Virus

yeahwoman -  
 yeahwoman -
Bonjour,

je pense que j'ai un virus sur mon pc, facebimg un truc dans ce genre la, mais je ne suis pas experte en informatique donc pouvez-vous m'aider
Configuration: Windows Vista
Internet Explorer 7.0

8 réponses

  1. sherred Messages postés 8605 Statut Membre 351
     
    télécharge hijackthis http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> enregistre la cible sous .... "le bureau" renomme hijackthis.exe en par exemple HJT.exe

    -> Fais un double-clic sur "HJT.exe" afin de lancer l'installation

    -> Clique sur Install ensuite sur "I Accept"

    -> Clique sur" Do a scan system and save log file"

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    http://www.tutoriaux-excalibur.com/hijackthis.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    0
    1. yeahwoman
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:35:49, on 23/02/2009
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\DellTPad\Apoint.exe
      C:\Windows\OEM02Mon.exe
      C:\Program Files\Java\jre1.6.0\bin\jusched.exe
      C:\Windows\System32\ico.exe
      C:\Program Files\Dell\MediaDirect\PCMService.exe
      C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Dell Support Center\bin\sprtcmd.exe
      C:\Program Files\DellTPad\ApMsgFwd.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Windows\System32\Pmxmiced.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\DellTPad\HidFind.exe
      C:\Program Files\DellTPad\Apntex.exe
      C:\Program Files\OrangeHSS\Launcher\Launcher.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\Users\Béné\AppData\Local\eskcw.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Program Files\OrangeHSS\systray\systrayapp.exe
      C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
      C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
      O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
      O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
      O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
      O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SD6C2.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [eskcw] "c:\users\béné\appdata\local\eskcw.exe" eskcw
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
      O4 - Global Startup: QuickSet.lnk = ?
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O13 - Gopher Prefix:
      O15 - Trusted Zone: http://*.mappy.com
      O15 - Trusted Zone: http://*.orange.fr
      O15 - Trusted Zone: http://rw.search.ke.voila.fr
      O15 - Trusted Zone: http://orange.weborama.fr
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
      O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
    2. yeahwoman
       
      Que dois-je faire après?
      0
  2. sherred Messages postés 8605 Statut Membre 351
     
    télechargez Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    le programme va se mettre automatiquement a jour.
    S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
    https://www.malekal.com/tutorial-aboutbuster/
    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
    1. yeahwoman
       
      Malwarebytes' Anti-Malware 1.34
      Version de la base de données: 1795
      Windows 6.0.6001 Service Pack 1

      23/02/2009 17:31:05
      mbam-log-2009-02-23 (17-31-05).txt

      Type de recherche: Examen rapide
      Eléments examinés: 57566
      Temps écoulé: 4 minute(s), 4 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 33
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 7
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
      C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      0
    2. yeahwoman
       
      Reste-t-il beacoup de manip car d'ici peux jdois partir?
      merci
      0
  3. sherred Messages postés 8605 Statut Membre 351
     
    Télécharge Ad-Remover (de C_XX) sur ton Bureau.

    /!\ Déconnecte toi et ferme toutes les applications en cours /!\

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Fais un clic-droit sur l'icône Ad-remover située sur ton Bureau et choisis "Exécuter en temps qu'administrateur"
    ● Au menu principal choisis l'option "A"
    ● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

    puis

    Télécharge Navilog1.exe http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe?thread
    Choisis Enregistrer sous.... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Si, lors du téléchargement, ton Antivirus fais une alerte, ignore-là
    c'est un faux positif, une fausse alerte..
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau
    Au menu principal, choisis 1 et valide.
    ne fais pas le choix 2,3 ou 4
    Analyse Terminée
    Appuie sur une touche , le bloc-note va s'ouvrir.
    Copie/colle l'intégralité du rapport
    0
    1. yeahwoman
       
      ------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------

      Updated by C_XX on 25/02/2009 at 13:30

      Start at: 15:04:14 | Thu 26/02/2009 | Boot mode: Safe Boot
      Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
      Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
      Computer Name: PC-DE-BN
      Current User: B‚n‚ - Administrator
      Drive(s):
      - C:\ (File System: NTFS)
      - D:\ (File System: NTFS)
      System Drive: C:\
      Windows Directory: C:\Windows\
      System Directory: C:\Windows\System32\

      --- Running Processes: 20
      --- User Account Control is ENABLE

      +-----------------| Boonty/Boonty Games Elements Found:

      Service: Boonty Games
      .
      HKCU\Software\Boonty
      HKLM\Software\Boonty
      HKLM\System\ControlSet001\Services\Boonty Games
      HKLM\System\ControlSet002\Services\Boonty Games
      HKLM\System\CurrentControlSet\Services\Boonty Games
      .
      C:\Boonty
      C:\Boonty\Components
      C:\Boonty\Games
      C:\Program Files\Common Files\BOONTY Shared
      C:\Program Files\Common Files\BOONTY Shared\Service
      C:\ProgramData\BOONTY
      C:\ProgramData\BOONTY\Licenses
      \BOONTY
      C:\BOONTY\Components
      C:\BOONTY\Games

      +-----------------| Eorezo Elements Found:

      .

      +-----------------| Infected Poker Softwares Elements Found:

      HKCU\Software\Titan Poker
      HKLM\Software\Titan Poker
      HKU\S-1-5-21-4030659283-3226559738-3054947939-1000\Software\Titan Poker
      .

      +-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

      .
      HKCU\Software\AppDataLow\software\MyWebSearch
      HKCU\Software\FunWebProducts
      HKU\S-1-5-21-4030659283-3226559738-3054947939-1000\Software\Appdatalow\Software\Fun Web Products
      HKU\S-1-5-21-4030659283-3226559738-3054947939-1000\Software\Appdatalow\Software\MyWebSearch
      .
      C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch
      C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch\bar
      C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch\bar\Cache
      C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch\bar\History
      C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch\bar\Message
      C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch\bar\Settings
      C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch\bar\Message\COMMON
      C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts
      C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts\Data
      C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts\Installr
      C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts\PopSwatr
      C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts\Shared
      C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts\Installr\Cache
      C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts\PopSwatr\History
      C:\Program Files\Windows Live\Messenger\Riched20.dll

      +-----------------| It's TV Elements Found:

      .

      +-----------------| Sweetim Elements Found:

      .

      +-----------------| Other Adwares Found:

      .
      .
      C:\Users\B‚n‚\AppData\Roaming\Microsoft\Windows\Cookies\b‚n‚@atdmt[2].txt
      C:\Users\B‚n‚\AppData\Roaming\Microsoft\Windows\Cookies\b‚n‚@atdmt[3].txt
      C:\Users\B‚n‚\AppData\Roaming\Microsoft\Windows\Cookies\b‚n‚@bs.serving-sys[2].txt

      +-----------------| Added Scan:

      ---- Mozilla FireFox Version [Unable to get version] ----

      ProfilePath: ha7zqpcu.default
      .
      .
      .
      .
      .
      .

      ---- Internet Explorer Version 7.0.6001.18000 ----

      +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

      +-[HKEY_USERS\S-1-5-21-4030659283-3226559738-3054947939-1000\..\Internet Explorer\Main]

      Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: hxxp://ieframe.dll/tabswelcome.htm

      +---------------------------------------------------------------------------+

      [~4048 Bytes] - C:\Ad-Report-Scan-26.02.2009.log

      - C:\Program Files\Ad-remover\TOOLS\BACKUP
      - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

      End at: 15:05:02 | 26/02/2009
      .
      +-----------------| E.O.F - 97 Lines
      .
      0
    2. yeahwoman
       
      Search Navipromo version 3.7.4 commencé le 26/02/2009 à 15:09:58,93

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1

      Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz )
      BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
      USER : Béné ( Administrator )
      BOOT : Fail-safe boot

      Antivirus : avast! antivirus 4.8.1229 [VPS 081125-1] 4.8.1229 (Activated)


      C:\ (Local Disk) - NTFS - Total:136 Go (Free:40 Go)
      D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
      E:\ (CD or DVD)


      Recherche executé en mode sans échec

      *** Recherche Programmes installés ***


      *** Recherche dossiers dans "C:\Windows" ***


      *** Recherche dossiers dans "C:\Program Files" ***


      *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


      *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


      *** Recherche dossiers dans "C:\ProgramData" ***


      *** Recherche dossiers dans "c:\users\bnd501~1\appdata\roaming\micros~1\windows\startm~1\programs" ***


      *** Recherche dossiers dans "C:\Users\B‚n‚\AppData\Local\virtualstore\Program Files" ***

      ...\InternetGameBox trouvé !


      *** Recherche dossiers dans "C:\Users\B‚n‚\AppData\Local" ***




      *** Recherche dossiers dans "C:\Users\B‚n‚\AppData\Roaming" ***


      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\Windows\system32" *

      * Recherche dans "C:\Users\B‚n‚\AppData\Local\Microsoft" *

      * Recherche dans "C:\Users\B‚n‚\AppData\Local\virtualstore\windows\system32" *

      * Recherche dans "C:\Users\B‚n‚\AppData\Local" *



      *** Recherche fichiers ***



      *** Recherche clés spécifiques dans le Registre ***
      !! Les clés trouvées ne sont pas forcément infectées !!


      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "eskcw"="\"c:\\users\\b‚n‚\\appdata\\local\\eskcw.exe\" eskcw"


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\Windows\system32" :


      * Dans "C:\Users\B‚n‚\AppData\Local\Microsoft" :


      * Dans "C:\Users\B‚n‚\AppData\Local\virtualstore\windows\system32" :


      * Dans "C:\Users\B‚n‚\AppData\Local" :

      eskcw.exe trouvé !
      eskcw.dat trouvé !
      eskcw_nav.dat trouvé !
      eskcw_navps.dat trouvé !

      3)Recherche Certificats :

      Certificat Egroup trouvé !
      Certificat Electronic-Group trouvé !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit trouvé !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche autres dossiers et fichiers connus :



      *** Analyse terminée le 26/02/2009 à 15:11:09,04 ***
      0
  4. sherred Messages postés 8605 Statut Membre 351
     
    et bien ya du monde

    Déconnectes toi et fermes toutes applications en cours !

    * Relances "Ad-remover" : au menu principal choisi l'option "B" . clean
    puis
    A supprimer tout

    --> le programme va travailler ...

    * Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

    ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
    -----------------------------------------------------------------
    ensuite relance NAVILOG1
    avec l'option 2

    et colle le rapport une fois la desinfection terminée
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. yeahwoman
     
    ------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------

    Updated by C_XX on 25/02/2009 at 13:30

    *** LIMITED TO ***

    Boonty/BoontyGames
    Eorezo
    Infected Poker Softwares
    FunWebProduct/MyWay/MyWebSearch
    It's TV
    Sweetim
    Other Adwares

    ******************

    Start at: 19:44:04 | Thu 26/02/2009 | Boot mode: Safe Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
    Computer Name: PC-DE-BN
    Current User: B‚n‚ - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\Windows\
    System Directory: C:\Windows\System32\

    --- Running Processes: 20
    --- User Account Control is ENABLE

    (!) ---- IE start pages/Tabs reset

    +--------------------| Boonty/Boonty Games Elements Deleted :

    /!\ NOT DELETED - Service: "Boonty Games"
    .
    HKCU\Software\Boonty
    /!\ NOT DELETED - HKLM\Software\Boonty
    /!\ NOT DELETED - HKLM\System\ControlSet001\Services\Boonty Games
    /!\ NOT DELETED - HKLM\System\ControlSet002\Services\Boonty Games
    /!\ NOT DELETED - HKLM\System\CurrentControlSet\Services\Boonty Games
    .
    C:\Boonty
    C:\ProgramData\BOONTY
    C:\Users\All Users\BOONTY
    C:\Program Files\Common Files\BOONTY Shared

    +-----------------| Eorezo Elements Deleted :

    .

    +-----------------| Infected Poker Softwares Elements Deleted :

    HKCU\Software\Titan Poker
    /!\ NOT DELETED - HKLM\Software\Titan Poker
    .

    +-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    HKCU\Software\AppDataLow\software\MyWebSearch
    HKCU\Software\FunWebProducts
    /!\ NOT DELETED - HKU\S-1-5-21-4030659283-3226559738-3054947939-1000\Software\Appdatalow\Software\Fun Web Products
    .
    C:\Users\B‚n‚\Appdata\LocalLow\MyWebSearch
    C:\Users\B‚n‚\Appdata\LocalLow\FunWebProducts
    C:\Program Files\Windows Live\Messenger\Riched20.dll

    +-----------------| It's TV Elements Deleted :

    .

    +-----------------| Sweetim Elements Deleted :

    .

    +-----------------| Other Adwares Deleted:

    .
    .
    C:\Users\B‚n‚\AppData\Roaming\Microsoft\Windows\Cookies\b‚n‚@atdmt[2].txt
    C:\Users\B‚n‚\AppData\Roaming\Microsoft\Windows\Cookies\b‚n‚@atdmt[3].txt
    C:\Users\B‚n‚\AppData\Roaming\Microsoft\Windows\Cookies\b‚n‚@bs.serving-sys[2].txt

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    ************* /!\ REGISTRY ELEMENT(S) NOT DELETED /!\ *************

    "HKLM\Software\Boonty"
    "HKLM\System\ControlSet001\Services\Boonty Games"
    "HKLM\System\ControlSet002\Services\Boonty Games"
    "HKLM\System\CurrentControlSet\Services\Boonty Games"
    "HKLM\Software\Titan Poker"
    "HKU\S-1-5-21-4030659283-3226559738-3054947939-1000\Software\Appdatalow\Software\Fun Web Products"

    Second run ...

    RESIST ! - ""HKLM\Software\Boonty""
    DELETED ! - ""HKLM\System\ControlSet001\Services\Boonty Games""
    DELETED ! - ""HKLM\System\ControlSet002\Services\Boonty Games""
    DELETED ! - ""HKLM\System\CurrentControlSet\Services\Boonty Games""
    DELETED ! - ""HKLM\Software\Titan Poker""
    DELETED ! - ""HKU\S-1-5-21-4030659283-3226559738-3054947939-1000\Software\Appdatalow\Software\Fun Web Products""

    +-----------------| Added Scan :

    ---- Mozilla FireFox Version [Unable to get version] ----

    ProfilePath: ha7zqpcu.default
    .
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 7.0.6001.18000 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +-[HKEY_USERS\S-1-5-21-4030659283-3226559738-3054947939-1000\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    [~4783 Bytes] - C:\Ad-Report-Clean-26.02.2009.log
    [~4269 Bytes] - C:\Ad-Report-Scan-26.02.2009.log

    - C:\Program Files\Ad-remover\TOOLS\BACKUP
    - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

    End at: 19:47:17 | 26/02/2009
    .
    +-----------------| E.O.F - 109 Lines
    .
    0
  7. yeahwoman
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:49:19, on 26/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\explorer.exe
    C:\Users\Béné\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SD6C2.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [wkkck] "c:\users\béné\appdata\local\wkkck.exe" wkkck
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  8. yeahwoman
     
    Clean Navipromo version 3.7.4 commencé le 26/02/2009 à 19:58:41,98

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
    USER : Béné ( Administrator )
    BOOT : Fail-safe boot

    Antivirus : avast! antivirus 4.8.1229 [VPS 081125-1] 4.8.1229 (Activated)

    C:\ (Local Disk) - NTFS - Total:136 Go (Free:42 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
    E:\ (CD or DVD)

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS

    Nettoyage executé en mode sans échec

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\Windows\System32" *

    * Suppression dans "C:\Users\B‚n‚\AppData\Local\Microsoft" *

    * Suppression dans "C:\Users\B‚n‚\AppData\Local\virtualstore\windows\system32" *

    * Suppression dans "C:\Users\B‚n‚\AppData\Local" *

    *** Suppression dossiers dans "C:\Windows" ***

    *** Suppression dossiers dans "C:\Program Files" ***

    *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

    *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

    *** Suppression dossiers dans "C:\ProgramData" ***

    *** Suppression dossiers dans c:\users\bnd501~1\appdata\roaming\micros~1\windows\startm~1\programs ***

    *** Suppression dossiers dans "C:\Users\B‚n‚\AppData\Local\virtualstore\Program Files" ***

    ...\InternetGamebox ...suppression...
    ...\InternetGamebox supprimé !

    *** Suppression dossiers dans "C:\Users\B‚n‚\AppData\Local" ***

    *** Suppression dossiers dans "C:\Users\B‚n‚\AppData\Roaming" ***

    *** Suppression fichiers ***

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\Windows\Temp effectué !
    Nettoyage contenu C:\Users\BND501~1\AppData\Local\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :

    * Dans "C:\Windows\system32" *

    * Dans "C:\Users\B‚n‚\AppData\Local\Microsoft" *

    * Dans "C:\Users\B‚n‚\AppData\Local\virtualstore\windows\system32" *

    * Dans "C:\Users\B‚n‚\AppData\Local" *

    wkkck.exe trouvé !
    Copie wkkck.exe réalisée avec succès !
    wkkck.exe supprimé !

    wkkck.dat trouvé !
    Copie wkkck.dat réalisée avec succès !
    wkkck.dat supprimé !

    wkkck_nav.dat trouvé !
    Copie wkkck_nav.dat réalisée avec succès !
    wkkck_nav.dat supprimé !

    wkkck_navps.dat trouvé !
    Copie wkkck_navps.dat réalisée avec succès !
    wkkck_navps.dat supprimé !

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Recherche autres dossiers et fichiers connus ***

    *** Nettoyage terminé le 26/02/2009 à 20:00:20,31 ***
    0
  9. sherred Messages postés 8605 Statut Membre 351
     
    il semble rester des traces

    1) redemare hijac coche la ligne ci-dessous et clic fix checked
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
    et clic fix checked

    2)desinstalle si toujours present via ajout/supp de programmes Boonty Games

    3)supprime les fichiers/ dossiers si toujours existant:
    dans C:\Program Files\Fichiers communs\ ou C:\Program Files\Common Files\
    supprime--->BOONTY Shared
    dans C:\Program Files\
    supprime---->BOONTY games

    4)telecharge SpywareBlaster qui va t'aider à completer la protection de ton navigateur
    https://www.01net.com/outils/telecharger/windows/Securite/anti-spyware/fiches/tele28872.html
    Lancer SpywareBlaster, sélection de l'onglet Updates

    "puis cliquer sur Check for Updates
    pour la mise à jour des définitions comportant une base de données
    de signatures des contrôles AvtiveX hostiles connus"

    Après le téléchargement, cliquer sur Enable Protection for All Unprotected Items
    Ou lors d'une premier installation sans mise à jour de la base des définitions,
    cliquer sur Protection Status puis sur Enable All Protection ,
    Un fois que cela est fini vous allez voir 0 items have protections disabled

    5)Ccleaner http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
    tu fait le nettoyage
    Fichiers temporaires de Windows
    Cookies, cache, historique d'Internet Explorer, Opera et Firefox
    Documents récents de Windows
    et ensuite reparation de la base de registre.

    6)ToolsCleaner, merci A.Rothstein & Dj Quiou,
    http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
    qui va désinstaller les outils que l'on a utilisés
    qui peuvent être dangereux pour ton PC

    7) comment ce comporte ton pc ?
    0
    1. yeahwoman
       
      Mon pc a l'air de fonctionner normalement
      Merci sans toi, je n'y serai jamais arrivée.
      0