Probl de pub

assan59 Messages postés 9 Statut Membre -  
assan59 Messages postés 9 Statut Membre -
Bonjour,

De puis quelque temps j'ai des pubs avec mozilla, j'ai fait un scan avec hijckthis et voilà le rapport
Aidez moi SVP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:29, on 29/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http:­//fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http:­//fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http:­//fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http:­//fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {05595372-617F-47E4-B6B1-1B29DBC97767} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0941D65E-F46F-4A19-A488-9505DE25CEFA} - (no file)
O2 - BHO: (no name) - {0F8E6173-E305-44F9-9F74-5CB5D7198619} - (no file)
O2 - BHO: (no name) - {10D6AE97-8350-438A-81D8-AFBE9B28CA5C} - (no file)
O2 - BHO: (no name) - {173738EC-24D9-40AF-B34E-C79BC309B5C4} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {1E6AA990-C800-445F-B784-05F9A86426FF} - (no file)
O2 - BHO: (no name) - {1ED80524-5130-42A0-A281-E6AC6C25674F} - (no file)
O2 - BHO: (no name) - {25CB9566-36B0-462E-9D44-78F46FC25E62} - (no file)
O2 - BHO: (no name) - {2A11CE52-4DDB-4818-AB6F-C9500D10AACF} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30FA50D8-279E-4DFA-AC4E-09294C86B261} - (no file)
O2 - BHO: (no name) - {4360085B-8E5A-4108-B485-605CB263979A} - (no file)
O2 - BHO: (no name) - {4E702B02-983D-4300-8A67-6A4E2AE365E6} - (no file)
O2 - BHO: (no name) - {4FFEFF43-F4CA-482F-B999-920D3A8D0916} - (no file)
O2 - BHO: (no name) - {52C15611-9385-462F-9DCD-FE8C83226CA9} - (no file)
O2 - BHO: (no name) - {5EA3E111-B1E1-4AD7-BF3A-106636AAD237} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {736820AC-DB02-488E-9B5C-BACCEA6AF87A} - (no file)
O2 - BHO: (no name) - {7903044C-CE5D-4D9D-9CDA-9A13434BCB1F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7EFCFB5F-FED2-4CCE-BEC0-9ECF6A3E4387} - (no file)
O2 - BHO: (no name) - {7F9596B5-EB8F-4771-8C14-7B068F0B4C65} - (no file)
O2 - BHO: (no name) - {81FE108B-4397-49D8-97A7-3AC9EF608CEB} - (no file)
O2 - BHO: (no name) - {820B2D1C-0ACB-4C53-9CD7-FB97BFC619A1} - (no file)
O2 - BHO: (no name) - {86425A83-EAC7-438A-A8AB-0F125736145E} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95D749D4-39E2-419C-8FC7-F17F0EB7C0BE} - (no file)
O2 - BHO: (no name) - {964DD63B-AEAA-4FFD-ACF8-098DC30EE63F} - (no file)
O2 - BHO: (no name) - {9B3BFF14-3392-4363-9A08-DCF719A71DF2} - (no file)
O2 - BHO: (no name) - {A5C4AACF-A420-4D05-B1ED-A5701D5C0EB9} - (no file)
O2 - BHO: (no name) - {A83C9FC0-AF53-4D45-A71B-440757A191A6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: (no name) - {B211E0BD-88B6-4ADE-AFFF-116C3945DF2D} - (no file)
O2 - BHO: (no name) - {B33AE7D1-9ABD-4991-B4C9-BBC83EAAD6AE} - (no file)
O2 - BHO: (no name) - {B7498E6F-CD84-45F5-AF18-019E0F79C5E9} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {C2763FC7-5D8A-44B7-8F3A-111A8BFA29D4} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {D4788400-8C1F-40A5-98BA-FC596D0AC22F} - (no file)
O2 - BHO: (no name) - {D87FE150-7B40-41A7-901D-ECAA9F36EF30} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E5F243A7-2F89-4719-878E-5D90143FADD0} - (no file)
O2 - BHO: (no name) - {F8658715-3707-464C-81AF-C52F6C2549F3} - (no file)
O2 - BHO: (no name) - {F8A19826-CFFB-4D8F-A7E4-ADC1B3136FFD} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NFSUserSIDGSSLink] C:\Program Files\Hummingbird\Connectivity\11.00\NFS Maestro\HumGSS.exe REG
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Google Update (gupdate1ca27147294fabf) (gupdate1ca27147294fabf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\Windows\system32\Hummingbird\Connectivity\11.00\NFS Maestro\expserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
End of file - 13703 bytes
Configuration: Windows Vista
Firefox 2.0.0.16

15 réponses

  1. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Salut, fais ceci :

    Ad-Remover ---->

    [x] Si tu es sous vista : Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)

    [x] Télécharge Ad-remover (de C_XX) sur ton bureau : http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

    [x] Lance l'installation avec les paramètres par défaut..

    ! Déconnecte toi et ferme toutes applications en cours !

    [x] Double-clique sur le raccourci Ad-Remover sur ton Bureau.(Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)

    [x] Séléctionne l'option F pour français

    [x] A la fenêtre qui s'affiche clique sur " oui "

    [x] Séléctionne l'option S

    [x] Laisse l'outil travailler.

    [x] Une fois le scan fini, appuie sur une touche, le rapport s'ouvre

    -----------------------

    Toolbar S&D ----->

    Télécharge Toolbar S&D Ici : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

    Suis le tutorial disponible à cette adresse : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/

    Lance l'option 1 ( Recherche )

    Puis copie/colle le rapport dans ton prochain message ( Il se trouve sous C:\TB.txt )
    0
  2. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Salut !

    Edit

    Je n'avais pas vu ton post

    Je te laisse la main ;-)
    0
  3. assan59 Messages postés 9 Statut Membre
     
    slt jorginh67
    je suis dsl pour le retard , voila le rapport

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2080 @ 1.73GHz )
    BIOS : Default System BIOS
    USER : moi ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:141 Go (Free:63 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [1] ( 30/09/2009|15:26 )

    [ UAC => 0 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler
    C:\Program Files\Crawler
    C:\Program Files\Crawler\adrkeys.dat
    C:\Program Files\Crawler\Cache
    C:\Program Files\Crawler\COMMON_FF.dat
    C:\Program Files\Crawler\confirm.dat
    C:\Program Files\Crawler\ctbcomm.dll
    C:\Program Files\Crawler\ctbr.dll
    C:\Program Files\Crawler\CTConf.dat
    C:\Program Files\Crawler\CTipsDef.dll
    C:\Program Files\Crawler\CToolbar.exe
    C:\Program Files\Crawler\CUpdate.exe
    C:\Program Files\Crawler\Download
    C:\Program Files\Crawler\firefox
    C:\Program Files\Crawler\Languages
    C:\Program Files\Crawler\lookfor.dat
    C:\Program Files\Crawler\majorse.dat
    C:\Program Files\Crawler\rootmenu.dat
    C:\Program Files\Crawler\services.dat
    C:\Program Files\Crawler\STWSGLanguageAct
    C:\Program Files\Crawler\STWSG_FF.dat
    C:\Program Files\Crawler\TBR5LanguageAct
    C:\Program Files\Crawler\Update
    C:\Program Files\Crawler\WebSecurityGuard.dll
    C:\Program Files\Crawler\WSGData
    C:\Program Files\Crawler\Cache\COMMON
    C:\Program Files\Crawler\Cache\COMMON\CLEANUP_BMP.dat
    C:\Program Files\Crawler\Cache\COMMON\CLEANUP_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\CLEANUP_MENU.dat
    C:\Program Files\Crawler\Cache\COMMON\DIRLIST_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\DIRLIST_MENU.dat
    C:\Program Files\Crawler\Cache\COMMON\ECARDS_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\ECARDS_MENU.dat
    C:\Program Files\Crawler\Cache\COMMON\EMAIL_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\GAMES_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\GAMES_MENU.dat
    C:\Program Files\Crawler\Cache\COMMON\SHOP_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\SKINS_MENU.dat
    C:\Program Files\Crawler\Cache\COMMON\SPELL_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\TRAVEL_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\WAYBACK_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\WP_CHBMP.dat
    C:\Program Files\Crawler\Cache\COMMON\YP_CHBMP.dat
    C:\Program Files\Crawler\firefox\chrome
    C:\Program Files\Crawler\firefox\chrome.manifest
    C:\Program Files\Crawler\firefox\components
    C:\Program Files\Crawler\firefox\install.ini
    C:\Program Files\Crawler\firefox\install.rdf
    C:\Program Files\Crawler\firefox\stwsg_ff.ini
    C:\Program Files\Crawler\firefox\chrome\common.jar
    C:\Program Files\Crawler\firefox\chrome\stwsg.jar
    C:\Program Files\Crawler\firefox\components\xcomm.dll
    C:\Program Files\Crawler\firefox\components\xplugin.xpt
    C:\Program Files\Crawler\firefox\components\xshared.dll
    C:\Program Files\Crawler\firefox\components\xshared.xpt
    C:\Program Files\Crawler\firefox\components\xsupport.dll
    C:\Program Files\Crawler\firefox\components\xsupport.xpt
    C:\Program Files\Crawler\firefox\components\xwsg.dll
    C:\Program Files\Crawler\Languages\STWSG_CS.cab
    C:\Program Files\Crawler\Languages\STWSG_DE.cab
    C:\Program Files\Crawler\Languages\STWSG_EN.cab
    C:\Program Files\Crawler\Languages\STWSG_ES.cab
    C:\Program Files\Crawler\Languages\STWSG_FF.cab
    C:\Program Files\Crawler\Languages\STWSG_FR.cab
    C:\Program Files\Crawler\Languages\STWSG_IT.cab
    C:\Program Files\Crawler\Languages\STWSG_NL.cab
    C:\Program Files\Crawler\Languages\STWSG_PT-BR.cab
    C:\Program Files\Crawler\Languages\STWSG_PT.cab
    C:\Program Files\Crawler\Languages\TBR5_CS.cab
    C:\Program Files\Crawler\Languages\TBR5_DE.cab
    C:\Program Files\Crawler\Languages\TBR5_EN.cab
    C:\Program Files\Crawler\Languages\TBR5_EN.cab.old
    C:\Program Files\Crawler\Languages\TBR5_ES.cab
    C:\Program Files\Crawler\Languages\TBR5_FR.cab
    C:\Program Files\Crawler\Languages\TBR5_IT.cab
    C:\Program Files\Crawler\Languages\TBR5_NL.cab
    C:\Program Files\Crawler\Languages\TBR5_PL.cab
    C:\Program Files\Crawler\Languages\TBR5_PT-BR.cab
    C:\Program Files\Crawler\Languages\TBR5_PT.cab
    C:\Program Files\Crawler\Languages\TBR5_RU.cab
    C:\Program Files\Crawler\STWSGLanguageAct\info.ini
    C:\Program Files\Crawler\STWSGLanguageAct\language.ini
    C:\Program Files\Crawler\TBR5LanguageAct\info.ini
    C:\Program Files\Crawler\TBR5LanguageAct\language.ini
    C:\Program Files\Crawler\Update\domains.cab
    C:\Program Files\Crawler\Update\domains_022_diff.cab
    C:\Program Files\Crawler\WSGData\domains
    C:\Program Files\Crawler\WSGData\g_S-1-5-21-3978879325-2782128261-3790254934-1002.dat
    C:\Program Files\Crawler\WSGData\p_S-1-5-21-3978879325-2782128261-3790254934-1002.dat
    C:\Program Files\Crawler\WSGData\wfilter.dat
    C:\Program Files\Crawler\WSGData\w_S-1-5-21-3978879325-2782128261-3790254934-1002.dat
    C:\Program Files\Crawler\WSGData\domains\domains_000.dat
    C:\Program Files\Crawler\WSGData\domains\domains_000_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_001.dat
    C:\Program Files\Crawler\WSGData\domains\domains_001_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_002.dat
    C:\Program Files\Crawler\WSGData\domains\domains_002_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_003.dat
    C:\Program Files\Crawler\WSGData\domains\domains_003_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_004.dat
    C:\Program Files\Crawler\WSGData\domains\domains_004_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_005.dat
    C:\Program Files\Crawler\WSGData\domains\domains_005_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_006.dat
    C:\Program Files\Crawler\WSGData\domains\domains_006_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_007.dat
    C:\Program Files\Crawler\WSGData\domains\domains_007_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_008.dat
    C:\Program Files\Crawler\WSGData\domains\domains_008_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_009.dat
    C:\Program Files\Crawler\WSGData\domains\domains_009_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_010.dat
    C:\Program Files\Crawler\WSGData\domains\domains_010_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_011.dat
    C:\Program Files\Crawler\WSGData\domains\domains_011_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_012.dat
    C:\Program Files\Crawler\WSGData\domains\domains_012_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_013.dat
    C:\Program Files\Crawler\WSGData\domains\domains_013_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_014.dat
    C:\Program Files\Crawler\WSGData\domains\domains_014_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_015.dat
    C:\Program Files\Crawler\WSGData\domains\domains_015_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_016.dat
    C:\Program Files\Crawler\WSGData\domains\domains_016_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_017.dat
    C:\Program Files\Crawler\WSGData\domains\domains_017_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_018.dat
    C:\Program Files\Crawler\WSGData\domains\domains_018_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_019.dat
    C:\Program Files\Crawler\WSGData\domains\domains_019_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_020.dat
    C:\Program Files\Crawler\WSGData\domains\domains_020_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_021.dat
    C:\Program Files\Crawler\WSGData\domains\domains_021_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_022.dat
    C:\Program Files\Crawler\WSGData\domains\domains_022_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_023.dat
    C:\Program Files\Crawler\WSGData\domains\domains_023_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_024.dat
    C:\Program Files\Crawler\WSGData\domains\domains_024_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_025.dat
    C:\Program Files\Crawler\WSGData\domains\domains_025_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_026.dat
    C:\Program Files\Crawler\WSGData\domains\domains_026_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_027.dat
    C:\Program Files\Crawler\WSGData\domains\domains_027_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_028.dat
    C:\Program Files\Crawler\WSGData\domains\domains_028_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_029.dat
    C:\Program Files\Crawler\WSGData\domains\domains_029_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_030.dat
    C:\Program Files\Crawler\WSGData\domains\domains_030_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_031.dat
    C:\Program Files\Crawler\WSGData\domains\domains_031_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_032.dat
    C:\Program Files\Crawler\WSGData\domains\domains_032_diff.dat
    C:\Program Files\Crawler\WSGData\domains\domains_033.dat
    C:\Program Files\Crawler\WSGData\domains\domains_033_diff.dat
    C:\Program Files\Crawler\WSGData\domains\index.dat
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
    C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/"
    "Start Page"="https://fr.yahoo.com/"
    "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://fr.yahoo.com/"
    "Default_Page_URL"="https://fr.yahoo.com/"
    "Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/"
    "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/"
    "Local Page"="C:\\Windows\\System32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROGUES ..

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure

    --------------------\\ Cracks & Keygens ..

    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\EFA.DIZ
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\EFA.NFO
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\LICENSE.DAT
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MakeFloatLic.bat
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MakeLic.bat
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MLMCrypt.exe
    C:\Users\moi\Documents\mp3 frero\compil staifi 2007_Crack.zip
    C:\Users\moi\Documents\mp3 frero\A\Alpha 5.20\3025 Avant Rakailles 4\07 - Crack Saison.mp3
    C:\Users\moi\Documents\mp3 frero\R\Rim-K\Famille Nombreuse\11 - Pilotes Crack Musik feat. Hamza.mp3

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 30/09/2009|15:27 - Option : [1]

    -----------\\ Fin du rapport a 15:27:11,33
    0
  4. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Fais aussi le scan AD-Remover stp.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. assan59 Messages postés 9 Statut Membre
     
    ok le AD-Remover à donné ça :

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_W | UNIQUEMENT XP/VISTA/7 =======
    .
    Mit à jour par C_XX le 30.09.2009 à 11:52
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 14:24:11, 30/09/2009 | Mode Normal | Option: SCAN
    Exécuté de: C:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
    Nom du PC: MONBLED | Utilisateur actuel: moi
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    HKCR\VirtualStore\MACHINE\SOFTWARE\CToolbar
    HKCU\Software\Ask.com
    HKCU\Software\CToolbar
    HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
    HKCU\Software\Popsicle
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    HKLM\Software\Classes\CTBR.R404Pro
    HKLM\Software\Classes\CToolbar.TB4Client
    HKLM\Software\Classes\CToolbar.TB4Script
    HKLM\Software\Classes\CToolbar.TB4Server
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
    HKU\S-1-5-21-3978879325-2782128261-3790254934-1002\Software\Ask.com
    HKLM\Software\Mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    .
    C:\Program Files\Ask.com
    C:\Program Files\Crawler
    C:\Program Files\Mozilla FireFox\regxpcom.exe
    C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre d'outils Crawler
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z
    C:\Users\moi\AppData\Local\Temp\AskSearch
    C:\Users\moi\AppData\Roaming\Microsoft\Windows\Cookies\moi@ask[1].txt
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com
    C:\Users\Public\Documents\Foxicle
    C:\Users\Public\Documents\Popsicle
    C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.0.14 *
    .
    Nom du profil: 25d2ojze.default (moi)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Google");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.yahoo.com/");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.14");
    .
    (prefs.js) TROUVÉ: user_pref("extensions.asktb.cbid", "AG");
    (prefs.js) TROUVÉ: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
    (prefs.js) TROUVÉ: user_pref("extensions.asktb.l", "dis");
    (prefs.js) TROUVÉ: user_pref("extensions.asktb.locale", "fr_FR");
    (prefs.js) TROUVÉ: user_pref("extensions.asktb.o", "15084");
    (prefs.js) TROUVÉ: user_pref("extensions.asktb.qsrc", "2871");
    (prefs.js) TROUVÉ: user_pref("extensions.enabledItems", "toolbar@ask.com:3.4.4.118,{4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3,{3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20090917Wb1,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1,{20a82645-c095-46ed-80e3-08825760534b}:1.1,searchrecs@veoh.com:1.5.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14");
    .
    * Internet Explorer Version 8.0.6001.18813 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://fr.search.yahoo.com
    Start Page: hxxp://fr.yahoo.com
    Search Bar: hxxp://g.msn.fr/0SEFRFR/SAOS02
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.yahoo.com
    Default_Page_URL: hxxp://fr.yahoo.com
    Default_Search_URL: hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://fr.search.yahoo.com
    Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://fr.search.yahoo.com
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: tbr:res?id=tabs&rep=1
    .
    ============== Suspect (Cracks, Serials ... ) ==============
    .
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\EFA.NFO
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MLMCrypt.exe
    C:\Users\moi\Documents\mp3 frero\compil staifi 2007_Crack.zip
    .
    ===================================
    .
    2699 Octet(s) - C:\Ad-Report-SCAN[0].log
    7289 Octet(s) - C:\Ad-Report-SCAN[1].log
    .
    1225 Fichier(s) - C:\Users\moi\AppData\Local\Temp
    376 Fichier(s) - C:\Windows\Temp
    .
    1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
    0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
    .
    Fin à: 15:19:24 | 30/09/2009
    .
    ============== E.O.F ==============
    .
    0
  7. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Bien, maintenant fais ceci :

    --- Suppression ---

    [x] Relance Toolbar S&D et choisi l'option 2 ( Suppression ).

    [x] Ne fait rien pendant la procédure.

    [x] Copie/Colle le rapport dans ton prochain message.

    -----------

    --------- SUPPRESSION ----------

    [x] Relance Ad-Remover puis séléctionne l'option " L "

    [x] Une fois le nettoyage terminé, le rapport s'affiche

    [x] Copie/Colle le dans ton prochain message
    0
  8. assan59 Messages postés 9 Statut Membre
     
    ça donne :

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2080 @ 1.73GHz )
    BIOS : Default System BIOS
    USER : moi ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:141 Go (Free:63 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( 30/09/2009|16:44 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler
    Supprime! - C:\Program Files\Crawler\adrkeys.dat
    Supprime! - C:\Program Files\Crawler\Cache
    Supprime! - C:\Program Files\Crawler\COMMON_FF.dat
    Supprime! - C:\Program Files\Crawler\confirm.dat
    Supprime! - C:\Program Files\Crawler\ctbcomm.dll
    Supprime! - C:\Program Files\Crawler\ctbr.dll
    Supprime! - C:\Program Files\Crawler\CTConf.dat
    Supprime! - C:\Program Files\Crawler\CTipsDef.dll
    Supprime! - C:\Program Files\Crawler\CToolbar.exe
    Supprime! - C:\Program Files\Crawler\CUpdate.exe
    Supprime! - C:\Program Files\Crawler\Download
    Supprime! - C:\Program Files\Crawler\firefox
    Supprime! - C:\Program Files\Crawler\Languages
    Supprime! - C:\Program Files\Crawler\lookfor.dat
    Supprime! - C:\Program Files\Crawler\majorse.dat
    Supprime! - C:\Program Files\Crawler\rootmenu.dat
    Supprime! - C:\Program Files\Crawler\services.dat
    Supprime! - C:\Program Files\Crawler\STWSGLanguageAct
    Supprime! - C:\Program Files\Crawler\STWSG_FF.dat
    Supprime! - C:\Program Files\Crawler\TBR5LanguageAct
    Supprime! - C:\Program Files\Crawler\Update
    Supprime! - C:\Program Files\Crawler\WebSecurityGuard.dll
    Supprime! - C:\Program Files\Crawler\WSGData
    Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
    Supprime! - C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
    Supprime! - C:\Program Files\Crawler

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/"
    "Start Page"="https://fr.yahoo.com/"
    "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Page_URL"="https://fr.yahoo.com/"
    "Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/"
    "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/"
    "Local Page"="C:\\Windows\\System32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROGUES ..

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure

    --------------------\\ Cracks & Keygens ..

    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\EFA.DIZ
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\EFA.NFO
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\LICENSE.DAT
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MakeFloatLic.bat
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MakeLic.bat
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MLMCrypt.exe
    C:\Users\moi\Documents\mp3 frero\compil staifi 2007_Crack.zip
    C:\Users\moi\Documents\mp3 frero\A\Alpha 5.20\3025 Avant Rakailles 4\07 - Crack Saison.mp3
    C:\Users\moi\Documents\mp3 frero\R\Rim-K\Famille Nombreuse\11 - Pilotes Crack Musik feat. Hamza.mp3

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 30/09/2009|15:27 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 30/09/2009|16:46 - Option : [2]

    -----------\\ Fin du rapport a 16:46:09,86
    0
  9. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Et le rapport d'AD-remover ?
    0
  10. assan59 Messages postés 9 Statut Membre
     
    le rapport d'AD-remover est le suivant :

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_W | UNIQUEMENT XP/VISTA/7 =======
    .
    Mit à jour par C_XX le 30.09.2009 à 11:52
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 17:33:31, 30/09/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
    Nom du PC: MONBLED | Utilisateur actuel: moi
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKCR\VirtualStore\MACHINE\SOFTWARE\CToolbar - NON SUPPRIMÉ
    HKCU\Software\Ask.com
    HKCU\Software\CToolbar
    HKCU\Software\Popsicle
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} - NON SUPPRIMÉ
    HKLM\Software\Classes\AppID\GenericAskToolbar.DLL - NON SUPPRIMÉ
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd - NON SUPPRIMÉ
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 - NON SUPPRIMÉ
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar - NON SUPPRIMÉ
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} - NON SUPPRIMÉ
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} - NON SUPPRIMÉ
    HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} - NON SUPPRIMÉ
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E - NON SUPPRIMÉ
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF - NON SUPPRIMÉ
    HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF - NON SUPPRIMÉ
    .
    C:\Program Files\Ask.com
    C:\Program Files\Ask.com\config.xml
    C:\Program Files\Ask.com\GenericAskToolbar.dll
    C:\Program Files\Ask.com\mupcfg.xml
    C:\Program Files\Ask.com\SaUpdate.exe
    C:\Program Files\Ask.com\UpdateTask.exe
    C:\Program Files\Mozilla FireFox\regxpcom.exe
    C:\Users\moi\AppData\Local\Temp\AskSearch
    C:\Users\moi\AppData\Local\Temp\AskSearch\partnercobranding.dat
    C:\Users\moi\AppData\Roaming\Microsoft\Windows\Cookies\moi@ask[1].txt
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome.manifest
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\content
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\content\about.xul
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\content\options.js
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\content\options.xul
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\content\toolbar.js
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\skin
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
    C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\25d2ojze.default\extensions\toolbar@ask.com\chrome\skin\blogs.png

    suite ......
    0
  11. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Ok, fais maintenant ceci :

    Malwarebyte's anti-malware ----->

    [x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    [x] Installe le.

    [x] Met le à jour.

    [x] Coche bien tout les éléments trouvés et supprime les !

    [x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    [x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message
    0
  12. assan59 Messages postés 9 Statut Membre
     
    slt Xplode
    l'analyse par Malwarebyte's anti-malware à donnée ça :

    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2878
    Windows 6.0.6001 Service Pack 1

    01/10/2009 09:47:23
    mbam-log-2009-10-01 (09-47-23).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 364734
    Temps écoulé: 10 hour(s), 51 minute(s), 40 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  13. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Ok,

    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\EFA.DIZ
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\EFA.NFO
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\LICENSE.DAT
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MakeFloatLic.bat
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MakeLic.bat
    C:\Users\moi\Documents\logiciels\Mathlab 7 CD1\KeyGen\MLMCrypt.exe


    Ceci est à supprimer, les cracks sont une source de virus et autre malwares.

    Peux tu refaire un log hijackthis ?
    0
  14. assan59 Messages postés 9 Statut Membre
     
    Ok, j'ai supprimé ce que tu ma dit , le rapport du scan avec hijackthis est :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:34:13, on 01/10/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: (no name) - {05595372-617F-47E4-B6B1-1B29DBC97767} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0941D65E-F46F-4A19-A488-9505DE25CEFA} - (no file)
    O2 - BHO: (no name) - {0F8E6173-E305-44F9-9F74-5CB5D7198619} - (no file)
    O2 - BHO: (no name) - {10D6AE97-8350-438A-81D8-AFBE9B28CA5C} - (no file)
    O2 - BHO: (no name) - {173738EC-24D9-40AF-B34E-C79BC309B5C4} - (no file)
    O2 - BHO: (no name) - {1E6AA990-C800-445F-B784-05F9A86426FF} - (no file)
    O2 - BHO: (no name) - {1ED80524-5130-42A0-A281-E6AC6C25674F} - (no file)
    O2 - BHO: (no name) - {25CB9566-36B0-462E-9D44-78F46FC25E62} - (no file)
    O2 - BHO: (no name) - {2A11CE52-4DDB-4818-AB6F-C9500D10AACF} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {30FA50D8-279E-4DFA-AC4E-09294C86B261} - (no file)
    O2 - BHO: (no name) - {4360085B-8E5A-4108-B485-605CB263979A} - (no file)
    O2 - BHO: (no name) - {4E702B02-983D-4300-8A67-6A4E2AE365E6} - (no file)
    O2 - BHO: (no name) - {4FFEFF43-F4CA-482F-B999-920D3A8D0916} - (no file)
    O2 - BHO: (no name) - {52C15611-9385-462F-9DCD-FE8C83226CA9} - (no file)
    O2 - BHO: (no name) - {5EA3E111-B1E1-4AD7-BF3A-106636AAD237} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {736820AC-DB02-488E-9B5C-BACCEA6AF87A} - (no file)
    O2 - BHO: (no name) - {7903044C-CE5D-4D9D-9CDA-9A13434BCB1F} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7EFCFB5F-FED2-4CCE-BEC0-9ECF6A3E4387} - (no file)
    O2 - BHO: (no name) - {7F9596B5-EB8F-4771-8C14-7B068F0B4C65} - (no file)
    O2 - BHO: (no name) - {81FE108B-4397-49D8-97A7-3AC9EF608CEB} - (no file)
    O2 - BHO: (no name) - {820B2D1C-0ACB-4C53-9CD7-FB97BFC619A1} - (no file)
    O2 - BHO: (no name) - {86425A83-EAC7-438A-A8AB-0F125736145E} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95D749D4-39E2-419C-8FC7-F17F0EB7C0BE} - (no file)
    O2 - BHO: (no name) - {964DD63B-AEAA-4FFD-ACF8-098DC30EE63F} - (no file)
    O2 - BHO: (no name) - {9B3BFF14-3392-4363-9A08-DCF719A71DF2} - (no file)
    O2 - BHO: (no name) - {A5C4AACF-A420-4D05-B1ED-A5701D5C0EB9} - (no file)
    O2 - BHO: (no name) - {A83C9FC0-AF53-4D45-A71B-440757A191A6} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: (no name) - {B211E0BD-88B6-4ADE-AFFF-116C3945DF2D} - (no file)
    O2 - BHO: (no name) - {B33AE7D1-9ABD-4991-B4C9-BBC83EAAD6AE} - (no file)
    O2 - BHO: (no name) - {B7498E6F-CD84-45F5-AF18-019E0F79C5E9} - (no file)
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: (no name) - {C2763FC7-5D8A-44B7-8F3A-111A8BFA29D4} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: (no name) - {D4788400-8C1F-40A5-98BA-FC596D0AC22F} - (no file)
    O2 - BHO: (no name) - {D87FE150-7B40-41A7-901D-ECAA9F36EF30} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E5F243A7-2F89-4719-878E-5D90143FADD0} - (no file)
    O2 - BHO: (no name) - {F8658715-3707-464C-81AF-C52F6C2549F3} - (no file)
    O2 - BHO: (no name) - {F8A19826-CFFB-4D8F-A7E4-ADC1B3136FFD} - (no file)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NFSUserSIDGSSLink] C:\Program Files\Hummingbird\Connectivity\11.00\NFS Maestro\HumGSS.exe REG
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Service Google Update (gupdate1ca27147294fabf) (gupdate1ca27147294fabf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\Windows\system32\Hummingbird\Connectivity\11.00\NFS Maestro\expserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    0
  15. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Désinstalle yahoo! toolbar et google toolbar

    -----------------------------

    [x] Lance hijackthis ( C:\Program Files\Trend Micro\Hijackthis.exe )

    [x] Clique sur " None of the above, just start the program " puis sur " Scan "

    [x] Coche les lignes en gras ci dessous :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http:­//fr.search.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http:­//fr.search.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: (no name) - {05595372-617F-47E4-B6B1-1B29DBC97767} - (no file)
    O2 - BHO: (no name) - {0941D65E-F46F-4A19-A488-9505DE25CEFA} - (no file)
    O2 - BHO: (no name) - {0F8E6173-E305-44F9-9F74-5CB5D7198619} - (no file)
    O2 - BHO: (no name) - {10D6AE97-8350-438A-81D8-AFBE9B28CA5C} - (no file)
    O2 - BHO: (no name) - {173738EC-24D9-40AF-B34E-C79BC309B5C4} - (no file)
    O2 - BHO: (no name) - {1E6AA990-C800-445F-B784-05F9A86426FF} - (no file)
    O2 - BHO: (no name) - {1ED80524-5130-42A0-A281-E6AC6C25674F} - (no file)
    O2 - BHO: (no name) - {25CB9566-36B0-462E-9D44-78F46FC25E62} - (no file)
    O2 - BHO: (no name) - {2A11CE52-4DDB-4818-AB6F-C9500D10AACF} - (no file)
    O2 - BHO: (no name) - {30FA50D8-279E-4DFA-AC4E-09294C86B261} - (no file)
    O2 - BHO: (no name) - {4360085B-8E5A-4108-B485-605CB263979A} - (no file)
    O2 - BHO: (no name) - {4E702B02-983D-4300-8A67-6A4E2AE365E6} - (no file)
    O2 - BHO: (no name) - {4FFEFF43-F4CA-482F-B999-920D3A8D0916} - (no file)
    O2 - BHO: (no name) - {52C15611-9385-462F-9DCD-FE8C83226CA9} - (no file)
    O2 - BHO: (no name) - {5EA3E111-B1E1-4AD7-BF3A-106636AAD237} - (no file)
    O2 - BHO: (no name) - {736820AC-DB02-488E-9B5C-BACCEA6AF87A} - (no file)
    O2 - BHO: (no name) - {7903044C-CE5D-4D9D-9CDA-9A13434BCB1F} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7EFCFB5F-FED2-4CCE-BEC0-9ECF6A3E4387} - (no file)
    O2 - BHO: (no name) - {7F9596B5-EB8F-4771-8C14-7B068F0B4C65} - (no file)
    O2 - BHO: (no name) - {81FE108B-4397-49D8-97A7-3AC9EF608CEB} - (no file)
    O2 - BHO: (no name) - {820B2D1C-0ACB-4C53-9CD7-FB97BFC619A1} - (no file)
    O2 - BHO: (no name) - {86425A83-EAC7-438A-A8AB-0F125736145E} - (no file)
    O2 - BHO: (no name) - {95D749D4-39E2-419C-8FC7-F17F0EB7C0BE} - (no file)
    O2 - BHO: (no name) - {964DD63B-AEAA-4FFD-ACF8-098DC30EE63F} - (no file)
    O2 - BHO: (no name) - {9B3BFF14-3392-4363-9A08-DCF719A71DF2} - (no file)
    O2 - BHO: (no name) - {A5C4AACF-A420-4D05-B1ED-A5701D5C0EB9} - (no file)
    O2 - BHO: (no name) - {A83C9FC0-AF53-4D45-A71B-440757A191A6} - (no file)
    O2 - BHO: (no name) - {B211E0BD-88B6-4ADE-AFFF-116C3945DF2D} - (no file)
    O2 - BHO: (no name) - {B33AE7D1-9ABD-4991-B4C9-BBC83EAAD6AE} - (no file)
    O2 - BHO: (no name) - {B7498E6F-CD84-45F5-AF18-019E0F79C5E9} - (no file)
    O2 - BHO: (no name) - {C2763FC7-5D8A-44B7-8F3A-111A8BFA29D4} - (no file)
    O2 - BHO: (no name) - {D4788400-8C1F-40A5-98BA-FC596D0AC22F} - (no file)
    O2 - BHO: (no name) - {D87FE150-7B40-41A7-901D-ECAA9F36EF30} - (no file)
    O2 - BHO: (no name) - {E5F243A7-2F89-4719-878E-5D90143FADD0} - (no file)
    O2 - BHO: (no name) - {F8658715-3707-464C-81AF-C52F6C2549F3} - (no file)
    O2 - BHO: (no name) - {F8A19826-CFFB-4D8F-A7E4-ADC1B3136FFD} - (no file)
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab


    [x] Clique ensuite sur " Fix checked "

    -------------

    Reposte ensuite un nouveau log hijackthis
    0
  16. assan59 Messages postés 9 Statut Membre
     
    ok ,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:06:39, on 01/10/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NFSUserSIDGSSLink] C:\Program Files\Hummingbird\Connectivity\11.00\NFS Maestro\HumGSS.exe REG
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Service Google Update (gupdate1ca27147294fabf) (gupdate1ca27147294fabf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hummingbird Export (HCLExport) - Hummingbird Ltd. - C:\Windows\system32\Hummingbird\Connectivity\11.00\NFS Maestro\expserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    0