HELP ordi infecté 2

turbulent13 Messages postés 41 Statut Membre -  
turbulent13 Messages postés 41 Statut Membre -
Bonjour,
Bonjour,
Je vous écris pour la 2eme fois (escusez moi de faire le boulet mais ca avait telment porté ces fruits la derniere fois que je reviens) En fait suite a une véritable attaque de virus (adware, trojan...) je reçois depuis maintenant 2jours des alertes virus ou logiciel malveillants (ca peut monter jusqu'à 10 en 5min) quand les propositions de la par d'AVIRA sont "suppression, ignorer, quarantaine..." je choisis supprimer. ca ne marche pas du premier coup mais quelques fois en insistant certains ont pu être supprimé.
Mais la plupart (selon mon dernier rapport d'Avira) 17 tres exactement sont apparemment placé en quarantaine, mais bon ils sont toujours là et en plus je ne parviens pas a trouver de quelle façon on n'accède au dossier quarantaine d'Avira.
Bref en tout cas toujours est il que Depuis cette "possible" infection le pc ralentit un peu, donc je souhaiterai savoir ce que vous en pensez, je vous mets ci-dessous le rapport Hijackthis.
ps: j'ai sur mon bureau Ad-remover esque vous pensez que ca pourrait m'etre utile...
MERCI D AVANCE...

RAPPORT HijackThis
Logfile of Trend Micro v2.0.2
Scan saved at 01:55:20, on 20/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\SweetIM\Messenger\SweetIM.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
d:\program files\avira\antivir desktop\avcenter.exe
D:\Program Files\Avira\AntiVir Desktop\avscan.exe
E:\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yougoo.fr/renseignement
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SweetIM] D:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ASKUpgrade - Unknown owner - D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7835 bytes
Configuration: Windows XP
Firefox 3.0.11

24 réponses

  • 1
  • 2
  1. gen-hackman
     
    salut :

    redemarre ton pc en mode sans echec puis :

    ♦ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ♦ Laisse travailler l'outil et ne touche à rien ...

    ♦ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  2. turbulent13 Messages postés 41 Statut Membre
     
    yep, merci pour le coup de main voilà le rapport ad remover et d'aprés ce que je vois apperement j'avais gavé de software et autres merde du meme genre non ?
    Esque ca suffit tu penses ?
    Voilà le rapport:

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 17:59:11, 20/07/2009 | Mode sans echec | Option: CLEAN
    Exécuté de: D:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
    Nom du PC: PAULO | Utilisateur actuel: POLO
    .
    N'est pas administrateur: ASPNET
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité
    Administrateur: LogMeInRemoteUser
    Administrateur: Mika *Desactive*
    Administrateur: POLO
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: "ASKUpgrade"
    .
    HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    HKCR\MediaPlayer.GraphicsUtils
    HKCR\MediaPlayer.GraphicsUtils.1
    HKCR\MgMediaPlayer.GifAnimator
    HKCR\MgMediaPlayer.GifAnimator.1
    HKCR\SWEETIE.IEToolbar
    HKCR\SWEETIE.IEToolbar.1
    HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
    HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
    HKCR\Toolbar3.SWEETIE
    HKCR\Toolbar3.SWEETIE.1
    HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCU\Software\SweetIM
    HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    HKLM\Software\SweetIM
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\logs
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\update
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\adapter.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\autoupdate.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\logger.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\messages.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\sweetim.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\sweetimapp.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\main_user_config.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\turbulent13@hotmail.fr
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\turbulent13@hotmail.fr\content_update_notification.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\turbulent13@hotmail.fr\emoticons_shortcut.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\turbulent13@hotmail.fr\user_config.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010859.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001086F.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010893.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001093E.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010968.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010993.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0002013F.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00030097.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00030099.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0004001F.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00040106.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00050004.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00050005.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080017.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008001A.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080051.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080052.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080060.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800EC.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800F2.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\01050007.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\02050001.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\02050002.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\cache_indx.dat
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache\79364243b9dac7ae8d7a0ecd142b9032.toolbar34.xml
    D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\contents.rdf
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\SweetIMToolbarData\logs
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\SweetIMToolbarData
    D:\Program Files\AskBarDis\bar
    D:\Program Files\AskBarDis\PopSwatter
    D:\Program Files\AskBarDis\unins000.dat
    D:\Program Files\AskBarDis\unins000.exe
    D:\Program Files\AskBarDis\bar\bin
    D:\Program Files\AskBarDis\bar\Cache
    D:\Program Files\AskBarDis\bar\History
    D:\Program Files\AskBarDis\bar\Settings
    D:\Program Files\AskBarDis\bar\bin\askBar.dll
    D:\Program Files\AskBarDis\bar\bin\askPopStp.dll
    D:\Program Files\AskBarDis\bar\bin\AskSplash.exe
    D:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
    D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    D:\Program Files\AskBarDis\bar\bin\psvince.dll
    D:\Program Files\AskBarDis\bar\Cache\001481C1
    D:\Program Files\AskBarDis\bar\Cache\04D86EF6.bin
    D:\Program Files\AskBarDis\bar\Cache\04D871A6.bin
    D:\Program Files\AskBarDis\bar\Cache\04D87540.bin
    D:\Program Files\AskBarDis\bar\Cache\04D876A7.bin
    D:\Program Files\AskBarDis\bar\Cache\04D877FF.bin
    D:\Program Files\AskBarDis\bar\Cache\04D87928.bin
    D:\Program Files\AskBarDis\bar\Cache\files.ini
    D:\Program Files\AskBarDis\bar\History\search
    D:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
    D:\Program Files\AskBarDis\bar\Settings\config.dat
    D:\Program Files\AskBarDis\bar\Settings\config.dat.bak
    D:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
    D:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
    D:\Program Files\AskBarDis\PopSwatter\History
    D:\Program Files\AskBarDis\PopSwatter\History\allowed
    D:\Program Files\AskBarDis\PopSwatter\History\notallow
    D:\Program Files\AskBarDis
    D:\Program Files\SweetIM\Messenger
    D:\Program Files\SweetIM\Toolbars
    D:\Program Files\SweetIM\Messenger\default.xml
    D:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
    D:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
    D:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
    D:\Program Files\SweetIM\Messenger\mgArchive.dll
    D:\Program Files\SweetIM\Messenger\mgcommon.dll
    D:\Program Files\SweetIM\Messenger\mgcommunication.dll
    D:\Program Files\SweetIM\Messenger\mgconfig.dll
    D:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
    D:\Program Files\SweetIM\Messenger\mghooking.dll
    D:\Program Files\SweetIM\Messenger\mgICQAuto.dll
    D:\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll
    D:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
    D:\Program Files\SweetIM\Messenger\mglogger.dll
    D:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
    D:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
    D:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
    D:\Program Files\SweetIM\Messenger\mgsimcommon.dll
    D:\Program Files\SweetIM\Messenger\mgSweetIM.dll
    D:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
    D:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
    D:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
    D:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
    D:\Program Files\SweetIM\Messenger\msvcp71.dll
    D:\Program Files\SweetIM\Messenger\msvcr71.dll
    D:\Program Files\SweetIM\Messenger\resources
    D:\Program Files\SweetIM\Messenger\SweetIM.exe
    D:\Program Files\SweetIM\Messenger\resources\images
    D:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
    D:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
    D:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
    D:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
    D:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
    D:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\live.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
    D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
    D:\Program Files\SweetIM
    D:\DOCUME~1\POLO\APPLIC~1\Mozilla\Firefox\Profiles\p2g8qcd4.default\searchplugins\sweetim.xml
    D:\WINDOWS\Installer\33316d7.msi
    D:\WINDOWS\Installer\33316de.msi
    D:\WINDOWS\Prefetch\SWEETIM.EXE-2180BCF4.pf

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 3.5.1 *

    Nom du profil: p2g8qcd4.default (POLO)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "SweetIM Search");
    (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "chrome://browser-region/locale/region.properties");
    (Prefs.js) user_pref("browser.search.selectedEngine", "YouGoo");
    (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "YouGoo");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.1");
    (Prefs.js) user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.fr/firefox");
    .
    (prefs.js) EFFACÉ: user_pref("browser.search.defaultenginename", "SweetIM Search");
    (prefs.js) EFFACÉ: user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.mode.debug", "false");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "chrome://browser-region/locale/region.properties");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "YouGoo");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.fr/firefox");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.history", "http%3A%2F%2Fwww.ek23sound.org%2F");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.history.capacity", "10");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.simapp_id", "{C6F39622-C446-4527-9CB7-80E4AAB2846F}");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
    (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.version", "1.0.0.8");
    .

    * Internet Explorer Version 8.0.6001.18702 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/?ocid=iehp
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    D:\Documents and Settings\POLO\.housecall6.6\patch.exe
    .
    ===================================
    .
    27224 Octet(s) - D:\Ad-Report-CLEAN.log
    .
    0 Fichier(s) - D:\DOCUME~1\POLO\LOCALS~1\Temp
    45 Fichier(s) - D:\WINDOWS\Temp
    .
    17 Fichier(s) - D:\Program Files\Ad-remover\BACKUP
    40 Fichier(s) - D:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 18:21:44 | 20/07/2009
    .
    ============== E.O.F ==============
    .
    0
  3. gen-hackman
     
    lol

    vide la quarantaine d'avira , relance ad-remover , option desinstall puis :

    Télécharge OTL de OLDTimer

    et enregistre le sur ton Bureau.

    Double clic sur OTL.exe pour le lancer.

    Coche les 2 cases Lop et Purity

    Coche la case devant scan all users

    Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    Clique sur Parcourir et cherche le fichier ci-dessus.

    Clique sur Ouvrir.

    Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    Copie ce lien dans ta réponse.

    Tu feras la meme chose avec le "Extra.txt" s'il t'est demandé
    0
  4. turbulent13 Messages postés 41 Statut Membre
     
    Alors en fait ca tombe bien que tu m'en parle parce que depuis quelques jours je cherche désespérément comment accéder a la quarantaine d'avira ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. turbulent13 Messages postés 41 Statut Membre
     
    MERCI POUR LE TUTO VOILA POUR LE RAPPORT OTL http://www.cijoint.fr/cjlink.php?file=cj200907/cijyVVOGue.txt
    et pour l'extra
    http://www.cijoint.fr/cjlink.php?file=cj200907/cijfOwOjxY.txt
    0
  7. gen-hackman
     

    /!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

    ♦ Surtout , penses à l'enregistrement à renommer Combofix en "ton prenom.exe"


    _________________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    =====================================================</gras>

    ♦ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Avant d'utiliser ComboFix :
    ______________________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    ♦ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ♦ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    >> Reviens sur le forum, et

    ♦ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  8. turbulent13 Messages postés 41 Statut Membre
     
    voila pour combo fix:

    ComboFix 09-07-20.05 - POLO 21/07/2009 13:00.2.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1791.1372 [GMT 2:00]
    Running from: E:\turbulent13combo.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\documents and settings\POLO\Application Data\bcrypt.html
    d:\documents and settings\POLO\Application Data\wiaserva.log
    d:\documents and settings\POLO\Application Data\wiaservg.log
    d:\recycler\S-1-5-21-5152997220-9835378103-866009470-1409
    d:\windows\Install.txt
    d:\windows\system32\geyekraprfbkct.dat
    d:\windows\system32\geyekrndyejguw.dll
    d:\windows\system32\ghaf8jkdfd.dll
    d:\windows\system32\Install.txt

    Infected copy of d:\windows\system32\drivers\ndis.sys was found and disinfected
    Restored copy from - The cat ate it :)
    .
    ((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
    .

    2009-07-21 10:57 . 2009-07-21 10:58 -------- d-s---w- D:\ComboFix
    2009-07-20 17:08 . 2009-07-20 17:09 -------- dc-h--w- d:\windows\ie8
    2009-07-20 16:41 . 2009-07-20 16:41 -------- d-----w- d:\documents and settings\All Users\Application Data\AOL
    2009-07-20 12:29 . 2009-07-16 12:03 52224 ----a-w- d:\documents and settings\POLO\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{280b5d37-4a76-467a-b3d6-942fca90acde}\components\FFExternalAlert.dll
    2009-07-20 12:29 . 2009-07-16 12:03 114688 ----a-w- d:\documents and settings\POLO\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{280b5d37-4a76-467a-b3d6-942fca90acde}\components\npmozax.dll
    2009-07-19 23:25 . 2009-07-20 20:10 -------- d-----w- d:\program files\Ad-remover
    2009-07-19 20:42 . 2009-07-20 16:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-19 20:42 . 2009-07-19 20:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
    2009-07-19 16:52 . 2009-07-19 16:52 -------- d-sh--w- d:\windows\system32\config\systemprofile\PrivacIE
    2009-07-19 16:52 . 2009-07-19 16:52 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache
    2009-07-19 16:52 . 2009-07-19 16:52 -------- d-----w- d:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
    2009-07-16 23:13 . 2009-07-16 23:34 -------- d-----w- d:\documents and settings\POLO\Application Data\Messenger
    2009-07-12 15:43 . 2009-07-12 15:43 -------- d-----w- d:\program files\VirtualDJ
    2009-07-12 13:08 . 2009-07-12 13:08 -------- d-----w- d:\program files\Google
    2009-07-12 13:07 . 2009-07-13 10:48 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
    2009-07-12 13:07 . 2009-07-13 10:47 -------- d-----w- d:\program files\NOS
    2009-07-07 15:43 . 2009-07-07 15:43 -------- d-----w- d:\program files\Fichiers communs\Windows Live
    2009-06-23 17:55 . 2009-06-23 17:55 -------- d-----w- d:\program files\Fichiers communs\Yahoo!
    2009-06-23 17:55 . 2009-06-23 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
    2009-06-23 17:55 . 2009-06-23 17:55 -------- d-----w- d:\program files\Pinnacle
    2009-06-23 17:54 . 2009-06-23 17:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Pinnacle
    2009-06-22 15:07 . 2009-06-23 20:05 -------- d-----w- d:\program files\AVIConverter

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-21 10:59 . 2004-08-03 21:14 182912 ----a-w- d:\windows\system32\drivers\ndis.sys
    2009-07-20 16:41 . 2008-12-26 13:04 -------- d-----w- d:\documents and settings\All Users\Application Data\ArcSoft
    2009-07-19 20:41 . 2008-07-13 11:45 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
    2009-07-07 15:43 . 2008-06-24 11:49 -------- d-----w- d:\program files\Messenger Plus! Live
    2009-06-23 17:58 . 2009-05-16 19:48 57904 ----a-w- d:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-06-23 17:25 . 2009-06-05 18:54 -------- d-----w- d:\program files\eMule
    2009-06-20 21:27 . 2009-06-20 21:10 -------- d-----w- d:\program files\PurFlirt
    2009-06-19 23:51 . 2009-05-13 16:15 -------- d-----w- d:\documents and settings\POLO\Application Data\Icones
    2009-06-13 16:09 . 2009-05-28 20:00 -------- d-----w- d:\program files\VS Revo Group
    2009-06-13 16:04 . 2009-06-01 17:01 -------- d-----w- d:\program files\Trend Micro
    2009-06-13 15:41 . 2009-03-19 15:17 -------- d-----w- d:\documents and settings\POLO\Application Data\gtk-2.0
    2009-06-13 14:56 . 2009-06-13 14:56 -------- d-----w- d:\program files\GIMP-2.0
    2009-06-13 12:53 . 2009-06-06 15:20 -------- d-----w- d:\program files\ABC
    2009-06-10 12:11 . 2008-06-24 19:48 -------- d-----w- d:\documents and settings\POLO\Application Data\dvdcss
    2009-06-10 10:54 . 2009-06-10 10:54 -------- d-----w- d:\program files\Foxit Software
    2009-06-10 10:54 . 2009-06-10 10:54 -------- d-----w- d:\documents and settings\POLO\Application Data\Foxit
    2009-06-08 23:35 . 2009-06-06 15:20 -------- d-----w- d:\documents and settings\POLO\Application Data\.ABC
    2009-06-08 11:30 . 2009-05-15 11:33 -------- d-----w- d:\program files\Orange
    2009-06-06 14:47 . 2009-06-06 14:45 4212 ---h--w- d:\windows\system32\zllictbl.dat
    2009-06-06 14:45 . 2009-06-06 14:45 -------- d-----w- d:\documents and settings\All Users\Application Data\MailFrontier
    2009-06-06 12:23 . 2009-06-06 12:23 -------- d-----w- d:\documents and settings\POLO\Application Data\vlc
    2009-06-04 21:17 . 2009-06-04 21:17 -------- d-----w- d:\program files\CCleaner
    2009-06-04 00:03 . 2008-07-25 15:29 -------- d-----w- d:\documents and settings\POLO\Application Data\LimeWire
    2009-06-03 18:28 . 2009-06-03 09:17 -------- d-----w- d:\program files\TorrentMan
    2009-06-02 19:49 . 2009-06-02 19:49 -------- d-----w- d:\documents and settings\POLO\Application Data\Ableton
    2009-06-02 15:54 . 2009-06-02 15:54 -------- d-----w- d:\documents and settings\Mika\Application Data\Malwarebytes
    2009-05-22 15:49 . 2009-05-22 15:49 127 ----a-w- d:\documents and settings\POLO\Local Settings\Application Data\fusioncache.dat
    2009-05-22 12:16 . 2008-05-18 18:36 -------- dcsh--w- d:\program files\Fichiers communs\WindowsLiveInstaller
    2009-05-22 12:00 . 2009-05-22 12:00 -------- d-----w- d:\program files\Realtek
    2009-05-22 12:00 . 2008-05-18 15:40 -------- d--h--w- d:\program files\InstallShield Installation Information
    2009-05-22 11:55 . 2009-05-22 11:53 -------- d-----w- d:\documents and settings\All Users\Application Data\ma-config.com
    2009-05-16 16:20 . 2008-05-19 14:28 32432 ----a-w- d:\documents and settings\POLO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-04 15:22 . 2009-05-22 12:00 5075968 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
    2009-04-30 18:11 . 2009-04-30 18:11 135680 ----a-w- d:\documents and settings\POLO\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    2009-04-30 18:11 . 2009-04-13 11:20 86576 ----a-w- d:\documents and settings\POLO\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
    2009-04-30 18:11 . 2009-04-13 11:20 392728 ----a-w- d:\documents and settings\POLO\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
    2009-04-30 18:11 . 2009-04-13 11:20 132672 ----a-w- d:\documents and settings\POLO\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
    2009-04-30 11:31 . 2009-05-22 12:00 17881088 ----a-w- d:\windows\RTHDCPL.EXE
    2008-05-27 14:47 . 2008-05-27 14:47 382352 -c--a-w- d:\program files\xpiinstall.exe
    2009-07-15 22:31 . 2009-07-20 12:29 137208 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E d:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfcfiles.dll
    [-] 2008-05-13 11:50 1548288 C3AB3F01625B68E6A63BA1761A6BEEDD d:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "d:\program files\TorrentMan\tbTor1.dll" [2009-06-03 2094616]

    [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "d:\program files\TorrentMan\tbTor1.dll" [2009-06-03 2094616]

    [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "d:\program files\TorrentMan\tbTor1.dll" [2009-06-03 2094616]

    [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-19 15360]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
    "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2009-03-08 128512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-05-19 13:23 87352 ----a-w- d:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
    path=d:\documents and settings\POLO\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
    backup=d:\windows\pss\Notification de cadeaux MSN.lnkStartup

    [HKLM\~\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    path=d:\documents and settings\POLO\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
    backup=d:\windows\pss\RocketDock.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\Messenger\\msmsgs.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "d:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
    "d:\\Program Files\\ABC\\abc.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "21539:TCP"= 21539:TCP:*:Disabled:BitComet 21539 TCP
    "21539:UDP"= 21539:UDP:*:Disabled:BitComet 21539 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [01/06/2009 23:17 108289]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [26/05/2008 19:47 45848]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\LogMeIn\x86\RaInfo.sys --> d:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [22/05/2009 14:00 1684736]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\program files\MAGIX\Common\Database\bin\fbserver.exe --> e:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
    S3 maconfservice;Ma-Config Service;"c:\maconfservice.exe" --> c:\maconfservice.exe [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-21 d:\windows\Tasks\WGASetup.job
    - d:\windows\system32\KB905474\wgasetup.exe [2009-04-13 20:18]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-msnmsgr - ~d:\program files\Windows Live\Messenger\msnmsgr.exe

    .
    ------- Supplementary Scan -------
    .
    IE: &Recherche AOL Toolbar - d:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: Add to AMV Converter... - c:\amvconverter\grab.html
    IE: E&xporter vers Microsoft Excel - c:\office10\EXCEL.EXE/3000
    IE: MediaManager tool grab multimedia file - c:\mediamanager\grab.html
    TCP: {CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9} = 86.64.145.144,84.103.237.144
    DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_8884.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    FF - ProfilePath - d:\documents and settings\POLO\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\
    FF - prefs.js: browser.search.selectedEngine - YouGoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
    FF - component: d:\documents and settings\POLO\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{280b5d37-4a76-467a-b3d6-942fca90acde}\components\FFExternalAlert.dll
    FF - component: d:\documents and settings\POLO\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
    FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: d:\program files\Mozilla Firefox\plugins\NPPOKER.dll
    FF - plugin: d:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
    d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-21 13:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,2e,48,1f,bf,7f,34,4c,be,5f,33,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,2e,48,1f,bf,7f,34,4c,be,5f,33,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,fa,85,ed,9f,b3,
    2b,cc,2f,c8,28,51,af,b0,29,a3,98,fc,ac,f4,5c,3d,67,f1,bb,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,53,b1,c3,0e,a6,
    a2,3c,9e,71,3b,04,66,8b,46,0d,96,2a,2e,42,f7,70,22,ea,fa,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,27,f4,5a,b9,81,
    26,ce,27,25,da,ec,7e,55,20,c9,26,23,99,50,4e,28,f4,82,e1,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,64,60,25,da,5a,
    81,08,24,3e,1e,9e,e0,57,5a,93,61,2f,0e,44,31,f1,f2,0b,1d,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,62,52,42,67,5d,
    b8,c8,91,cd,44,cd,b9,a6,33,6c,cd,ed,08,83,f2,66,45,95,0f,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,93,c0,1d,73,0f,
    ec,f8,53,b0,18,ed,a7,3f,8d,37,a4,99,2b,38,23,a8,8b,bd,d4,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,de,89,0d,d2,d9,
    e1,14,52,31,77,e1,ba,b1,f8,68,02,2f,f4,9a,4f,eb,77,18,c1,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,26,32,9b,73,cf,
    72,db,c3,83,6c,56,8b,a0,85,96,ab,bc,e5,9e,dd,71,c6,34,f5,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d7,7b,b5,91,5d,
    13,63,2f,51,fa,6e,91,28,9e,14,cc,08,c7,2b,32,90,9e,a6,fd,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,61,1c,58,ad,a2,
    bb,d2,a8,b1,cd,45,5a,a8,c4,f8,b9,30,eb,06,85,6a,5d,2c,06,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a3,62,1d,07,a9,
    04,f6,ce,e3,0e,66,d5,eb,bc,2f,6b,94,1b,6b,e7,de,b7,81,d6,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="d:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,b6,64,99,13,
    0c,21,cb,fa,ea,66,7f,d4,3b,6b,70,66,8b,69,79,17,6b,54,5a,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(612)
    d:\windows\system32\LMIinit.dll

    - - - - - - - > 'explorer.exe'(1644)
    d:\windows\system32\ieframe.dll
    d:\windows\system32\ntshrui.dll
    d:\windows\system32\NETSHELL.dll
    d:\windows\system32\credui.dll
    d:\windows\system32\webcheck.dll
    d:\windows\system32\WPDShServiceObj.dll
    d:\windows\system32\PortableDeviceTypes.dll
    d:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    d:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    d:\program files\Avira\AntiVir Desktop\avguard.exe
    d:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    d:\windows\system32\nvsvc32.exe
    d:\windows\system32\wdfmgr.exe
    d:\windows\system32\WgaTray.exe
    d:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-21 13:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-21 11:07

    Pre-Run: 2 276 257 792 octets libres
    Post-Run: 2 369 425 408 octets libres

    344 --- E O F --- 2009-05-26 10:22
    0
  9. gen-hackman
     
    salut :

    Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :

    !! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

    * Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

    --> Tapes ( option " recherche " ) puis tape sur [Entrée].

    Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )

    Tutoriel

    0
  10. turbulent13 Messages postés 41 Statut Membre
     
    Franchement merci pour toutes tes explications (avec le ptit tuto dispo si necessaire) c'est cool d'aider des boulets en informatique comme moi.
    voila le Rapport Toolbar

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3600+ )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : POLO ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVir Desktop 9.0.1.30 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:69 Go (Free:37 Go)
    D:\ (Local Disk) - NTFS - Total:34 Go (Free:2 Go)
    E:\ (Local Disk) - NTFS - Total:35 Go (Free:33 Go)
    F:\ (CD or DVD)

    "D:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 21/07/2009|14:44 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (POLO) - {280b5d37-4a76-467a-b3d6-942fca90acde} => shareware.pro-fr
    (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
    (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman
    (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "D:\ToolBar SD\TB_1.txt" - 21/07/2009|14:45 - Option : [1]

    -----------\\ Fin du rapport a 14:45:11,73
    0
  11. turbulent13 Messages postés 41 Statut Membre
     
    t a eu mon dernier rapport otl ? Je l'ai posté mais je ne le vois pas...
    0
  12. gen-hackman
     
    salut non

    tu as procedé comme indiqué plus haut ?
    0
  13. turbulent13 Messages postés 41 Statut Membre
     
    A ok c'est pour ca, autant pour moi je te l'avais posté tel quel voila voila...
    http://www.cijoint.fr/cjlink.php?file=cj200907/cijSRHZ8nD.txt
    0
  14. gen-hackman
     
    Télécharge SysProt ( De Swatkat ) sur ton bureau :

    > ! Déconnecte toi, ferme toutes tes applications le temps de la manipe !

    > ! Désactive tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !

    > Double clique sur SysProt.exe afin de le lancer.

    > Clique sur l'onglet "log"

    > Coche toutes les cases présentes dans l'encadré "Write to log" .

    > Puis clique sur le bouton en bas à droite [Create Log] .

    > Le scan démarre , laisse travailler l'outil ( même si il semble avoir planté ...)

    > Au bout d'un moment, une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .

    > Patiente de nouveau ... attends le message de fin indiquant la creation du rapport et clique sur "OK"

    ===> Ferme SysProt, et copie/colle le contenu du rapport ( SysProtLog.txt ) qui a été sauvegardé sur ton bureau dans ta prochaine réponse.
    0
  15. turbulent13 Messages postés 41 Statut Membre
     
    Tiens voila le rapport sysprot mais doit y avoir un souci parce que je n'ai pas eu a faire toutes les manips dont tu m'avais parlé en fait la dernière chose que j'ai faite c'est "create log" et genre 2min après il m'a balancé le rapport, je n'ai pas eu la fenêtre ou il fallait laisser "scan all drives" coché...
    dis moi si tu veux que je le relance.
    en tout cas voilà ce que ca m'a donné:
    http://www.cijoint.fr/cjlink.php?file=cj200907/cijbDIwKzq.txt
    0
  16. gen-hackman
     
    tu as bien cliqué sur l onglet LOG ?
    0
  17. turbulent13
     
    oui oui j'ai etais juste qu'a l'eatpe "create log" 2min apres il m'a proposé un rapport. Je n'ai pas eu a faire ca :
    une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .
    0
  18. turbulent13 Messages postés 41 Statut Membre
     
    ca y est je viens de le faire par contre j'ai lancé ad remover ca a l'air d'avoir fonctionné mais a un moment j'ai arrêter 2min de bloquer devant le pc et quand je suis revenu l'ordi était éteint. je l'ai rallumé en mode normal j'ai étais chercher le rapport, le voilà:
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 14:05:32, 25/07/2009 | Mode sans echec | Option: CLEAN
    Exécuté de: D:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
    Nom du PC: PAULO | Utilisateur actuel: POLO
    .
    N'est pas administrateur: ASPNET
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité
    Administrateur: LogMeInRemoteUser
    Administrateur: Mika *Desactive*
    Administrateur: POLO
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    0
  • 1
  • 2