Sujet Précédent Sujet Suivant

Virus

Résolu/Fermé
mamy1439 - 7 nov. 2008 à 19:12
 siladan - 3 déc. 2008 à 11:15
Bonjour,
voila j'ai été sur un site je demandais un jeux mais ils m,on envoyer un

Erreur! Votre ordinateur a été piraté par le virus dangereux! Quelques résultats ont été changés par la publicité de pornographie, vos mots de passe et d'autres informations privées pas plus dans le coffre-fort! Vous devez pour nettoyer votre système immédiatement pour le prévenir. Téléchargez le plus nouveau logiciel antivirulent!
virus et voila ce que ca dit depuis j'ai fait un scan avec trend micro ,mais la mon ordi est tres lent


p/s je doit vous dire que j'ai 65 ans et pas tres rapide pour comprendre mais si vous etes patient et voulez m'aider
ca serais tres apprecier

merci mamy1439

25 réponses

  • 1
  • 2
Réponse 1 / 25
Utilisateur anonyme
8 nov. 2008 à 02:03
non mamie tu n as plus de "verus"


fais ceci :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):


http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/

ensuite :


* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).




et :


Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système

cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Coches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.


(2) Activer la Restauration du système


cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Décoches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.


Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

1
Réponse 2 / 25
Utilisateur anonyme
7 nov. 2008 à 19:13
Salut,

commencer par ceci:

télécharge hijackthis
-> enregistre la cible sous .... "le bureau"

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

->Tuto hijackthis
0
mamy1439
7 nov. 2008 à 19:55
bonjour
je vous ai envoyer le coller mais je ne savai pas que je devais ecrire votre nom
excuser moi merci


mamy1439
0
Réponse 3 / 25
Utilisateur anonyme
7 nov. 2008 à 19:14
Bonsoir mamie , bienvenue sur comment ça marche


Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Tuto: http://www.malekal.com/Adware.Magic_Control.php
0
mamy1439
7 nov. 2008 à 21:00
re- bonjour
voila j'ai fait tous mais voila maintenant je ne peut plus imprimer les écrits que vous me donnez et la page gel encore..merci croyer vous que j ai encore le virus


merci mamy1430
0
Réponse 4 / 25
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
7 nov. 2008 à 19:17
faire un rapport avec hijackthis, faire un double-clic sur HJTInstall.exe afin de lancer l'installation ,cliquez sur Install ensuite sur I Accept, ensuite Cliquez sur Do a scan system and save log file.Le bloc-notes s'ouvrira, faire un copier-coller de tout son contenu et postez le ici pour que l'on puisse l'analyser,voici le tuto hijackthis, puis téléchargez malwarebyte-s-anti-malware, faite un scan complet puis à la fin afficher rapport, faire un copier coller du contenu et postez le ici, voici le tuto malwarebyte-s-anti-malware.
0
siladan
3 déc. 2008 à 11:15
salu

finalement je crois ke je v reformaté mon pc pour etre du nettoyage mé sa membete car j perdrer tous les programme ke g instalé:(
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Utilisateur anonyme
7 nov. 2008 à 19:21
RE ,

Vous laisse finir .

Bonne soirée à vous.

@+
0
Réponse 6 / 25
Utilisateur anonyme
7 nov. 2008 à 19:22
re

je sors

bonne suite
0
Réponse 7 / 25
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
7 nov. 2008 à 19:29
désolé j'avais pas vu que vous aviez déjà répondu.
0
Réponse 8 / 25
Utilisateur anonyme
7 nov. 2008 à 19:30
on te laisse la suite

@++
0
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
7 nov. 2008 à 19:44
pourquoi. vous étiez là avant moi.
0
Réponse 9 / 25
mamy1439
7 nov. 2008 à 19:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:05, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\flippen25\FlippenMenusv5.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O2 - BHO: Mirar - {E7D269BF-A79A-47A5-A932-03D3FB44981E} - C:\WINDOWS\system32\wingc75.dll (file missing)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Mirar - {E7D269BE-A79A-47A5-A932-03D3FB44981E} - C:\WINDOWS\system32\wingc75.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlippenMenu.lnk = D:\flippen25\FlippenMenusv5.exe
O8 - Extra context menu item: &Search - ?p=ZRxdm103YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\impot\New Folder\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\impot\New Folder\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://8.5.0.53
O15 - Trusted IP range: http://8.5.0.58
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
0
Réponse 10 / 25
Utilisateur anonyme
7 nov. 2008 à 19:59
re mamie je prend le topic


fais ceci :

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


0
mamy1439
7 nov. 2008 à 20:26
F --------- Logfile of AD-Remover 1.0.2.9 by C_XX ---------

START at: 14:24:18 | 2008-11-07
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: cyr | PC: GISELE
BOOT MODE: Normal
DRIVE(S): A:\ (Systemdrive= C:\)

--------- [ PROCESSES ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\flippen25\FlippenMenusv5.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\WScript.exe

---------------------------- [ 24 ]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND
+---------------------------------------------------------------------------+

Found ! - "Boonty Games"

+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
"HKEY_CURRENT_USER\Software\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND
+---------------------------------------------------------------------------+

[2008-05-06 13:50|d--------] C:\Program Files\SweetIM
[2008-10-31 21:22|d--------] C:\Program Files\Boonty
[2008-10-31 21:23|d--------] C:\Program Files\BoontyGames
[2008-03-05 09:31|d--------] C:\Program Files\FunWebProducts
[2008-03-04 13:17|d--------] C:\Program Files\MyWebSearch
[2008-10-31 21:24|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
[2008-05-06 13:50|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
[2008-10-31 21:24|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY

+---------- Temp files found.. ( Elements found aren't necessarily harmful )

[2008-11-06 19:20|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\.zylomisrtemp1226017224
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\08HKZN5C.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\18MY4D97.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\1IE151ON.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\49CJ9NQA.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\4WSPAGMZ.emf
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\6H253OAF.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\8ANBCB24.htm
[2008-11-07 13:38|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\avg7inst.log
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\B7204VJZ.htm
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\B7VQ9RM9.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\BCS94VO4.emf
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\CA75O7LX.htm
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\CPJZTR1Z.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\EGRFP2SE.htm
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\EJVQOCNY.htm
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\EUB3GDEH.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\FU1JCJHH.emf
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\FW3RI09K.htm
[2008-11-05 23:20|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Google Toolbar
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\H8LTG9VN.htm
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\HEEGLFHR.htm
[2008-11-06 14:35|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\hsperfdata_cyr
[2008-11-06 00:56|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\IMT4.xml
[2008-11-06 00:56|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\IMT5.xml
[2008-11-06 00:56|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\IMT6.xml
[2008-11-06 01:08|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\iWinArcadeAutocleanup.bat
[2008-11-06 11:50|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\java_install_reg.log
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\jusched.log
[2008-11-07 08:15|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\MessengerCache
[2008-11-07 13:07|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\msohtmlclip
[2008-11-07 13:37|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\msohtmlclip1
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\NE2XCOCU.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\O6BV9U7R.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\P0FUICPH.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\P20PD158.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\P69YBSU5.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\QE5GRN4G.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\QF13DHVE.htm
[2008-11-07 13:38|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\RarSFX0
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\RH32N7PX.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\TD19PPNM.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\TS4DBUI5.emf
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\TWAIN.LOG
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Twain001.Mtx
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Twunk001.MTX
[2008-11-06 15:51|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Twunk002.MTX
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\UW0MCFL5.htm
[2008-11-06 13:17|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\V1DOFHa03228
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\V5GA49T1.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\VKX81X7Y.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\W3K8S9K8.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\WOLG9OY5.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\WSGVNY8X.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\XAAAWUSW.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\YY6HAH87.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\ZVBPA65V.htm
[2008-11-06 15:40|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\_avast4_
[2008-11-06 15:58|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF13B2.tmp
[2008-11-06 16:07|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF1990.tmp
[2008-11-06 16:25|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF2B91.tmp
[2008-11-06 16:01|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF32C6.tmp
[2008-11-06 15:50|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF6B88.tmp
[2008-11-07 13:30|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DFC6B.tmp
[2008-11-06 11:38|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DFC985.tmp
[2008-11-06 02:59|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~nsu.tmp
[2008-10-16 19:35|--a------] C:\WINDOWS\temp\avg8info.id
[2008-02-28 21:01|d--------] C:\WINDOWS\temp\Google Toolbar
[2008-11-07 01:49|--a------] C:\WINDOWS\temp\MpCmdRun.log
[2008-11-06 12:45|--a------] C:\WINDOWS\temp\MpSigStub.log
[2008-09-11 01:49|d--------] C:\WINDOWS\temp\ONEBA.tmp
[2008-11-05 23:13|--a----t-] C:\WINDOWS\temp\Perflib_Perfdata_3b0.dat
[2008-09-14 21:44|--a----t-] C:\WINDOWS\temp\Perflib_Perfdata_550.dat
[2008-11-07 13:30|--a----t-] C:\WINDOWS\temp\Perflib_Perfdata_6a0.dat
[2008-11-06 11:34|--a----t-] C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat
[2008-11-07 13:30|--a------] C:\WINDOWS\temp\WGAErrLog.txt
[2008-11-04 06:10|--a------] C:\WINDOWS\temp\WGANotify.settings
[2008-09-11 01:49|d--------] C:\WINDOWS\temp\WLTB Custom Button Feeds
[2008-11-07 13:37|d--------] C:\WINDOWS\temp\_avast4_
[2008-09-11 01:49|d--------] C:\WINDOWS\temp\_ISTMP0.DIR
[2008-02-28 21:47|d--------] C:\WINDOWS\temp\~nsu.tmp

+---------- Added scan ...

+-----[HKLM\...\Run]

avast! REG_SZ "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
MSConfig REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
AVG7_CC REG_SZ C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime

+-----[HKCU\...\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
AVG7_Run REG_SZ C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://home.sweetim.com

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://sympatico.msn.ca/defaultf.aspx

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 242 lines ]
+---------------------------------------------------------------------------+

[ END at: 14:24:56 | 2008-11-07 ] - [ Time elapsed: 37.6 seconds ]
0
Réponse 11 / 25
Utilisateur anonyme
7 nov. 2008 à 20:30
! Déconnectes toi et fermes toutes applications en cours !

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

0
Réponse 12 / 25
Utilisateur anonyme
7 nov. 2008 à 21:02
re mamie


tu as le rapport ption B de ad remover ??
0
mamy1439
7 nov. 2008 à 21:13
F --------- Logfile of AD-Remover 1.0.2.9 by C_XX ---------

START at: 14:41:29 | 2008-11-07
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: cyr | PC: GISELE
BOOT MODE: Normal
DRIVE(S): A:\ (Systemdrive= C:\)


--------- [ PROCESSES ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\flippen25\FlippenMenusv5.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\WScript.exe

---------------------------- [ 20 ]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES DELETED
+---------------------------------------------------------------------------+

Deleted successfully ! - "Boonty Games"

+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS DELETED
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_CURRENT_USER\Software\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS DELETED
+---------------------------------------------------------------------------+

[2008-05-06 13:50|d--------] C:\Program Files\SweetIM
[2008-10-31 21:22|d--------] C:\Program Files\Boonty
[2008-10-31 21:23|d--------] C:\Program Files\BoontyGames
[2008-03-05 09:31|d--------] C:\Program Files\FunWebProducts
[2008-03-04 13:17|d--------] C:\Program Files\MyWebSearch
[2008-10-31 21:24|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
[2008-05-06 13:50|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
[2008-10-31 21:24|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY

+---------- Temp files deleted.. ( Elements deleted was not necessarily harmful )

(!) ---- Recycle bin emptyed in all drives.

[2008-11-06 19:20|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\.zylomisrtemp1226017224
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\08HKZN5C.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\18MY4D97.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\1IE151ON.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\49CJ9NQA.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\4WSPAGMZ.emf
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\6H253OAF.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\8ANBCB24.htm
[2008-11-07 13:38|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\avg7inst.log
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\B7204VJZ.htm
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\B7VQ9RM9.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\BCS94VO4.emf
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\CA75O7LX.htm
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\CPJZTR1Z.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\EGRFP2SE.htm
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\EJVQOCNY.htm
[2008-11-07 13:32|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\EUB3GDEH.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\FU1JCJHH.emf
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\FW3RI09K.htm
[2008-11-05 23:20|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Google Toolbar
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\H8LTG9VN.htm
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\HEEGLFHR.htm
[2008-11-06 14:35|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\hsperfdata_cyr
[2008-11-06 00:56|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\IMT4.xml
[2008-11-06 00:56|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\IMT5.xml
[2008-11-06 00:56|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\IMT6.xml
[2008-11-06 01:08|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\iWinArcadeAutocleanup.bat
[2008-11-06 11:50|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\java_install_reg.log
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\jusched.log
[2008-11-07 08:15|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\MessengerCache
[2008-11-07 13:07|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\msohtmlclip
[2008-11-07 13:37|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\msohtmlclip1
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\NE2XCOCU.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\O6BV9U7R.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\P0FUICPH.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\P20PD158.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\P69YBSU5.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\QE5GRN4G.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\QF13DHVE.htm
[2008-11-07 13:38|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\RarSFX0
[2008-11-07 13:22|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\RH32N7PX.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\TD19PPNM.htm
[2008-11-07 13:18|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\TS4DBUI5.emf
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\TWAIN.LOG
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Twain001.Mtx
[2008-11-06 15:55|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Twunk001.MTX
[2008-11-06 15:51|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\Twunk002.MTX
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\UW0MCFL5.htm
[2008-11-06 13:17|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\V1DOFHa03228
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\V5GA49T1.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\VKX81X7Y.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\W3K8S9K8.htm
[2008-11-07 14:06|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\WOLG9OY5.htm
[2008-11-07 13:23|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\WSGVNY8X.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\XAAAWUSW.htm
[2008-11-07 13:42|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\YY6HAH87.htm
[2008-11-07 13:24|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\ZVBPA65V.htm
[2008-11-06 15:40|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\_avast4_
[2008-11-06 15:58|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF13B2.tmp
[2008-11-06 16:07|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF1990.tmp
[2008-11-06 16:25|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF2B91.tmp
[2008-11-06 16:01|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF32C6.tmp
[2008-11-06 15:50|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DF6B88.tmp
/!\ - [2008-11-07 14:33|---------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DFBA11.tmp
[2008-11-07 13:30|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DFC6B.tmp
[2008-11-06 11:38|--a------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~DFC985.tmp
[2008-11-06 02:59|d--------] C:\DOCUME~1\cyr\LOCALS~1\Temp\~nsu.tmp
[2008-10-16 19:35|--a------] C:\WINDOWS\temp\avg8info.id
[2008-02-28 21:01|d--------] C:\WINDOWS\temp\Google Toolbar
[2008-11-07 01:49|--a------] C:\WINDOWS\temp\MpCmdRun.log
[2008-11-06 12:45|--a------] C:\WINDOWS\temp\MpSigStub.log
[2008-09-11 01:49|d--------] C:\WINDOWS\temp\ONEBA.tmp
[2008-11-05 23:13|--a----t-] C:\WINDOWS\temp\Perflib_Perfdata_3b0.dat
[2008-09-14 21:44|--a----t-] C:\WINDOWS\temp\Perflib_Perfdata_550.dat
/!\ - [2008-11-07 14:32|-------t-] C:\WINDOWS\temp\Perflib_Perfdata_608.dat
[2008-11-06 11:34|--a----t-] C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat
[2008-11-07 14:32|--a------] C:\WINDOWS\temp\WGAErrLog.txt
[2008-11-04 06:10|--a------] C:\WINDOWS\temp\WGANotify.settings
[2008-09-11 01:49|d--------] C:\WINDOWS\temp\WLTB Custom Button Feeds
[2008-11-07 14:34|d--------] C:\WINDOWS\temp\_avast4_
[2008-09-11 01:49|d--------] C:\WINDOWS\temp\_ISTMP0.DIR
[2008-02-28 21:47|d--------] C:\WINDOWS\temp\~nsu.tmp

+---------- Added scan ...

+-----[HKLM\...\Run]

avast! REG_SZ "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
MSConfig REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
AVG7_CC REG_SZ C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

+-----[HKCU\...\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome


+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 238 lines ]
+---------------------------------------------------------------------------+

[ END at: 14:46:06 | 2008-11-07 ] - [ Time elapsed: 4 minutes, 37 seconds ]
0
Réponse 13 / 25
Utilisateur anonyme
7 nov. 2008 à 21:17
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
mamy1439
7 nov. 2008 à 21:25
-----------\\ ToolBar S&D 1.1.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : BIOS Date: 01/26/05 17:26:53 Ver: 08.00.09
USER : cyr ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081107-0] 4.8.1229 (Not Activated)

"C:\ToolBar SD" ( MAJ : 13-09-2008|02:54 )
Option : [1] ( 2008-11-07|15:24 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\FBrowserAdvisor
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Program Files\FBrowsingAdvisor\Logo.png
C:\Program Files\FBrowsingAdvisor\main.db
C:\Program Files\FBrowsingAdvisor\unins000.dat
C:\Program Files\FBrowsingAdvisor\unins000.exe
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\MySearch
C:\Program Files\MySearch\bar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\cyr\MENUDM~1\PROGRA~1\WinDefender 2009.lnk
C:\PROGRA~1\WinDefender

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\cyr\Mes documents\Universal crack
C:\DOCUME~1\cyr\Mes documents\Universal crack\FFF-ReflexV2.exe



1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-13|23:30 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-11-07|15:25 - Option : [1]

-----------\\ Fin du rapport a 15:25:02,68
0
mamy1439
7 nov. 2008 à 21:36
voila es ce que sait ce que vous voulez


merci mamy1439
0
Réponse 14 / 25
Utilisateur anonyme
7 nov. 2008 à 21:38
parfait maie tu t en sors bien si je peux dire tu


Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
0
mamy1439
7 nov. 2008 à 21:53
re bonjour en passant merci pour ta patience un gros merci et oui on peut se dire tu
merci encore car la je fait des choses qui sont du chinoi pour moi
merci

-----------\\ ToolBar S&D 1.1.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : BIOS Date: 01/26/05 17:26:53 Ver: 08.00.09
USER : cyr ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081107-0] 4.8.1229 (Activated)

"C:\ToolBar SD" ( MAJ : 13-09-2008|02:54 )
Option : [2] ( 2008-11-07|15:48 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
Supprime! - C:\Program Files\FBrowsingAdvisor\Logo.png
Supprime! - C:\Program Files\FBrowsingAdvisor\main.db
Supprime! - C:\Program Files\FBrowsingAdvisor\unins000.dat
Supprime! - C:\Program Files\FBrowsingAdvisor\unins000.exe
Supprime! - C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
Supprime! - C:\Program Files\GamesBar\Localization-French.ini
Supprime! - C:\Program Files\GamesBar\oberontb.dll
Supprime! - C:\Program Files\MySearch\bar
Supprime! - C:\Program Files\FBrowserAdvisor
Supprime! - C:\Program Files\FBrowsingAdvisor
Supprime! - C:\Program Files\GamesBar
Supprime! - C:\Program Files\MySearch

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\cyr\MENUDM~1\PROGRA~1\WinDefender 2009.lnk
C:\PROGRA~1\WinDefender

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\cyr\Mes documents\Universal crack
C:\DOCUME~1\cyr\Mes documents\Universal crack\FFF-ReflexV2.exe



1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-13|23:30 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-11-07|15:25 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 2008-11-07|15:49 - Option : [2]

-----------\\ Fin du rapport a 15:49:28,42
0
Réponse 15 / 25
Utilisateur anonyme
7 nov. 2008 à 21:56
t inkiete pas mamie on avance tres bien dans le nettoyage de ton pc


il te reste un rogue >> un faux logiciel de securité


Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
mamy1439
7 nov. 2008 à 23:24
re bonjour désolé que se soit été si long je ne savait pas qu'il y avais tant de programe sur cette ordi

merci
mamy1439

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1373
Windows 5.1.2600 Service Pack 3

2008-11-07 17:19:10
mbam-log-2008-11-07 (17-19-10).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 137077
Temps écoulé: 1 hour(s), 3 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\anoniso (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\jurtob.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37029de8-6378-45e3-ae58-d2c4a416aeb0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d4480bb2-36cd-497b-83ff-15350ea6c122} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dee7b1f7-a014-477c-b0c5-23a51aa81db5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dee7b1f7-a014-477c-b0c5-23a51aa81db5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\windefender 2009 (Rogue.WinDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinDefender2009 (Rogue.WinDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7d269bf-a79a-47a5-a932-03d3fb44981e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7d269bf-a79a-47a5-a932-03d3fb44981e} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\WinDefender (Rogue.WinDefender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{836F75E7-DF42-48D7-ABE0-CDF5CDE2422E}\RP349\A0036371.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{836F75E7-DF42-48D7-ABE0-CDF5CDE2422E}\RP350\A0036395.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{836F75E7-DF42-48D7-ABE0-CDF5CDE2422E}\RP353\A0036725.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s1 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s2 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s3 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s4 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s5 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s6 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\cyr\Favoris\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\cyr\Menu Démarrer\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1373
Windows 5.1.2600 Service Pack 3

2008-11-07 17:19:10
mbam-log-2008-11-07 (17-19-10).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 137077
Temps écoulé: 1 hour(s), 3 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\anoniso (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\jurtob.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37029de8-6378-45e3-ae58-d2c4a416aeb0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d4480bb2-36cd-497b-83ff-15350ea6c122} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dee7b1f7-a014-477c-b0c5-23a51aa81db5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dee7b1f7-a014-477c-b0c5-23a51aa81db5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\windefender 2009 (Rogue.WinDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinDefender2009 (Rogue.WinDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7d269bf-a79a-47a5-a932-03d3fb44981e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7d269bf-a79a-47a5-a932-03d3fb44981e} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\WinDefender (Rogue.WinDefender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{836F75E7-DF42-48D7-ABE0-CDF5CDE2422E}\RP349\A0036371.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{836F75E7-DF42-48D7-ABE0-CDF5CDE2422E}\RP350\A0036395.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{836F75E7-DF42-48D7-ABE0-CDF5CDE2422E}\RP353\A0036725.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s1 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s2 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s3 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s4 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s5 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\Program Files\WinDefender\WinDefender.s6 (Rogue.WinDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\cyr\Favoris\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\cyr\Menu Démarrer\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.
0
Réponse 16 / 25
Utilisateur anonyme
7 nov. 2008 à 23:27
re mamie


réouvre malewarebyte
va sur quarantaine
supprime tout


ensuite refais un scan hijackthis et post le rapport stp et dis moi comment va le pc aussi
0
mamy1439
7 nov. 2008 à 23:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:33, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O3 - Toolbar: Mirar - {E7D269BE-A79A-47A5-A932-03D3FB44981E} - C:\WINDOWS\system32\wingc75.dll (file missing)
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\impot\New Folder\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\impot\New Folder\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://8.5.0.53
O15 - Trusted IP range: http://8.5.0.58
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
0
Réponse 17 / 25
Utilisateur anonyme
7 nov. 2008 à 23:56
réouve hijackthis
fais scan only
coches ces lignes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\impot\New Folder\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\impot\New Folder\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)


tu les coches et tu clic sur fix checked


ensuite :

Télécharge ce fichier sur le bureau :

http://downloads.malwareremoval.com/Nel/FixP.zip


Extrait et double clique sur Fix_Protocol_zones_ranges.reg.

Acceptes lorsqu'il te demande de fusionner avec le registre.


ensuite désinstal AVG

ensuite désinstal java car pas a jours et telecharege et instal cette vesrion :


https://www.java.com/fr/download/manual.jsp


ensuite :


regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php


alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->Antivir le telecharger


tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

Pour désinstaller Avast telecharge cet outil



ensuite refais un scan hijackthis et post le rapport stp

0
mamy1439
8 nov. 2008 à 00:19
re- je voudrais savoir ce que veut dire ses mots en anglais et quoi je doit faire merci


Hijack this is about to remove a BHO and the corresponding file from your system.close all internet explorer windows and all windows explorer windows before continuring for the best chance of succes
0
Réponse 18 / 25
Utilisateur anonyme
8 nov. 2008 à 00:21
re mamie

ça veux diire ferme internet explorer avant de faire "fix checked"
0
mamy1439
8 nov. 2008 à 01:06
re bonjour
voici j'ai fait tous et voila ce que ca me dit es ce que ses correct , mais voila je ne peut toujours pas imprime les choses que vous me donner a faire , je ne sait pas ce qui arrive
mais je vous remerci beaucoup pour votre patience.

07.11.2008 18:58:58 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
07.11.2008 18:58:58 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
07.11.2008 18:58:58 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\
07.11.2008 18:58:58 - Using System's global Proxy settings
07.11.2008 18:58:58 - Launching GUI... display mode: 0
07.11.2008 18:58:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
07.11.2008 18:58:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
07.11.2008 18:58:58 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
07.11.2008 18:58:58 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
07.11.2008 18:58:58 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\
07.11.2008 18:58:58 - Using System's global Proxy settings
07.11.2008 18:58:58 - Launching GUI... display mode: 0
07.11.2008 18:58:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
07.11.2008 18:58:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
07.11.2008 18:58:58 - Avira AntiVir Personal - Free Antivirus
07.11.2008 18:59:05 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\idx/master.idx to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
07.11.2008 18:59:05 - Master IDX file has changed
07.11.2008 18:59:06 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/classic-nt-en.info.gz
07.11.2008 18:59:07 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\classic-nt-en.info to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\classic-nt-en.info
07.11.2008 18:59:07 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/vdf.info.gz
07.11.2008 18:59:08 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/specvir-nt.info.gz
07.11.2008 18:59:08 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/ave2.info.gz
07.11.2008 18:59:09 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/info-wks-classic-nt-en.info.gz
07.11.2008 18:59:10 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
07.11.2008 18:59:10 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 83
07.11.2008 18:59:10 - Module: COMMAPPDATA_AV Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\ Files: 1
07.11.2008 18:59:10 - Module: COMMAPP Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\JOBS\ Files: 4
07.11.2008 18:59:10 - Module: COMMAPDATA_AV_PROFILES Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\ Files: 2
07.11.2008 18:59:10 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
07.11.2008 18:59:10 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
07.11.2008 18:59:10 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf 6.40.0.0 < 7.1.0.0
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.5.1 < 7.1.0.21
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.5.20 < 7.1.0.44
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.5.23 < 7.1.0.55
07.11.2008 18:59:11 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll 7.0.0.1 < 8.0.0.2
07.11.2008 18:59:11 - Module: AVE2 Source: ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 14
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll 8.1.2.6 < 8.1.4.1
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll 8.1.0.41 < 8.1.1.0
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll 8.1.1.2 < 8.1.1.3
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll 8.1.0.59 < 8.1.0.71
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll 8.1.0.28 < 8.1.0.30
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll 8.1.2.4 < 8.1.3.3
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll 8.1.1.2 < 8.1.1.3
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll 8.1.1.3 < 8.1.1.5
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll 8.1.1.8 < 8.1.1.13
07.11.2008 18:59:11 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat 8.2.0.4 < 8.2.0.29
07.11.2008 18:59:11 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
07.11.2008 18:59:11 - Module: PRODINFO Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
07.11.2008 18:59:11 - Minifilter is installed
07.11.2008 18:59:11 - Minifilter is possible
07.11.2008 18:59:11 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
07.11.2008 18:59:11 - Initialize avnotify.exe
07.11.2008 18:59:11 - Starting avnotify.exe successful
07.11.2008 18:59:11 - Preparing to download files
07.11.2008 18:59:11 - 17 files need to be downloaded / copied from http://dl7.avgate.net/upd/
07.11.2008 18:59:11 - #1: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/filelist.ini.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\winwks\en\classic-nt/filelist.ini
07.11.2008 18:59:16 - #2: Downloading and extracting http://dl7.avgate.net/upd/winwks/en/classic-nt/product.ini.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\winwks\en\classic-nt/product.ini
07.11.2008 18:59:17 - #3: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir0.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir0.vdf
07.11.2008 18:59:56 - #4: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir1.vdf
07.11.2008 18:59:57 - #5: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir2.vdf
07.11.2008 18:59:58 - #6: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir3.vdf
07.11.2008 18:59:59 - #7: Downloading and extracting http://dl7.avgate.net/upd/engine/nt/avrep.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\engine\nt\avrep.dll
07.11.2008 18:59:59 - #8: Downloading and extracting http://dl7.avgate.net/upd/ave2/aecore.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aecore.dll
07.11.2008 19:00:00 - #9: Downloading and extracting http://dl7.avgate.net/upd/ave2/aegen.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aegen.dll
07.11.2008 19:00:01 - #10: Downloading and extracting http://dl7.avgate.net/upd/ave2/aehelp.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aehelp.dll
07.11.2008 19:00:01 - #11: Downloading and extracting http://dl7.avgate.net/upd/ave2/aeheur.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aeheur.dll
07.11.2008 19:00:04 - #12: Downloading and extracting http://dl7.avgate.net/upd/ave2/aeoffice.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aeoffice.dll
07.11.2008 19:00:04 - #13: Downloading and extracting http://dl7.avgate.net/upd/ave2/aepack.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aepack.dll
07.11.2008 19:00:05 - #14: Downloading and extracting http://dl7.avgate.net/upd/ave2/aerdl.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aerdl.dll
07.11.2008 19:00:06 - #15: Downloading and extracting http://dl7.avgate.net/upd/ave2/aescn.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aescn.dll
07.11.2008 19:00:07 - #16: Downloading and extracting http://dl7.avgate.net/upd/ave2/aescript.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aescript.dll
07.11.2008 19:00:07 - #17: Downloading and extracting http://dl7.avgate.net/upd/ave2/aeset.dat.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aeset.dat
07.11.2008 19:00:17 - Keyfile: OK [FULL Mode]
07.11.2008 19:00:17 - Status of service AntiVirService is running
07.11.2008 19:00:17 - Initialize avscan.exe
07.11.2008 19:00:17 - Initialize avcenter.exe
07.11.2008 19:00:17 - Initialize avgnt.exe
07.11.2008 19:00:17 - avscan.exe closed.
07.11.2008 19:00:18 - avgnt.exe closed.
07.11.2008 19:00:18 - Starting to install
07.11.2008 19:00:18 - File C:\Program Files\Avira\AntiVir PersonalEdition Classic\filelist.ini will not be backed up because it doesn't exist
07.11.2008 19:00:18 - File C:\Program Files\Avira\AntiVir PersonalEdition Classic\product.ini will not be backed up because it doesn't exist
07.11.2008 19:00:18 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
07.11.2008 19:00:18 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\winwks\en\classic-nt/filelist.ini to C:\Program Files\Avira\AntiVir PersonalEdition Classic\filelist.ini
07.11.2008 19:00:18 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\winwks\en\classic-nt/product.ini to C:\Program Files\Avira\AntiVir PersonalEdition Classic\product.ini
07.11.2008 19:00:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir0.vdf
07.11.2008 19:00:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir1.vdf
07.11.2008 19:00:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir2.vdf
07.11.2008 19:00:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir3.vdf
07.11.2008 19:00:18 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
07.11.2008 19:00:20 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir0.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf
07.11.2008 19:00:20 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir1.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf
07.11.2008 19:00:20 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir2.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf
07.11.2008 19:00:20 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\vdf\antivir3.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\avrep.dll
07.11.2008 19:00:20 - Processing module AVREP_NT Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
07.11.2008 19:00:20 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\engine\nt\avrep.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aecore.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aegen.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aehelp.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeheur.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeoffice.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aepack.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aerdl.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aescn.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aescript.dll
07.11.2008 19:00:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeset.dat
07.11.2008 19:00:20 - Processing module AVE2 Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
07.11.2008 19:00:21 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aecore.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll
07.11.2008 19:00:22 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aegen.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll
07.11.2008 19:00:23 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aehelp.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll
07.11.2008 19:00:24 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aeheur.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll
07.11.2008 19:00:25 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aeoffice.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll
07.11.2008 19:00:27 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aepack.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll
07.11.2008 19:00:28 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aerdl.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll
07.11.2008 19:00:29 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aescn.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll
07.11.2008 19:00:30 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aescript.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll
07.11.2008 19:00:30 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4914d642\ave2\aeset.dat to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat
07.11.2008 19:00:30 - A total of 17 files were updated
07.11.2008 19:00:30 - Initialize AVWSC.EXE
07.11.2008 19:00:30 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
07.11.2008 19:00:30 - Status of service AntiVirService is running
07.11.2008 19:00:32 - Reinitialization of AntiVirService carried out successfully.
07.11.2008 19:00:33 - Starting avgnt.exe successful
07.11.2008 19:00:33 - Dialup: 0
07.11.2008 19:00:33 - Downloaded bytes: 17694062
07.11.2008 19:00:33 - Downloaded file(s): 17
07.11.2008 19:00:33 - Downloaded file(s): filelist.ini; product.ini; antivir0.vdf; antivir1.vdf; antivir2.vdf; antivir3.vdf; avrep.dll; aecore.dll; aegen.dll; aehelp.dll
07.11.2008 19:00:33 - Downloaded file(s): aeheur.dll; aeoffice.dll; aepack.dll; aerdl.dll; aescn.dll; aescript.dll; aeset.dat
07.11.2008 19:00:33 - Required time: 01:34
07.11.2008 19:00:33 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
07.11.2008 19:00:34 - Update finished successfully
0
mamy1439
8 nov. 2008 à 01:10
voici le dernier de hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:24, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
0
Réponse 19 / 25
Utilisateur anonyme
8 nov. 2008 à 01:12
re mamie

quand tu as finit post moi un nouveau rapport hijackthi stp

mais voila je ne peut toujours pas imprime


--->>ton imprimante marche plus ??
0
mamy1439
8 nov. 2008 à 01:33
re - mon imprimante fonctionne mais si je veut imprimer ce que tu ma ecrit en soulignant elle n'imprime pas , je voudrais te dire que ca fonctionne tres bien maintenant ,il y a juste quand je clic sur le x pour fermer la fenetre elle gel quelque instant, croie tu que ses arranger pour mon ordi et si oui
je te re merci tres sincerement et de ta patience



une mamy qui est fiere de t'avoir fait confiance
0
Réponse 20 / 25
Utilisateur anonyme
8 nov. 2008 à 01:14
re mamaie

on s est croisé


avast est mal désinstallé ...
0
mamy1439
8 nov. 2008 à 01:22
re et merci


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:59, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses