TrojanDownload:Win32/Renos.JM

Résolu
elodu21 Messages postés 46 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
Voilà tout est dans le titre, windows defender me detecte ça depuis hier, quand je fais tout supprimer ça reviens sans cesse . Si quelqu'un connais la soluce je suis preneuse . Merci
Configuration: PC Compaq Presario V6000
Windows Vista Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Hello ;

    • Télécharge UsbFix sur ton Bureau :

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

    • Double clic sur UsbFix.exe présent sur ton bureau .

    • Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    • Ton bureau disparaîtra et le pc redémarrera.

    • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

    Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/tuto_usbfix3.html
    • Home : http://pagesperso-orange.fr/NosTools/usbfix.html
    0
  2. elodu21 Messages postés 46 Statut Membre
     
    Désolée, I E à du redémarrer, Ma question peut paraître bête mais si je n'ai pas de périphérique USB de stockage est -il necessaire de faire ça ?
    0
  3. Utilisateur anonyme
     
    oui fais le quand meme , pas de soucis .
    0
  4. elodu21 Messages postés 46 Statut Membre
     
    Re, j'ai suivi la procedure avec UsbFix, le PC s'éteind normalement mais au redémarrage le scan ne démarre pas .
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    on va faire autrement

    • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    • Sélectionne Exécuter un examen rapide.
    • Clique sur Rechercher. L'analyse démarre.
    • A la fin de l'analyse, un message s'affiche :

    "L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés."

    • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    • Ferme tes navigateurs.
    • Si des malwares ont été détectés, clique sur Afficher les résultats.
    • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
  7. elodu21 Messages postés 46 Statut Membre
     
    J'ai fait un scan avec MBAM hier, je poste le rapport :

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3645
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    27/01/2010 20:45:11
    mbam-log-2010-01-27 (20-45-11).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 321610
    Temps écoulé: 3 hour(s), 13 minute(s), 15 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 54
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 16
    Fichier(s) infecté(s): 47

    Processus mémoire infecté(s):
    C:\Users\christel\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8bdd5d9-080c-448e-b868-db856c6be8ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fstcqrvc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8bdd5d9-080c-448e-b868-db856c6be8ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bkpbvbar (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8bdd5d9-080c-448e-b868-db856c6be8ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\znsfjgc (Trojan.Agent.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsa shellu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\Hotbar (Adware.Hotbar) -> Delete on reboot.
    C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\Windows\System32\fmuaqej.dll (Trojan.Vundo.H) -> Delete on reboot.
    c:\Users\christel\AppData\Local\znsfjgc.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
    C:\Users\christel\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.
    C:\Users\christel\AppData\Local\Temp\Php.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA_kyf_update.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\log.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\ACItems (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\christel\AppData\Roaming\WeatherDPA\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Users\christel\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\christel\Local Settings\Application Data\znsfjgc_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\Users\christel\Local Settings\Application Data\znsfjgc_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    0
  8. Utilisateur anonyme
     
    Réouvre malewarebyte's , va sur quarantaine et supprime tout .

    #####

    • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
    • Double-clique sur RSIT.exe afin de lancer le programme.
    • Clique sur Continue à l'écran Disclaimer.
    • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
    • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    0
  9. elodu21 Messages postés 46 Statut Membre
     
    Voici le contenu de log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by christel at 2010-01-28 21:22:35
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
    System drive C: has 37 GB (34%) free of 109 GB
    Total RAM: 1013 MB (17% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:52, on 28/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\VMSnap5.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\tsnp325.exe
    C:\Windows\vsnp325.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\christel\Program Files\DNA\btdna.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Users\christel\paejio.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\Program Files\D-Jix\D-Jix Media\D-Jix Media.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\system32\ctfmon.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Users\christel\Desktop\RSIT.exe
    C:\Users\christel\Desktop\RSIT.exe
    C:\Program Files\trend micro\christel.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [VMSnap5] C:\Windows\VMSnap5.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
    O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\christel\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [paejio] C:\Users\christel\paejio.exe
    O4 - HKCU\..\Run: [BMIMZMHMFM] C:\Users\christel\AppData\Local\Temp\Phr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: BoontyBox NRJ.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Startup: D-Jix Media.lnk = C:\Program Files\D-Jix\D-Jix Media\D-Jix Media.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service Google Update (gupdate1c9a96b6d67e510) (gupdate1c9a96b6d67e510) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  10. Utilisateur anonyme
     
    • Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !

    • Double clique sur Ad-remover.exe qui est sur ton bureau pour lancer l'outil .

    • Au menu principal choisis l'option "S" et tape sur [entrée] .

    • le scan démarre , laisse travailler l'outil et ne touche à rien ...

    --> Poste le rapport qui apparait à la fin .

    ( Le rapport est sauvegardé aussi sous C:\Ad-report-SCAN.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus :
    (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/tuto_ad_r2.html
    0
  11. elodu21 Messages postés 46 Statut Membre
     
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 28.01.2010 à 18:26
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 21:52:55, 28/01/2010 | Mode Normal | Option: SCAN
    Exécuté de: C:\Ad-Remover\
    Système d'exploitation: Microsoft® Windows Vista™ HomeBasic Service Pack 2 v6.0.6001
    Nom du PC: PC-DE-CHRISTEL | Utilisateur actuel: christel
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .

    C:\Users\christel\AppData\Roaming\Mozilla\FireFox\Profiles\ts52l1vh.default\searchplugins\ask.xml
    C:\Windows\Installer\{59971D79-8111-42C2-9E40-883A0C277E78}
    C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
    C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    C:\Users\christel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox
    C:\Users\christel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Live-Player
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Hotbar
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer
    C:\Program Files\AskBarDis
    C:\Program Files\GamesBar
    C:\Program Files\Live-Player
    C:\Program Files\SweetIM
    C:\Users\christel\AppData\Roaming\live-player
    C:\Users\christel\AppData\LocalLow\Hotbar
    C:\Users\christel\AppData\LocalLow\SweetIM
    C:\ProgramData\GamesBar
    C:\ProgramData\SweetIM
    C:\Windows\Installer\15a51114.msi
    C:\Windows\Installer\15a5111a.msi
    C:\Users\christel\Desktop\Mes raccourcis\Live-Player.lnk
    C:\Users\christel\Desktop\Mes raccourcis\SweetImSetup.exe
    C:\Users\christel\AppData\Local\dkpwywqdp_navtmp.dat
    C:\Users\christel\AppData\Local\kiycmso.bat
    .
    HKCU\software\appdatalow\AskBarDis
    HKCU\software\appdatalow\software\Hotbar
    HKCU\software\GamesBar
    HKCU\software\Live-Player
    HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCU\software\SweetIM
    HKLM\software\AskBarDis
    HKLM\software\classes\AskIBar.PopSwatterBarButton
    HKLM\software\classes\AskIBar.PopSwatterBarButton.1
    HKLM\software\classes\AskIBar.PopSwatterSettingsControl
    HKLM\software\classes\AskIBar.PopSwatterSettingsControl.1
    HKLM\software\classes\AskToolBar.SettingsPlugin
    HKLM\software\classes\AskToolBar.SettingsPlugin.1
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    HKLM\software\classes\MediaPlayer.GraphicsUtils
    HKLM\software\classes\MediaPlayer.GraphicsUtils.1
    HKLM\software\classes\MgMediaPlayer.GifAnimator
    HKLM\software\classes\MgMediaPlayer.GifAnimator.1
    HKLM\software\classes\SWEETIE.IEToolbar
    HKLM\software\classes\SWEETIE.IEToolbar.1
    HKLM\software\classes\SWEETIE.SWEETIE
    HKLM\software\classes\SWEETIE.SWEETIE.3
    HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
    HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
    HKLM\software\classes\Toolbar3.SWEETIE
    HKLM\software\classes\Toolbar3.SWEETIE.1
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    HKLM\software\GamesBar
    HKLM\software\GamesBarSetup
    HKLM\software\Live-Player
    HKLM\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OBget.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM
    HKLM\software\microsoft\windows\currentversion\uninstall\Ask Toolbar_is1
    HKLM\software\microsoft\windows\currentversion\uninstall\GamesBar
    HKLM\Software\Mozilla\Firefox\Extensions\\Hotbar@Hotbar.com
    HKLM\software\SweetIM
    HKU\s-1-5-21-3998010976-912583937-2554579818-1000\software\appdatalow\AskBarDis
    HKU\s-1-5-21-3998010976-912583937-2554579818-1000\software\appdatalow\software\Hotbar
    HKU\s-1-5-21-3998010976-912583937-2554579818-1000\software\GamesBar
    HKU\s-1-5-21-3998010976-912583937-2554579818-1000\software\Live-Player
    HKU\s-1-5-21-3998010976-912583937-2554579818-1000\software\SweetIM
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 2.0.0.20 [fr] *
    .
    Nom du profil: ts52l1vh.default (christel)
    .
    (christel, prefs.js) Browser.download.lastDir, C:\Users\christel\Pictures
    (christel, prefs.js) Browser.search.defaultenginename, Search the web
    (christel, prefs.js) Browser.search.defaulturl, hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
    (christel, prefs.js) Browser.search.selectedEngine, Google
    (christel, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
    (christel, prefs.js) Keyword.URL, hxxp://redirecterror.sfr.fr/?q=
    .
    (christel, prefs.js) TROUVE - CommunityToolbar.SearchFromAddressBarSavedUrl, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
    (christel, prefs.js) TROUVE - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1
    (christel, prefs.js) TROUVE - Extensions.snipit.history_query, effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=hxxp://www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis
    .
    (christel, user.js) Keyword.URL, hxxp://redirecterror.sfr.fr/?q=
    .
    .
    * Internet Explorer Version 7.0.6001.18000 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\Windows\system32\blank.htm
    Show_ToolBar: yes
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Enable Browser Extensions: yes
    Start Page: hxxp://www.sfr.fr/kit/adsl/
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Start Page: hxxp://home.sweetim.com
    Default_Page_URL: hxxp://fr.yahoo.com
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    518 Octet(s) - C:\Ad-Report-SCAN[1].log
    15105 Octet(s) - C:\Ad-Report-SCAN[2].log
    .
    2180 Fichier(s) - C:\Users\christel\AppData\Local\Temp
    54 Fichier(s) - C:\Windows\Temp
    129 Fichier(s) - C:\Windows\Prefetch
    .
    4 Fichier(s) - C:\Ad-Remover\BACKUP
    0 Fichier(s) - C:\Ad-Remover\QUARANTINE
    .
    Fin à: 22:33:28 | 28/01/2010 - SCAN[2]
    .
    ============== E.O.F ==============
    .
    0
  12. Utilisateur anonyme
     
    Re Christelle , relance ad remover et choisis l option L et post le rapport stp
    0
  13. elodu21 Messages postés 46 Statut Membre
     
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 28.01.2010 à 18:26
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 23:32:18, 28/01/2010 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\
    Système d'exploitation: Microsoft® Windows Vista™ HomeBasic Service Pack 2 v6.0.6001
    Nom du PC: PC-DE-CHRISTEL | Utilisateur actuel: christel
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    C:\Users\christel\AppData\Roaming\Mozilla\FireFox\Profiles\ts52l1vh.default\searchplugins\ask.xml
    C:\Windows\Installer\{59971D79-8111-42C2-9E40-883A0C277E78}
    C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
    C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    C:\Users\christel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox
    C:\Users\christel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Live-Player
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Hotbar
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer
    C:\Program Files\AskBarDis
    C:\Program Files\GamesBar
    C:\Program Files\Live-Player
    C:\Program Files\SweetIM
    C:\Users\christel\AppData\Roaming\live-player
    C:\Users\christel\AppData\LocalLow\Hotbar
    C:\Users\christel\AppData\LocalLow\SweetIM
    C:\ProgramData\GamesBar
    C:\ProgramData\SweetIM
    C:\Windows\Installer\15a51114.msi
    C:\Windows\Installer\15a5111a.msi
    C:\Users\christel\Desktop\Mes raccourcis\Live-Player.lnk
    C:\Users\christel\Desktop\Mes raccourcis\SweetImSetup.exe
    C:\Users\christel\AppData\Local\dkpwywqdp_navtmp.dat
    C:\Users\christel\AppData\Local\kiycmso.bat

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\software\appdatalow\AskBarDis
    HKCU\software\appdatalow\software\Hotbar
    HKCU\software\GamesBar
    HKCU\software\Live-Player
    HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCU\software\SweetIM
    HKLM\software\AskBarDis
    HKLM\software\classes\AskIBar.PopSwatterBarButton
    HKLM\software\classes\AskIBar.PopSwatterBarButton.1
    HKLM\software\classes\AskIBar.PopSwatterSettingsControl
    HKLM\software\classes\AskIBar.PopSwatterSettingsControl.1
    HKLM\software\classes\AskToolBar.SettingsPlugin
    HKLM\software\classes\AskToolBar.SettingsPlugin.1
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    HKLM\software\classes\MediaPlayer.GraphicsUtils
    HKLM\software\classes\MediaPlayer.GraphicsUtils.1
    HKLM\software\classes\MgMediaPlayer.GifAnimator
    HKLM\software\classes\MgMediaPlayer.GifAnimator.1
    HKLM\software\classes\SWEETIE.IEToolbar
    HKLM\software\classes\SWEETIE.IEToolbar.1
    HKLM\software\classes\SWEETIE.SWEETIE
    HKLM\software\classes\SWEETIE.SWEETIE.3
    HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
    HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
    HKLM\software\classes\Toolbar3.SWEETIE
    HKLM\software\classes\Toolbar3.SWEETIE.1
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    HKLM\software\GamesBar
    HKLM\software\GamesBarSetup
    HKLM\software\Live-Player
    HKLM\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OBget.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM
    HKLM\software\microsoft\windows\currentversion\uninstall\Ask Toolbar_is1
    HKLM\software\microsoft\windows\currentversion\uninstall\GamesBar
    HKLM\Software\Mozilla\Firefox\Extensions\\Hotbar@Hotbar.com
    HKLM\software\SweetIM
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 2.0.0.20 [fr] *
    .
    Nom du profil: ts52l1vh.default (christel)
    .
    (christel, prefs.js) Browser.download.lastDir, C:\Users\christel\Pictures
    (christel, prefs.js) Browser.search.defaultenginename, Search the web
    (christel, prefs.js) Browser.search.defaulturl, hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
    (christel, prefs.js) Browser.search.selectedEngine, Google
    (christel, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
    (christel, prefs.js) Keyword.URL, hxxp://redirecterror.sfr.fr/?q=
    .
    (christel, prefs.js) EFFACE - CommunityToolbar.SearchFromAddressBarSavedUrl, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
    (christel, prefs.js) EFFACE - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1
    (christel, prefs.js) EFFACE - Extensions.snipit.history_query, effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=hxxp://www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis||effacer%20ask%20de%20la%20page%20d%20aceuil=ASKURL=//www.ask.com/web?q=effacer%20ask%20de%20la%20page%20d%20aceuil&qsrc=2871&o=101761&l=dis
    .
    (christel, user.js) Keyword.URL, hxxp://redirecterror.sfr.fr/?q=
    .
    .
    * Internet Explorer Version 7.0.6001.18000 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\Windows\system32\blank.htm
    Show_ToolBar: yes
    Enable Browser Extensions: yes
    Start Page: hxxp://fr.msn.com/
    Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.msn.com/
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    523 Octet(s) - C:\Ad-Report-CLEAN[1].log
    523 Octet(s) - C:\Ad-Report-CLEAN[2].log
    14716 Octet(s) - C:\Ad-Report-CLEAN[3].log
    518 Octet(s) - C:\Ad-Report-SCAN[1].log
    15449 Octet(s) - C:\Ad-Report-SCAN[2].log
    .
    1981 Fichier(s) - C:\Users\christel\AppData\Local\Temp
    49 Fichier(s) - C:\Windows\Temp
    0 Fichier(s) - C:\Windows\Prefetch
    .
    25 Fichier(s) - C:\Ad-Remover\BACKUP
    640 Fichier(s) - C:\Ad-Remover\QUARANTINE
    .
    Fin à: 0:05:50 | 29/01/2010 - CLEAN[3]
    .
    ============== E.O.F ==============
    .
    0
  14. Utilisateur anonyme
     
    Re Elodie , bien joué ;)

    Supprime usbfix.exe

    ensuite :

    Désactive l uac vista :

    http://pagesperso-orange.fr/nostools/uac_vista.html et redémarre

    ######### ensuite :

    • Télécharge UsbFix sur ton Bureau :

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

    • Double clic sur UsbFix.exe présent sur ton bureau .

    • Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    • Ton bureau disparaîtra et le pc redémarrera.

    • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

    Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/tuto_usbfix3.html
    • Home : http://pagesperso-orange.fr/NosTools/usbfix.html
    0
  15. elodu21 Messages postés 46 Statut Membre
     
    Je comprend pas pourquoi je dois désinstaller UsbFix pour le réinstaller après ???
    0
  16. Utilisateur anonyme
     
    Car une nouvelle mises a jours est dispo ..
    0
  17. elodu21 Messages postés 46 Statut Membre
     
    ############################## | UsbFix V6.081 |

    User : christel (Administrateurs) # PC-DE-CHRISTEL
    Update on 28/01/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 00:24:11 | 29/01/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Genuine Intel(R) CPU T2060 @ 1.60GHz
    Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
    Internet Explorer 7.0.6001.18000
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 106,89 Go (36,16 Go free) # NTFS
    D:\ -> Disque fixe local # 4,89 Go (4,1 Go free) [PRESARIO_RP] # NTFS
    E:\ -> Disque CD-ROM

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe 424
    C:\Windows\system32\csrss.exe 512
    C:\Windows\system32\wininit.exe 556
    C:\Windows\system32\csrss.exe 564
    C:\Windows\system32\services.exe 600
    C:\Windows\system32\lsass.exe 612
    C:\Windows\system32\lsm.exe 620
    C:\Windows\system32\winlogon.exe 648
    C:\Windows\system32\svchost.exe 808
    C:\Windows\system32\svchost.exe 892
    C:\Windows\System32\svchost.exe 932
    C:\Windows\System32\svchost.exe 1024
    C:\Windows\System32\svchost.exe 1100
    C:\Windows\system32\svchost.exe 1132
    C:\Windows\system32\SLsvc.exe 1256
    C:\Windows\system32\svchost.exe 1296
    C:\Windows\system32\svchost.exe 1444
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1604
    C:\Program Files\Alwil Software\Avast4\ashServ.exe 1628
    C:\Windows\system32\Dwm.exe 1756
    C:\Windows\Explorer.EXE 1764
    C:\Windows\system32\runonce.exe 1820
    C:\Windows\System32\spoolsv.exe 196
    C:\Windows\system32\taskeng.exe 276
    C:\Windows\system32\svchost.exe 444
    C:\Windows\system32\taskeng.exe 824
    C:\Users\christel\AppData\Local\Temp\Phr.exe 1428
    C:\Windows\system32\svchost.exe 248
    C:\Program Files\Google\Update\GoogleUpdate.exe 1816
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2084
    C:\Windows\system32\svchost.exe 2224
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2288
    C:\Windows\system32\svchost.exe 2340
    C:\Windows\System32\svchost.exe 2384
    C:\Windows\system32\SearchIndexer.exe 2456
    C:\Windows\system32\DRIVERS\xaudio.exe 2516
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2540
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2844
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2872
    C:\Windows\System32\alg.exe 2956
    C:\Windows\system32\wbem\wmiprvse.exe 3160
    C:\Windows\system32\WerCon.exe 3328

    ################## | Elements infectieux |

    Supprimé ! C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    Supprimé ! C:\Users\christel\AppData\Local\Temp\Phq.exe
    Supprimé ! C:\Users\christel\AppData\Local\Temp\Phr.exe
    Supprimé ! C:\Users\christel\AppData\Local\Temp\a.dat
    Supprimé ! C:\Users\christel\AppData\Local\Temp\sshnas21.dll
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-3998010976-912583937-2554579818-1000
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-4193549221-1683869985-1229017860-500
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-3998010976-912583937-2554579818-1000

    ################## | Registre |

    Supprimé ! [HKCU\SOFTWARE\BMIMZMHMFM]
    Supprimé ! [HKCU\SOFTWARE\XML]
    Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMIMZMHMFM"

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{05b3a120-c8fe-11de-bab0-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{0ca05c08-5d35-11dc-bad8-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{0e183233-8337-11de-afcd-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{191cce40-c0b1-11de-8d54-001636f11967}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{1de71cd7-c0c1-11de-b99f-001636f11967}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{1de71ce9-c0c1-11de-b99f-001636f11967}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{2de4f7a0-d4db-11de-986f-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{2f3e5c91-25cc-11dc-92ad-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{31ef6ae8-ec7b-11de-af70-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{31ef6b13-ec7b-11de-af70-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{3e4a5efa-c387-11de-a9bf-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{3e4a5f00-c387-11de-a9bf-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{4b9719e1-a741-11de-b7e7-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{4b9719e6-a741-11de-b7e7-001636f11967}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{5a93c4bd-92bb-11dc-a08b-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{84467817-6d39-11dd-9d0f-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{922452c9-cd4c-11de-8a22-001636f11967}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{a6fd73c2-c985-11dd-8c75-c362ff84581b}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{a799f613-f5ee-11de-ae8e-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{c29a9878-0a30-11dd-8bf7-001636f11967}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{c41d9a66-d718-11dd-bb88-c2db6323540f}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{fd6da77b-ebc5-11de-b3f2-001636f11967}\Shell\Auto\Command

    ################## | Listing des fichiers présent |

    [22/07/2009 07:05|--a------|7242] C:\0x040c.ini
    [22/07/2009 07:06|--a------|37888] C:\1036.MST
    [28/01/2010 23:24|--a------|523] C:\Ad-Report-CLEAN[1].log
    [28/01/2010 23:26|--a------|523] C:\Ad-Report-CLEAN[2].log
    [29/01/2010 00:05|--a------|15149] C:\Ad-Report-CLEAN[3].log
    [28/01/2010 21:48|--a------|518] C:\Ad-Report-SCAN[1].log
    [28/01/2010 22:33|--a------|15449] C:\Ad-Report-SCAN[2].log
    [18/09/2006 22:43|--a------|24] C:\autoexec.bat
    [02/12/2007 11:16|--a------|90] C:\bcmwl6.log
    [19/01/2008 08:45|-rahs----|333203] C:\bootmgr
    [18/09/2006 22:43|--a------|10] C:\config.sys
    [?|?|?] C:\hiberfil.sys
    [01/07/2007 17:07|-rahs----|0] C:\IO.SYS
    [01/07/2007 17:07|-rahs----|0] C:\MSDOS.SYS
    [?|?|?] C:\pagefile.sys
    [11/08/2008 14:57|--a------|159] C:\Setup.log
    [29/01/2010 00:34|--a------|6480] C:\UsbFix.txt
    [11/10/2007 13:18|--a------|16777216] D:\Top Trumps - Dogs and Dinosaurs.nds
    [11/10/2007 13:26|--a------|16777216] D:\Top Trumps - Horror and Predators.nds
    [15/09/2008 19:22|--a------|16777216] D:\Touch Detective.nds
    [18/05/2007 12:54|--a------|16777216] D:\Touch the Dead.nds
    [14/11/2007 13:39|--a------|33554432] D:\Tous Ambidextres.nds
    [27/04/2006 08:59|--a------|33554432] D:\Trauma Center - Under The Knife.nds
    [05/06/2007 11:25|--a------|16777216] D:\Trioncube.nds
    [13/11/2007 14:35|--a------|67108864] D:\Ultimate Mortal Kombat.nds
    [29/05/2007 13:17|--a------|8388608] D:\Uno - Skip-Bo - Uno Free Fall.nds
    [12/04/2007 07:34|--a------|8388608] D:\Uno 52.nds
    [02/02/2007 15:02|--a------|16777216] D:\Vegas Casino High 5.nds
    [03/03/2006 20:47|--a------|67108864] D:\Viewtiful Joe - Double Trouble.nds
    [30/05/2007 18:21|--a------|67108864] D:\Wario - Master of Disguise.nds
    [16/07/2007 13:32|--a------|33554432] D:\WarioWare - Touched!.nds
    [29/03/2007 15:37|--a------|8388608] D:\Wiffle Ball.nds
    [06/12/2006 08:36|--a------|16777216] D:\Winx Club - La Quˆte Du Codex.nds
    [09/11/2007 22:37|--a------|29925716] D:\Worms - Open Warfare 2.nds
    [22/03/2006 08:07|--a------|16777216] D:\Worms - Open Warfare.nds
    [26/05/2006 12:07|--a------|67108864] D:\X-Men - The Official Game.nds
    [16/07/2007 13:31|--a------|16777216] D:\Yoshi Touch & Go.nds
    [29/11/2006 18:14|--a------|33554432] D:\Yoshi's Island DS.nds
    [19/04/2007 07:44|--a------|16777216] D:\Zendoku.nds
    [16/07/2007 13:43|--a------|8388608] D:\Zoo Keeper.nds
    [06/11/2007 14:23|--a------|33554432] D:\Zo‚ Cr‚atrice De Mode.nds

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.
    # D:\autorun.inf -> Dossier créé par UsbFix.
    0
  18. Utilisateur anonyme
     
    Nickel Elodie ;)

    Comment va le pc ... mieux ?

    Refais un scan Rsit et post log.txt et on termine .
    0
  19. elodu21 Messages postés 46 Statut Membre
     
    Apparement ça à l'air d'aller, tout fonctionne correctement. Je fais le scan et je post le rapport tout de suite .
    0
  20. elodu21 Messages postés 46 Statut Membre
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by christel at 2010-01-29 00:46:33
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
    System drive C: has 37 GB (34%) free of 109 GB
    Total RAM: 1013 MB (22% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:46:46, on 29/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\christel\AppData\Local\Temp\Phr.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\explorer.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\Program Files\D-Jix\D-Jix Media\D-Jix Media.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\christel\Desktop\RSIT.exe
    C:\Program Files\trend micro\christel.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [VMSnap5] C:\Windows\VMSnap5.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
    O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [paejio] C:\Users\christel\paejio.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: BoontyBox NRJ.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Startup: D-Jix Media.lnk = C:\Program Files\D-Jix\D-Jix Media\D-Jix Media.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O13 - Gopher Prefix:
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service Google Update (gupdate1c9a96b6d67e510) (gupdate1c9a96b6d67e510) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  21. Utilisateur anonyme
     
    Re ,

    Une merdouille est passée au travers ...

    #####

    • Télécharge OTM (OldTimer) sur ton Bureau.
    • Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur.
    • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    ZTEusbnmea
    ZTEusbser6k

    :files
    C:\Users\christel\paejio.exe

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "paejio"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BEWINTERNET-FR-DMGP-V2SessionManager"=-

    :commands
    [purity]
    [emptytemp]
    [reboot]


    • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log


    + un nouveau rapport RSIT : log.txt stp .
    0
  • 1
  • 2