2008-12-28 15:31 827,392 ----a-w c:\windows\System32\wininet.dll
  2008-12-28 15:28 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
  2008-12-28 15:26 988,216 ----a-w c:\windows\System32\winload.exe
  2008-12-28 15:26 927,288 ----a-w c:\windows\System32\winresume.exe
  2008-12-28 15:26 615,992 ----a-w c:\windows\System32\ci.dll
  2008-12-28 15:26 6,656 ----a-w c:\windows\System32\kbd106n.dll
  2008-12-28 15:26 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
  2008-12-28 15:26 40,960 ----a-w c:\windows\System32\srclient.dll
  2008-12-28 15:26 378,368 ----a-w c:\windows\System32\srcore.dll
  2008-12-28 15:26 318,464 ----a-w c:\windows\System32\rstrui.exe
  2008-12-28 15:26 19,000 ----a-w c:\windows\System32\kd1394.dll
  2008-12-28 15:26 14,848 ----a-w c:\windows\System32\srdelayed.exe
  2008-12-28 15:23 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
  2008-12-28 15:23 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
  2008-12-28 15:23 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
  2008-12-28 15:21 443,392 ----a-w c:\windows\System32\win32spl.dll
  2008-12-28 15:21 37,888 ----a-w c:\windows\System32\printcom.dll
  2008-12-28 15:21 14,848 ----a-w c:\windows\System32\wshrm.dll
  2008-12-28 15:21 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
  2008-12-28 15:20 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
  .
  
  ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  REGEDIT4
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "????r"="" [?]
  "?????????"="??????????????e" [?]
  "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
  "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
  "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
  "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
  "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
  "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
  "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
  "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
  "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
  "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
  "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
  "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
  "VX1000"="c:\windows\vVX1000.exe" [2006-12-06 707360]
  "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
  "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
  
  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
  HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "EnableLUA"= 0 (0x0)
  "FilterAdministratorToken"= 1 (0x1)
  "EnableUIADesktopToggle"= 0 (0x0)
  
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "Windows Live Messenger803"=c:\program files\Windows Live\Messenger\msnmsgr.exe
  "Windows Live Messenger"=c:\program files\Windows Live\Messenger\msnmsgr.exe
  "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
  "Windows Live Messenger48"=c:\program files\Windows Live\Messenger\msnmsgr.exe
  "Windows Mail"=c:\program files\Windows Mail\WinMail.exe
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "UacDisableNotify"=dword:00000001
  "InternetSettingsDisableNotify"=dword:00000001
  "AutoUpdateDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
  "{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
  "{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
  "{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
  "{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
  "{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
  "{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
  "{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
  "{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
  "{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
  "{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
  "{E34853DF-1AA7-43F9-93FF-43825A6980DC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
  "{AED0F478-08B1-4151-ACB5-EEBB58B9E895}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
  "{EBCF35D6-6042-457C-B135-81AD990E3EE6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
  "{22099A16-220F-4DDB-B938-800157135E22}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
  "{0364A7FC-E2CE-4FA4-9B4E-32A993D10799}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
  "{93D11F8F-9E55-4D72-8495-D3EEFBEE5066}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
  "{310B0F76-A13C-4E87-BE77-8FEE053F4514}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
  "{681F342B-0670-46F3-AEF8-CFF014245080}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
  "{23FAE572-03E8-4328-849B-12AFA904EDBF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
  "EnableFirewall"= 0 (0x0)
  
  R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090129.001\IDSvix86.sys [2009-01-30 270384]
  R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-28 99376]
  R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-10-03 37936]
  
  --- Autres Services/Pilotes en mémoire ---
  
  *NewlyCreated* - COMHOST
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
  hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
  
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  UxTuneUp
  
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b23453c-d4fc-11dd-b965-0019db33997e}]
  \shell\AutoRun\command - K:\ClickMe.exe
  .
  Contenu du dossier 'Tâches planifiées'
  
  2009-02-11 c:\windows\Tasks\Maintenance en 1 clic.job
  - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
  
  2009-02-06 c:\windows\Tasks\Norton Internet Security - Analyse système complète - thalie.job
  - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 05:30]
  
  2009-02-10 c:\windows\Tasks\User_Feed_Synchronization-{62A5334B-7F93-477E-9A5F-8BC6A15143C9}.job
  - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
  .
  .
  ------- Examen supplémentaire -------
  .
  uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
  mWindow Title =
  .
  
  **************************************************************************
  
  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-02-11 11:58:26
  Windows 6.0.6001 Service Pack 1 NTFS
  
  Recherche de processus cachés ...
  
  Recherche d'éléments en démarrage automatique cachés ...
  
  Recherche de fichiers cachés ...
  
  Scan terminé avec succès
  Fichiers cachés: 0
  
  **************************************************************************
  .
  --------------------- DLLs chargées dans les processus actifs ---------------------
  
  - - - - - - - > 'Explorer.exe'(268)
  c:\windows\system32\MsnChatHook.dll
  c:\windows\system32\sysenv.dll
  c:\windows\system32\ShowErrMsg.dll
  .
  Heure de fin: 2009-02-11 12:00:45
  ComboFix-quarantined-files.txt 2009-02-11 11:00:41
  
  Avant-CF: 79 845 126 144 octets libres
  Après-CF: 79,834,337,280 octets libres
  
  254 --- E O F --- 2009-02-10 08:40:49
  
  0
2. pupuce298 Messages postés 166 Statut Membre
  
  ALogfile of Trend Micro HijackThis v2.0.2
  Scan saved at 12:28:40, on 11/02/2009
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal
  
  Running processes:
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Windows\system32\taskeng.exe
  C:\Windows\RtHDVCpl.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
  C:\Windows\System32\SysMonitor.exe
  C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Windows\vVX1000.exe
  C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
  C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O1 - Hosts: ::1 localhost
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
  O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
  O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
  O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
  O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
  O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [?????????] ??????????????e
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - Global Startup: Empowering Technology Launcher.lnk = ?
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O13 - Gopher Prefix:
  O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
  O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
  O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
  
  0
Réponse 18 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Bonsoir,

▶ Dans la barre des tâches, clique sur Démarrer

▶ Tape Msconfig dans la zone Recherche puis valide

▶ Clique sur l'onglet "Démarrage"

▶ Vérifie si tu vois un processus avec tout des points d'interrogation (????????????)

▶ Si tu le vois, coche la case

▶ Ensuite clique sur Appliquer ==> OK

Ensuite refais un nouveau rapport hijackthis si tu as pu le désactiver
0
1. pupuce298 Messages postés 166 Statut Membre
  
  -non je ne vois aucun point d'interrogation par contre je vois des écritures chinoises- et toutes les cases sont déjà cochées
  pupuce298
  
  0
Réponse 19 / 45
Utilisateur anonyme

Hello Geoffrey.

Le plus simple est de supprimer ces deux valeurs :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"????r"=-
"?????????"=-

++
0
Réponse 20 / 45
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Merci Cyril ;-)

pupuce, fais ceci stp :

▶ Copie le texte en gras ci-dessous :

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
"?????????"=-

▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

▶ Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

▶ Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
1. pupuce298 Messages postés 166 Statut Membre
  
  je ne sais pas comment faire les parenthèses . peux tu me le dire stp merci
  
  0
2. pupuce298 Messages postés 166 Statut Membre
  
  je ne sais pas comment faire les parenthèses . peux tu me le dire stp merci
  
  0
3. pupuce298 Messages postés 166 Statut Membre
  
  ni ecrire en gras
  
  0

Virus?

45 réponses

Discussions similaires

Newsletters